When attempting to restart Nginx, you might encounter permission-related errors preventing the service from functioning properly. The key symptoms include:
Restarting nginx: [alert]: could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied) 2011/02/16 17:20:58 [warn] 23925#0: the "user" directive makes sense only if the master process runs with super-user privileges 2011/02/16 17:20:58 [emerg] 23925#0: open() "/var/run/nginx.pid" failed (13: Permission denied)
The root cause lies in incorrect file ownership and permissions. Nginx requires proper access to:
/var/log/nginx/directory and its contents/var/run/nginx.pidfile- Configuration files in
/etc/nginx/
First, check current permissions:
ls -la /var/log/nginx/ ls -la /var/run/nginx.pid ls -la /etc/nginx/nginx.conf
Here's how to resolve the permission issues:
# 1. Create necessary directories if they don't exist sudo mkdir -p /var/log/nginx /var/run/nginx # 2. Set correct ownership (assuming nginx runs as www-data) sudo chown -R www-data:www-data /var/log/nginx sudo chown -R www-data:www-data /var/run/nginx # 3. Set proper permissions sudo chmod -R 755 /var/log/nginx sudo chmod -R 755 /var/run/nginx # 4. For the PID file specifically sudo touch /var/run/nginx.pid sudo chown www-data:www-data /var/run/nginx.pid
Ensure your /etc/nginx/nginx.conf has the correct user directive:
user www-data; worker_processes auto; pid /var/run/nginx.pid;
For systems with SELinux enabled, you may need additional steps:
# Check SELinux context ls -Z /var/log/nginx/ # Fix context if needed sudo chcon -R -t httpd_log_t /var/log/nginx/ sudo restorecon -Rv /var/log/nginx/
After making these changes:
sudo nginx -t # Test configuration sudo systemctl restart nginx # Restart service sudo systemctl status nginx # Check status
For production environments, consider creating a systemd service override to handle permissions at startup:
# Create override directory sudo mkdir -p /etc/systemd/system/nginx.service.d/ # Create override file cat <After fixing the Nginx service, verify CSS and other static files are loading properly:
curl -I http://yoursite.com/style.cssEnsure static files have correct permissions (typically 644) and are owned by the appropriate user.
When attempting to restart Nginx, you're likely encountering multiple permission-related errors that cascade into service failure. The key symptoms include:
1. Error log access denied: "/var/log/nginx/error.log" failed (13: Permission denied) 2. PID file creation failure: "/var/run/nginx.pid" failed (13: Permission denied) 3. User directive warning when running without root privilegesThe root cause typically stems from incorrect ownership or permissions on critical Nginx directories. Let's examine the essential paths:
ls -ld /var/log/nginx/ ls -ld /var/run/ ls -ld /etc/nginx/Common problematic scenarios include:
- Nginx running as non-root user without proper directory access
- Mixed ownership between root and www-data (or custom user)
- SELinux/AppArmor restrictions (particularly on CentOS/RHEL)
1. Correct Directory Permissions
Execute these commands to fix common permission issues:
sudo chown -R root:nginx /var/log/nginx/ sudo chmod -R 770 /var/log/nginx/ sudo chown -R root:nginx /var/run/ sudo touch /var/run/nginx.pid sudo chown nginx:nginx /var/run/nginx.pid2. Configuration File Adjustments
Edit your nginx.conf to ensure proper user directives:
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid;3. SELinux Context Fix (For RHEL-based Systems)
sudo chcon -Rt httpd_log_t /var/log/nginx/ sudo semanage fcontext -a -t httpd_log_t "/var/log/nginx(/.*)?" sudo restorecon -Rv /var/log/nginxIf issues persist, use these diagnostic commands:
# Check running processes ps aux | grep nginx # Verify effective permissions sudo -u nginx ls -l /var/log/nginx/error.log # Check audit logs (for SELinux) ausearch -m avc -ts recentImplement these practices to avoid future issues:
# Create systemd service override sudo systemctl edit nginx [Service] ExecStartPre=/bin/mkdir -p /var/run/nginx ExecStartPre=/bin/chown -R nginx:nginx /var/run/nginx ExecStartPre=/bin/chmod -R 755 /var/run/nginx