centos8 nginx uwsgi socket permission denied
Before getting to the answer, you should make every effort to break the bad security habits of using chmod 777 or disabling SELinux. Rather, you should learn fully the UNIX permission model so that you will always know the right permissions, and you should configure your services to work with SELinux to benefit from the additional layers of security that it provides.
So the reason your socket buried deep within a user's home directory doesn't work is that a parent directory's permissions prohibit the necessary access (in this case, search x
). Use namei -l /home/***/.deploy/my.sock
to see the permissions of all parent directories at once, and correct the ones which do not allow search permission (most likely it is /home/***
).
chmod +x /as/needed
Also remember to fix the permissions and ownership on the socket itself as needed.
For completeness, the reason your socket in /tmp
was not found is that nginx running as a system service cannot access the system /tmp
directory. Systemd starts it with PrivateTmp=true
which causes a unique private directory to be created and nginx's /tmp
namespaced to that directory. This is what all those /tmp/xxx-systemd-private-foo
directories are for.