How to Solve a 403 Nginx File Download Permission Error

Posted by Flatiron School  /  January 8, 2013

The following is a guest post by Corinna Brock and originally appeared on her blog. Corinna is currently a student a The Flatiron School. You can follow her on twitter here.

Once the basic functionality of our website was implemented, one of the features that we wanted to implement was file upload and download. The basic upload functionality was surprisingly easy to implement using a gem called CarrierWave. The Github page has a pretty thorough walk-through, but if you’re looking to display the content on your website there is a Railscast on the file upload process. Both will walk you through the steps of setting it up, and it took us about 20 minutes.

File download was a bit more complex. While an individual user would only upload one file to be associated with an assignment, the person who assigned the assignment would probably want a way to download all of the submitted work at once. For this, we implemented a gem called RubyZip. If you’re writing a rails app, you don’t need to require ‘rubygems’, but you DO need to require ‘zip/zip’ in your application.rb file.

The RubyZip documentation is pretty dense, but thorough. With a few modifications, we passed it an array of files, specified the file names, and created a file tree structure so that when the user downloaded the files, they were organized by submitter and named appropriately.

Blog post image: tumblr_inline_mgbiofWJks1rtan47.png

Everything worked on our local host, but when we deployed to our server we got an Nginx 403 permissions error. Once we SSH’ed into the server, we saw that the file was being created, but while the owner of the file was allowed to read and write the file, no one else could do anything with it.

Much like you can run chmod in your bash window, Ruby also contains a chmod command. By adding one line to our code, we modified our permissions and allowed the user to download the file appropriately.

Blog post image: tumblr_inline_mgbiprVf7X1rtan47.png

Returning to the server, you can see that the permissions were appropriately modified, and the user can now download the Zip file of all the files for an assignment. The built-in site functionality works as well.

This is a great explanation of file permissions in Unix. For purposes of simplicity, I’ve abstracted away the routing and controller functionality that calls the above method.