403 Forbidden label change in Nginx on Cent OS

2023年1月21日

When I create a new file on Nginx on Cent OS, I get “403 Forbidden" and cannot access the file.
Solution. I didn’t know that I needed to change the label and got stuck.

Environment

• Cent OS 7
• Nginx 1.16.1

403 Forbidden

Create a test.html file.

# echo "Hello World" > test.html

403 Forbidden.
Depending on your environment, you may not be able to access the file even if you create a new file.

Confirmation of setting status

Check access rights.
The following commands can be used to check.

# ls -ltr --context test.html

The options are detailed below.
You will also need to check the label.

• -l : Show details in long format.
• -t : Display files in reverse chronological order.
• -r : Reverse the sort order.
• –context : Show SELinux security context for each file.

Here is an example of the result.
Check other files in the same folder to see the differences.

-rwxr-xr-x. nginx nginx unconfined_u:object_r:user_tmp_t:s0 test.html

Change of access rights

If “-rwxr-xr-x" is not what you expect, check the other files and change the permissions.
You can use the chmod command to change it.

# chmod 755 test.html

Change of Ownership

If “nginx nginx" is not what you expect, check the other files and change the ownership.
You can use the chown command to change it.

# chown nginx.nginx test.html

Label Change

If “unconfined_u:object_r:user_tmp_t:s0" is not what you expect, check the other files and change the label.
You can use the chcon command to change it.

# chcon unconfined_u:object_r:user_tmp_t:s0 test.html

Conclusion

I think it is easy to miss the point that you need to change the label.
If you are having trouble with 403 Forbidden, I suggest you give it a try.
If you are interested, please read how to create a GUI environment using the Oracle Cloud’s perpetual free framework.