How to Fix Nginx Permission Denied on Debian 11

The Root Cause

Nginx on Debian 11 typically executes processes under the www-data user, which requires read access to your web content and execute permissions on parent directories. The “Permission Denied” error commonly arises when web root files or directories are owned by a different user or lack the necessary read/execute permissions for the www-data user.

Quick Fix (CLI)

# 1. Identify your Nginx web root directory.
# This is commonly /var/www/html or a specific path defined in your site configuration.
WEB_ROOT="/var/www/html" # <--- IMPORTANT: Adjust this to your actual web root path

# 2. Change the ownership of the web root and its contents to the www-data user and group.
sudo chown -R www-data:www-data "$WEB_ROOT"

# 3. Set appropriate directory permissions (755: rwx for owner, rx for group/others).
sudo find "$WEB_ROOT" -type d -exec chmod 755 {} \;

# 4. Set appropriate file permissions (644: rw for owner, r for group/others).
sudo find "$WEB_ROOT" -type f -exec chmod 644 {} \;

# 5. Restart Nginx to ensure changes are applied.
sudo systemctl restart nginx

Configuration Check

File to check/edit: /etc/nginx/nginx.conf

Verify the user directive at the top of the file:

user www-data;

Ensure this line is present, uncommented, and set to www-data. If it’s commented out or set to a different user, change it to user www-data;.

Additionally, review your specific server block configuration file (e.g., /etc/nginx/sites-available/your_domain.conf or /etc/nginx/conf.d/your_site.conf) and ensure the root directive points to the correct web directory you applied permissions to.

Example:

server {
    listen 80;
    server_name your_domain.com;
    root /var/www/html; # Ensure this path matches your actual web_root
    index index.html index.htm;
    # ... other configurations
}

Verification

# 1. Check the Nginx service status. It should be "active (running)".
sudo systemctl status nginx

# 2. Review Nginx error logs for any remaining permission issues.
sudo tail -f /var/log/nginx/error.log

# 3. Attempt to access your web server via curl or a web browser.
curl -v http://localhost/ # Replace localhost with your domain or server IP if necessary