How to Fix Nginx Alert: “could not open error log file” Permission Denied When Running as Non-Root User


2 views

When running Nginx as a non-root user with a custom configuration, you might encounter this persistent warning despite having properly configured error_log in your nginx.conf:

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)

This happens because Nginx still attempts to access the default error log location during startup, before processing your custom configuration.

Nginx actually has a compile-time default error log path that's hardcoded during installation. This default path (/var/log/nginx/error.log) gets checked before your custom configuration takes effect.

There are two effective ways to solve this:

The most straightforward method is to explicitly set the error log path when starting Nginx:

nginx -c /home/worker/nginx/nginx.conf -e /home/worker/nginx/log/nginx/error.log

The -e flag specifies the error log file location and takes effect immediately during startup.

For a more permanent solution (requires admin access):

# Reconfigure Nginx with custom error log path
./configure --error-log-path=/home/worker/nginx/log/nginx/error.log
make
sudo make install

After applying either solution, check the running Nginx process to confirm the error log location:

ps aux | grep nginx | grep error

You should see your custom error log path in the command output.

Even after fixing the path, you might encounter permission problems. Ensure:

mkdir -p ~/nginx/log/nginx
chmod -R 755 ~/nginx

For more complex setups, consider these advanced configurations:

# Alternative configuration using environment variables
env ERROR_LOG_PATH=/home/worker/nginx/log/nginx/error.log nginx -c /path/to/config

Proper error log configuration is crucial for:

  • Security auditing
  • Debugging production issues
  • Monitoring system health

Remember that while the warning message appears harmless, unresolved permission issues might indicate deeper system configuration problems.

When running Nginx as a non-root user with a custom configuration file, you might encounter this persistent warning:

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)

This occurs even when you've explicitly set an error_log path in your nginx.conf. The warning appears because Nginx still attempts to write to the default system log location during startup before processing your custom configuration.

The issue stems from how Nginx initializes its logging system:

  • Nginx first tries to open logs at compile-time default locations
  • Only then does it process your configuration file
  • The default log directory (/var/log/nginx) typically requires root privileges

Option 1: Compile with Custom Default Paths

The most permanent solution is to recompile Nginx with your preferred default paths:

./configure \
--error-log-path=/home/worker/nginx/log/nginx/error.log \
--http-log-path=/home/worker/nginx/log/nginx/access.log \
[other configure options]

Option 2: Redirect Early Log Messages

For a non-compile solution, redirect stderr during startup:

nginx -c /home/worker/nginx/nginx.conf 2>/dev/null

Or to a custom file:

nginx -c /home/worker/nginx/nginx.conf 2>/home/worker/nginx/log/startup_errors.log

Option 3: Create Symlinks (If You Have sudo Access)

If you can temporarily elevate privileges:

sudo mkdir -p /var/log/nginx
sudo chown worker:worker /var/log/nginx
ln -s /home/worker/nginx/log/nginx/error.log /var/log/nginx/error.log

After implementing any solution, verify that:

ps aux | grep nginx

Should show your worker processes writing to the correct log files.

Consider adding these to your nginx.conf for better non-root operation:

master_process off;
daemon off;

This makes Nginx run in foreground mode when testing configurations.