新安装的centos7,通过yum安装Nginx,更改/etc/nginx/conf.d
下的配置文件中默认root路径/usr/share/nginx/html
,发现不管修改为什么路径即使赋予777权限,均提示403:
尝试修改Nginx配置文件中的user为root:
[root@localhost ~]# cat /etc/nginx/nginx.conf
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
重载Nginx配置,重启Nginx发现问题依旧,查看Nginx状态并检查配置文件:
[root@localhost ~]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2020-04-14 15:28:05 CST; 34min ago
Docs: http://nginx.org/en/docs/
Process: 2708 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2712 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 2713 (nginx)
Tasks: 2
CGroup: /system.slice/nginx.service
├─2713 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
└─2714 nginx: worker process
4月 14 15:28:05 ceshi1 systemd[1]: Starting nginx - high performance web server...
4月 14 15:28:05 ceshi1 systemd[1]: Started nginx - high performance web server.
[root@localhost ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost ~]# ps -ef|grep nginx
root 2713 1 0 15:28 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
root 2714 2713 0 15:28 ? 00:00:00 nginx: worker process
root 3235 2450 0 16:12 pts/0 00:00:00 grep --color=auto nginx
均显示正常,查看Nginx错误信息cat /var/log/nginx/error.log发现有一条13: Permission denied
,这就很奇怪了,权限明明是最高的并且Nginx已经是root权限运行了。后面突然想到有个selinux这个玩意,setenforce 0
将selinux临时关闭,发现更高Nginx配置文件的root目录生效了Nginx也没有error日志了。下面永久关闭selinux。
[root@localhost ~]# sestatus #查看selinux状态
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
将SELINUX=更改为disable,重启后再查看selinux的状态发现已经变成disabled了。