WordPress file upload succeeds under nginx but attempting to load the file returns 403

Machavity asked:

I’ve been trying to debug this for the last few hours and, having solved so many issues already, I seem to have hit a brick wall

I have a WordPress install using nginx under CentOS7 (AWS Lightsail if that matters). For this I have ensured

  • wp-content/uploads directory is 766
  • the directory owned by apache:apache and both nginx and php-fpm run under that user
  • seLinux is httpd_sys_rw_content_t for the directory

That got me as far as uploading files successfully. It creates the file and the above permissions propagate properly (ln -Z and running stat as the apache user). Files are 666, but 766 doesn’t seem to change anything. The older files I manually put up serve properly. The only difference I can find is the manually uploaded files are set in seLinux as

Context: unconfined_u:object_r:httpd_sys_rw_content_t:s0

While the new 403 file is

Context: system_u:object_r:httpd_sys_rw_content_t:s0

I tried setenforce 0 but no change. Restarted nginx as well and still no change. Logged error is

2019/05/19 22:35:06 [error] 21393#0: *4010 open() "/usr/share/nginx/example/wp-content/uploads/2019/05/file.jpg" failed (13: Permission denied), client:, server: example.com, request: "GET /wp-content/uploads/2019/05/file.jpg HTTP/1.1", host: "www.example.com"

Yet /usr/share/nginx/example/wp-content/uploads/2019/04/another_file.jpg works fine, so it doesn’t seem related to the nginx config either.

Is there something else I’m missing?

My answer:

Fix the permissions. 766 is not a valid mode for a directory, at least not if you want to access the files within it.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.