nginx: [alert] could not open error log file: Permission denied

The error “nginx: [alert] could not open error log file: Permission denied” means the Nginx master or worker process does not have write access to the error log file specified in your configuration.

What It Means

Nginx needs to write to its log files (both access and error logs) as part of normal operation. When the process user (typically www-data or nginx) does not have write permission on the log file or its parent directory, Nginx logs this alert and may fail to start.

Why It Happens

• The log file is owned by root but Nginx runs as www-data.
• The /var/log/nginx/ directory has incorrect permissions (e.g., 755 instead of 755 with correct owner).
• SELinux or AppArmor is blocking Nginx from writing to the log directory.
• A custom log path was specified in nginx.conf that does not exist or has wrong ownership.
• The log file already exists and is owned by a different process or user.

How to Fix It

1. Fix log directory ownership

sudo chown -R www-data:www-data /var/log/nginx

2. Set correct directory permissions

sudo chmod 755 /var/log/nginx

3. Check SELinux context

ls -Z /var/log/nginx
sudo restorecon -Rv /var/log/nginx

4. Create the log files manually

sudo touch /var/log/nginx/access.log /var/log/nginx/error.log
sudo chown www-data:www-data /var/log/nginx/*.log

5. Verify the user directive in nginx.conf

user www-data;

6. Test the configuration and restart

sudo nginx -t
sudo systemctl restart nginx

FAQ