Why is it necessary to chmod o+r parent directory to fix 403 access forbidden error with Nginx and Passenger?

Solution 1:

www-data may have shell like /bin/false, so if you want to check exactly where is problem, do following: switch to root(su or sudo -i), then run

# su -s /bin/bash www-data
$ cat /path/to/problem/file

And you will see, is this problem about permissions or somewhere else.

UPD:
Hmm... I din't look at post writing time. Is there "necropost" achievement on serverfault.com? :)

Solution 2:

*nix and group permissions can be a bit funny. If a user is a member of multiple groups they may have access to some files while not actually being able to access them! As far as I understand it on the typical *nix system you essentially appear to belong to a single group at a time. Being a member means that you can switch to another group, or programs that check things more thoroughly (like su running on a redhat variant) will be able too see that you are a member of the correct group.

There is an sg command that allows you to switch group like su switches user.

To solve your actual problem I think you could probably change the group in the passwd file so that the group you want is the default. That's assuming it doesn't cause you to not be able to access some other files you need.

I believe there are other ACL solutons for *nix that can be installed which work in a more intuitive way but I don't really know anything about them.