nginx - 来自 PNG 上传的 nginx ISE 因为权限

问题描述

我正在500 ISE过度上传，特别PNG是 s to nginx/1.15.0， with Passengerand Sinatra。后两者没有报告任何错误。它特定于PNG文件，我在试验中没有错误JPG。每个后缀我尝试了多个示例文件，相同的行为。

nginx站点错误日志表明我在上传文件的 nginx 接收目录上存在权限问题。完整日志：

2018/06/26 14:05:05 [debug] 17367#0: accept on 0.0.0.0:8080, ready: 1
2018/06/26 14:05:05 [debug] 17366#0: accept on 0.0.0.0:8080, ready: 1
2018/06/26 14:05:05 [debug] 17367#0: posix_memalign: 00007FACB0C072C0:512 @16
2018/06/26 14:05:05 [debug] 17365#0: accept on 0.0.0.0:8080, ready: 1
2018/06/26 14:05:05 [debug] 17364#0: accept on 0.0.0.0:8080, ready: 1
2018/06/26 14:05:05 [debug] 17367#0: *1067 accept: 127.0.0.1:52442 fd:4
2018/06/26 14:05:05 [debug] 17364#0: accept() not ready (35: Resource temporarily unavailable)
2018/06/26 14:05:05 [debug] 17365#0: accept() not ready (35: Resource temporarily unavailable)
2018/06/26 14:05:05 [debug] 17366#0: accept() not ready (35: Resource temporarily unavailable)
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer add: 4: 60000:1530036365292
2018/06/26 14:05:05 [debug] 17367#0: *1067 reusable connection: 1
2018/06/26 14:05:05 [debug] 17367#0: *1067 kevent set event: 4: ft:-1 fl:0025
2018/06/26 14:05:05 [debug] 17367#0: *1067 http wait request handler
2018/06/26 14:05:05 [debug] 17367#0: *1067 malloc: 00007FACB2000800:1024
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:16996, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 1024 of 1024
2018/06/26 14:05:05 [debug] 17367#0: *1067 reusable connection: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 posix_memalign: 00007FACB2000C00:4096 @16
2018/06/26 14:05:05 [debug] 17367#0: *1067 http process request line
2018/06/26 14:05:05 [debug] 17367#0: *1067 http request line: "POST /upload HTTP/1.1"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http uri: "/upload"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http args: ""
2018/06/26 14:05:05 [debug] 17367#0: *1067 http exten: ""
2018/06/26 14:05:05 [debug] 17367#0: *1067 posix_memalign: 00007FACB2001C00:4096 @16
2018/06/26 14:05:05 [debug] 17367#0: *1067 http process request header line
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Host: pass1.local:8080"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Connection: keep-alive"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Content-Length: 53973"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Cache-Control: max-age=0"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Origin: http://pass1.local:8080"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Upgrade-Insecure-Requests: 1"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "DNT: 1"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynSKg9hQ6NRqeuE6f"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Referer: http://pass1.local:8080/upload"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Accept-Encoding: gzip, deflate"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header: "Accept-Language: en-US,en;q=0.9"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http header done
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer del: 4: 1530036365292
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 rewrite phase: 1
2018/06/26 14:05:05 [debug] 17367#0: *1067 test location: "/"
2018/06/26 14:05:05 [debug] 17367#0: *1067 test location: "favicon.ico"
2018/06/26 14:05:05 [debug] 17367#0: *1067 using configuration "/"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http cl:53973 max:1048576
2018/06/26 14:05:05 [debug] 17367#0: *1067 rewrite phase: 3
2018/06/26 14:05:05 [debug] 17367#0: *1067 post rewrite phase: 4
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 5
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 6
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 7
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 8
2018/06/26 14:05:05 [debug] 17367#0: *1067 access phase: 9
2018/06/26 14:05:05 [debug] 17367#0: *1067 access phase: 10
2018/06/26 14:05:05 [debug] 17367#0: *1067 access phase: 11
2018/06/26 14:05:05 [debug] 17367#0: *1067 post access phase: 12
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 13
2018/06/26 14:05:05 [debug] 17367#0: *1067 generic phase: 14
2018/06/26 14:05:05 [debug] 17367#0: *1067 http client request body preread 412
2018/06/26 14:05:05 [debug] 17367#0: *1067 http request body content length filter
2018/06/26 14:05:05 [debug] 17367#0: *1067 http body new buf t:1 f:0 00007FACB2000A64, pos 00007FACB2000A64, size: 412 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 malloc: 00007FACB2002C00:8192
2018/06/26 14:05:05 [debug] 17367#0: *1067 http read client request body
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:15972, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 8192 of 8192
2018/06/26 14:05:05 [debug] 17367#0: *1067 http client request body recv 8192
2018/06/26 14:05:05 [debug] 17367#0: *1067 http body new buf t:1 f:0 00007FACB2002C00, pos 00007FACB2002C00, size: 8192 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 http write client request body, bufs 00007FACB2001BF0
2018/06/26 14:05:05 [debug] 17367#0: *1067 add cleanup: 00007FACB2002790
2018/06/26 14:05:05 [debug] 17367#0: *1067 hashed path: /usr/local/var/run/nginx/client_body_temp/0000000016
2018/06/26 14:05:05 [debug] 17367#0: *1067 temp fd:-1
2018/06/26 14:05:05 [crit] 17367#0: *1067 open() "/usr/local/var/run/nginx/client_body_temp/0000000016" failed (13: Permission denied), client: 127.0.0.1, server: pass1.local, request: "POST /upload HTTP/1.1", host: "pass1.local:8080", referrer: "http://pass1.local:8080/upload"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http finalize request: 500, "/upload?" a:1, c:1
2018/06/26 14:05:05 [debug] 17367#0: *1067 http special response: 500, "/upload?"
2018/06/26 14:05:05 [debug] 17367#0: *1067 HTTP/1.1 500 Internal Server Error
Server: nginx/1.15.0
Date: Tue, 26 Jun 2018 18:05:05 GMT
Content-Type: text/html
Content-Length: 595
Connection: close

2018/06/26 14:05:05 [debug] 17367#0: *1067 write new buf t:1 f:0 00007FACB2002810, pos 00007FACB2002810, size: 162 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 http write filter: l:0 f:0 s:162
2018/06/26 14:05:05 [debug] 17367#0: *1067 http output filter "/upload?"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http copy filter: "/upload?"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http postpone filter "/upload?" 00007FACB2002A30
2018/06/26 14:05:05 [debug] 17367#0: *1067 write old buf t:1 f:0 00007FACB2002810, pos 00007FACB2002810, size: 162 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 write new buf t:0 f:0 0000000000000000, pos 000000010A332120, size: 140 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 write new buf t:0 f:0 0000000000000000, pos 000000010A330F20, size: 53 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 write new buf t:0 f:0 0000000000000000, pos 000000010A330FD0, size: 402 file: 0, size: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 http write filter: l:1 f:0 s:757
2018/06/26 14:05:05 [debug] 17367#0: *1067 http write filter limit 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 writev: 757 of 757
2018/06/26 14:05:05 [debug] 17367#0: *1067 http write filter 0000000000000000
2018/06/26 14:05:05 [debug] 17367#0: *1067 http copy filter: 0 "/upload?"
2018/06/26 14:05:05 [debug] 17367#0: *1067 http finalize request: 0, "/upload?" a:1, c:1
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer add: 4: 5000:1530036310293
2018/06/26 14:05:05 [debug] 17367#0: *1067 http lingering close handler
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:7780, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:3684, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer: 4, old: 1530036310293, new: 1530036310293
2018/06/26 14:05:05 [debug] 17367#0: *1067 http lingering close handler
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:37177, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:33081, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:28985, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:24889, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:20793, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:16697, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:12601, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:8505, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:4409, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 4096 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:0, avail:313, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: fd:4 313 of 4096
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 313
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer: 4, old: 1530036310293, new: 1530036310294
2018/06/26 14:05:05 [debug] 17367#0: *1067 http lingering close handler
2018/06/26 14:05:05 [debug] 17367#0: *1067 recv: eof:1, avail:0, err:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 lingering read: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 http request count:1 blk:0
2018/06/26 14:05:05 [debug] 17367#0: *1067 http close request
2018/06/26 14:05:05 [debug] 17367#0: *1067 http log handler
2018/06/26 14:05:05 [debug] 17367#0: *1067 free: 00007FACB2002C00
2018/06/26 14:05:05 [debug] 17367#0: *1067 free: 00007FACB2000C00, unused: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 free: 00007FACB2001C00, unused: 103
2018/06/26 14:05:05 [debug] 17367#0: *1067 close http connection: 4
2018/06/26 14:05:05 [debug] 17367#0: *1067 event timer del: 4: 1530036310293
2018/06/26 14:05:05 [debug] 17367#0: *1067 reusable connection: 0
2018/06/26 14:05:05 [debug] 17367#0: *1067 free: 00007FACB2000800
2018/06/26 14:05:05 [debug] 17367#0: *1067 free: 00007FACB0C072C0, unused: 136

所以我假设权限问题是问题所在。让我们一起去吧。

一些即时问题：

为什么我不会遇到jpg上传权限问题，而文件出错png？后者约为 172 KB，而jpg文件约为 4 到 8 KB。我不认为这是一个问题。
这又带回了一个关于设置nginx.conf. 该user指令，我被告知以 root 身份运行，并且我被告知盲目运行（无用户）。这是接收文件夹权限，/usr/local/var/run/nginx/client_body_temp：

drwx------ 2 nobody admin 68B Dec 8 2016 client_body_temp

nginx.conf关于上传文件夹的权限问题、运行用户nginx和站点user:group所有权，设置开发框的正确方法是什么？它正在处理多个任务，我一直遇到权限问题。

我在这里查看了其他线程，例如https://serverfault.com/questions/748561/nginx-doesnt-have-permission-to-access-files-with-the-same-ownership#但这只是为权限带来了亮点问题，我认为这更像是一个nginx.conf设置而不是文件系统所有权。站点所有权是rich:admin，而文件上传临时目录是nobody:admin. 目前 mynginx未设置为以任何特定用户身份运行，并且默认为以身份运行root，工作人员以 .身份运行nobody。

标签： nginxfile-uploadpermissions

nginx - 来自 PNG 上传的 nginx ISE 因为权限

问题描述

解决方案

推荐阅读