Issue: nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied) [closed]

Asked 22/12, 2021 at 9:28 Answered 26/12, 2021 at 15:37

nginx kubernetes openshift kubernetes-ingress nginx-config

I am trying to run Nginx on Openshift but facing this directory permissions issues. Due to this error container is not creating. The following permissions are set to files created manually.

drwxr-xr-x.  3 root root   79 Dec 22 02:50 /etc/nginx
drwxr-xr-x.  2 root root   26 Dec 22 02:50 /etc/nginx/conf.d
-rw-r--r--.  1 root root 5231 Dec 22 02:48 /etc/nginx/mime.types
drwxrwxr-x.  3 root root   25 Dec 22 01:23 /var/cache/nginx
drwxrwxr-x.  2 root root    6 Dec 22 01:10 /var/log/nginx
drwxrwxr-x. 47 root root 1340 Dec 21 06:51 /var/run

Disruption answered 22/12, 2021 at 9:28 Comment(4)

Could you explain what steps did you take when deploying this app? What container image are you using? Also any manifest files would be helpful. – Penza 22/12, 2021 at 13:10

i am using nginx image "nginxinc/nginx-unprivileged". the files are service, deployment/daemonset and config map. – Disruption 23/12, 2021 at 5:18

Could you provide service, deployment and configmap manifests? – Tammara 23/12, 2021 at 8:54

Same issue with answers is here #54360723 – Presswork 15/1, 2023 at 23:55

Which specific container image are you trying to run? If you use this one -- https://catalog.redhat.com/software/containers/ubi8/nginx-120/6156abfac739c0a4123a86fd -- it will play nicer with OpenShift out of the box.

This sort of problem is almost always due to OpenShift running containers as non-root by default. If you change file permissions to permit write access to GROUP=0 you'll resolve nearly all of them.

Arena answered 22/12, 2021 at 10:27 Comment(0)

like @dbaker mentioned, RedHat being a security company makes their decisions in openshift regarding security more serious or aggressive as one might say, like for example running containers by default with running with random UID's. you can fix that by reassigning the paths for different Nginx uses.

changing the PID location:

pid /tmp/nginx.pid;

changing the client temp location (your issue):

client_body_temp_path /tmp/nginx/client_temp

and any other paths in a similar fashion.

you can also use the unprivileged nginx image from docker hub aside from the image specified in the other answer from by RedHat as a certified image, ones that should play more nicely with RedHat products oriented towards security. as the other image is due to being deprecated I'm including the other tag recommended by RedHat rhscl/nginx-120-rhel7

Niobium answered 26/12, 2021 at 15:37 Comment(1)

Make sure /tmp/nginx exists or use just /tmp/nginx_client_temp, apparently it likes the parent directory to already be in place. – Freezedry 23/7 at 9:54

Recommended topics

Hot tags