What file permissions should I set on web root?

I use Ubuntu Server 10.10 and have installed Nginx web server with apt-get install nginx. It creates a default web page at /var/www/nginx-default/ and that directory has the permissions drwxr-xr-x 2 root root.

When I access the default site on http://localhost/ I get this message on the page 403 Forbidden.

How should I set the file permissions on the www root so I can secure access the web pages? Or is there something else that I have to change?


I would suggest changing the group of your webroot to www-data, the user used by nginx and also php5-fpm.

For example:

sudo chown -R "$USER":www-data /webdirectory
sudo chmod -R 0755 /webdirectory

where my-user is your own account (which enables you to put the files easy in your webroot without sudo).


I usually stick to a 755 (or rwxr-xr-x) on my web root, but I do not think this is the issue you're running into since your directory is already set to that. nginx should have access to your directory. The question then becomes the permissions (or existence of) the file you're trying to access. The files within your directory will need to be readable by the user nginx is running as. I usually leave these files set to a 755 (the same as the directory). You can change the entire directory by doing sudo chmod -R 755 /var/www/nginx-default/.

If there is not an index file in the directory, however, you will still get the same error. The index file is used when you request a directory that doesn't have directory listings enabled. The most common index file is index.html. This default can be edited in your config, however, using something like:

location / {
    index index.php;
}

If you want nginx to generate a list of files in that directory for you, simply turn on directory indexing, like so:

location  /  {
  autoindex  on;
}