documentation icon indicating copy to clipboard operation
documentation copied to clipboard
verified publisher icon mastodon

Fix Nginx related permission

Open Sjors opened this issue 3 years ago • 3 comments

Without this permission, when installing a fresh instance on Ubuntu 22.10, I'm unable to load any assets and the nginx error log goes like this:

2022/11/11 20:40:20 [crit] 1552814#1552814: *1 stat() "/home/mastodon2/live/public/" failed (13: Permission denied), client: 2a02:a44b:5cf9:1:6d61:dcd8:5606:9390, server: mastodon.sprovoost.nl, request: "GET / HTTP/2.0", host: "mastodon.sprovoost.nl"

That said, a more narrow permission would be nicer.

Sjors avatar Nov 11 '22 21:11 Sjors

See also #1128 and the linked PRs.

aaaaalbert avatar May 05 '23 19:05 aaaaalbert

Closes #1128 #1132 #1055

vmstan avatar Dec 11 '23 23:12 vmstan

That said, a more narrow permission would be nicer.

I second the OP's suggestion.

#1055 has a proposal in that direction: instead of allowing all other users on the machine to access the mastodon home dir, only add the www-data user to the mastodon group, and allow group-read/execute mode on mastodon's home dir. (I'm not sure the read bit is even necessary.)

Anyway, restricting other's access would be prudent, especially on shared servers.

aaaaalbert avatar Dec 12 '23 21:12 aaaaalbert