0
我剛剛安裝上的CentOS新鮮7.
我的配置nginx的日誌文件中有這樣的臺詞:Nginx的不能創建
access_log <path to log dir>/access.log;
error_log <path to log dir>/error.log error;
各地<path to log dir>
的具有0777的權限。
的Nginx無法啓動:
[[email protected] dir]# systemctl start nginx.service
Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
[[email protected] dir]# systemctl status nginx.service
nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: failed (Result: exit-code) since Пт 2015-08-28 14:35:09 MSK; 39s ago
Docs: http://nginx.org/en/docs/
Process: 13026 ExecStop=/bin/kill -s QUIT $MAINPID (code=exited, status=0/SUCCESS)
Process: 12883 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 12936 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Process: 13493 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
Main PID: 12938 (code=exited, status=0/SUCCESS)
авг 28 14:35:09 hostname systemd[1]: Starting nginx - high performance web server...
авг 28 14:35:09 hostname nginx[13493]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
авг 28 14:35:09 hostname nginx[13493]: nginx: [emerg] open() "<path to log dir>/access.log" failed (13: Permission denied)
авг 28 14:35:09 hostname nginx[13493]: nginx: configuration file /etc/nginx/nginx.conf test failed
авг 28 14:35:09 hostname systemd[1]: nginx.service: control process exited, code=exited status=1
авг 28 14:35:09 hostname systemd[1]: Failed to start nginx - high performance web server.
авг 28 14:35:09 hostname systemd[1]: Unit nginx.service entered failed state.
我能夠啓動的唯一方法是,當我已經改變了<path to log dir>
爲「/ tmp目錄」。當然,這不是我想要的。另外,即使nginx已經啓動,日誌也不會出現在/ tmp中。
我在做什麼錯?
謝謝。
UPD:
似乎selinux阻止nginx。感謝@ dusan.bajic
# grep -rin "nginx" audit.log
647:type=AVC msg=audit(1440761709.750:5189): avc: denied { write } for pid=13493 comm="nginx" name="logs" dev="sda1" ino=67607894 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
648:type=SYSCALL msg=audit(1440761709.750:5189): arch=c000003e syscall=2 success=no exit=-13 a0=268bd96 a1=441 a2=1a4 a3=7fffd441ee50 items=0 ppid=1 pid=13493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)
649:type=SERVICE_START msg=audit(1440761709.752:5190): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="nginx" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
1087:type=AVC msg=audit(1440762687.672:5628): avc: denied { write } for pid=13680 comm="nginx" name="logs" dev="sda1" ino=67607894 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
1088:type=SYSCALL msg=audit(1440762687.672:5628): arch=c000003e syscall=2 success=no exit=-13 a0=1503d96 a1=441 a2=1a4 a3=7ffdeb8313c0 items=0 ppid=1 pid=13680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)
1089:type=SERVICE_START msg=audit(1440762687.675:5629): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="nginx" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
SOLUTION:
http://axilleas.me/en/blog/2013/selinux-policy-for-nginx-and-gitlab-unix-socket-in-fedora-19/
setenforce 0
yum install -y policycoreutils-{python,devel}
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
setenforce 1
SEQUEL:
Nginx creates log files on behalf of root
也許'selinux'處於執行模式,audit.log中的任何內容? –
@ dusan.bajic,看起來你是對的。我已經更新了這個問題。 – seelts
@ dusan.bajic,請發表您的評論作爲答案,以便我可以接受它 – seelts