Why won't lighttpd restart despite having correct permissions?

Jason asked:

systemctl status lighttpd
● lighttpd.service - Lightning Fast Webserver With Light System Requirements
   Loaded: loaded (/usr/lib/systemd/system/lighttpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2020-09-24 15:56:39 EDT; 2s ago
  Process: 6152 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf (code=exited, status=255)
 Main PID: 6152 (code=exited, status=255)

Sep 24 15:56:39 js.dc.localsystemd[1]: Started Lightning Fast Webserver With Light System Requirements.
Sep 24 15:56:39 js.dc.locallighttpd[6152]: 2020-09-24 15:56:39: (server.c.752) opening errorlog '/var/log/lighttpd/error.log' failed: Permission denied
Sep 24 15:56:39 js.dc.locallighttpd[6152]: 2020-09-24 15:56:39: (server.c.1485) Opening errorlog failed. Going down.
Sep 24 15:56:39 js.dc.localsystemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
Sep 24 15:56:39 js.dc.localsystemd[1]: lighttpd.service: Failed with result 'exit-code'.

dir permissions are as follows:

]# ls -la /var/log/lighttpd/
total 4
drw-rw-rw-  2 lighttpd lighttpd   41 Sep 24 15:54 .
drwxr-xr-x. 8 root     root     4096 Sep 24 14:49 ..
-rw-rw-rw-  1 lighttpd lighttpd    0 Sep 24 15:00 access.log
-rw-rw-rw-  1 lighttpd lighttpd    0 Sep 24 15:54 error.log

I’ve remove and recreated the file. There is no selinux enabled. Not sure what else to try.

My answer:


Your permissions are wrong, both on the files access.log and error.log and on the containing directory /var/log/lighttpd.

It looks like you simply ran chmod 666 on these. Of course you should never do this for any reason at all; it is highly destructive and also opens up a security hole. Rather, you should assign only the necessary permissions.

The directory is not accessible because the x bit is not set for anyone.

The files are world writable.

Fix the permissions on the directory so that it can be traversed, and remove the inappropriate world-writable bits on the log files. For example:

chmod ug+rwx,o= /var/log/lighttpd
chmod ug+rw,o= /var/log/lighttpd/*.log

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.