Permission denied with nginx and nfs

Ruggs asked:

I have two RHEL 7 machines.

I have installed nginx and php-fpm and setup a nfs mount. I can read/write to the nfs mount without issues and I have another application server (Apache Geronimo) that is able to read write to it.

When I installed nginx it setup a nginx user which I created on the NFS file server with the same uid and gid.

I am able to list out files on the nfs client mount using the nginx user. However when I tried to serve up static html or dynamic php files using nginx from the nfs I get a permission error:

*5 stat() "/usr/depot/repository/test.php" failed (13: Permission denied)
*5 open() "/usr/depot/repository/test.html" failed (13: Permission denied)

In addition I created folder under /usr/depot/testing with the same permissions (just wasn’t nfs) and that worked just fine.

Here is the mounting info on the client.

xxx.xxx.xxx.xxx:/mnt/repository on /usr/depot/repository type nfs4 (rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=xxx.xxx.xxx.xxx,local_lock=none,addr=xxx.xxx.xxx.xxx)

I can’t see anything wrong with this setup so I’m at a loss as to why nginx can’t read the files from the nfs share.

Update

Ok I just disabled SELinux reboot and that fixed it. Now the question is how do I configure SELinux so that nginx can access the remote server.

My answer:


In RHEL 7, the same SELinux policies that apply to Apache also apply to nginx. So you can use the same booleans:

httpd_use_nfs                  (off  ,  off)  Allow httpd to use nfs

Set the correct boolean to allow the web server to use NFS.

setsebool -P httpd_use_nfs 1

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.