What are the correct permisssions for private and web folder

As far as I know, Till is telling us it can't be a "pure" permission problem, because if Nginx can't access the /web folder, it will not show you anything but an error message as server response.

So, we know it's not what is hapening here, our servers are showing webs normally, but with the new error messages we are talking about.

The fastest way to fix it is changing permissions to 750, but there must be any "hidden" problem with new versions of Nginx, that is preventing 710 to work as expected.

If I my memory it's not failing, I remember having same error log problem with one web folder that is plain html, and without try_uri needed to work, given Permission Denied on every GET, but working ok.

Can you try with a plain html web, without try_uri in nginx directive?

Anyway, it's a mess having to renounce to web isolation, but how can we change permanently permission to 750?

Thank you again.

 

I tried it already and the problem is in try_files (pure html is working)... also it's problem only on homepage, on subpages it's already ok.

 

Ok, I'm sorry for the mistake.
Did you try changing try_uri format?
Right now I don't have access to my server, will try and report.

 

What do you mean by "try_uri"? I don't know if there are other possibilities than those already mentioned.

also look if you have nginx:nginx user:group in your /etc/passwd (etc/group)

 

My mistake, I mean try_files.
Will look later to nginx:nginx

EDIT
I have searched for nginx:nginx both /etc/passwd and /etc/group and I don't have any of them listed.

Talking about try_files, there are diferent options to try:
try_files $uri $uri/ /index.php?q=$request_uri; --> general use, the one I have in my server, giving the "Permission Denied"
try_files $uri /index.php?q=$request_uri; --> tried with the same results
try_files $uri $uri/ index.php?q=$request_uri; --> tried without success, 404 errors

There are many others that will or not work...

 

Thanks Till.

Just applied it, Rsync ISPConfig and the erros are gone!!!

Thank you very much!!!

 

Sorry to resurrect this dinosaur of a thread, but is this issue back on the latest version of ISPConfig?

Code:

2026/01/28 21:57:42 [crit] 3755660#3755660: *82969 openat() "/var/www/domain.co.uk/web/" failed (13: Permission denied), client: 86.128.73.156, server: domain.co.uk, request: "GET /?page_id=5 HTTP/2.0", host: "www.domain.co.uk"

 

I take it 0750 or 751 is required to get rid of the error in the logs, but this will give the group read permissions. 711 is currently set. We don't use NFS.