How to Solve a 403 Nginx File Download Permission Error

Flatiron School / 8 January 2013

The following is a guest post by Corinna Brock and originally appeared on her blog. Corinna is currently a student a The Flatiron School. You can learn more about her here, or follow her on twitter here.

Once the basic functionality of our website was implemented, one of the features that we wanted to implement was file upload and download. The basic upload functionality was surprisingly easy to implement using a gem called CarrierWave. The Github page has a pretty thorough walk-through, but if you’re looking to display the content on your website there is a Railscast on the file upload process. Both will walk you through the steps of setting it up, and it took us about 20 minutes.

File download was a bit more complex. While an individual user would only upload one file to be associated with an assignment, the person who assigned the assignment would probably want a way to download all of the submitted work at once. For this, we implemented a gem called RubyZip. If you’re writing a rails app, you don’t need to require ‘rubygems’, but you DO need to require ‘zip/zip’ in your application.rb file.

The RubyZip documentation( is pretty dense, but thorough. With a few modifications, we passed it an array of files, specified the file names, and created a file tree structure so that when the user downloaded the files, they were organized by submitter and named appropriately.


Everything worked on our local host, but when we deployed to our server we got an Nginx 403 permissions error. Nginx ErrorOnce we SSH’ed into the server, we saw that the file was being created, but while the owner of the file was allowed to read and write the file, no one else could do anything with it.*

Bad Permissions

Much like you can run chmod in your bash window, Ruby also contains a chmod command. By adding one line to our code, we modified our permissions and allowed the user to download the file appropriately.


Returning to the server, you can see that the permissions were appropriately modified, and the user can now download the Zip file of all the files for an assignment. Good PermissionsThe built-in site functionality works as well.

This is a great explanation of file permissions in Unix. For purposes of simplicity, I’ve abstracted away the routing and controller functionality that calls the above method.

Single Table Inheritance Previous Post Convert a Ruby Hash into valid JSON Next Post