Please look at output:
deploy@li445-201:~$ sudo ls -al /var/log/nginx/
total 152
drw-rw-r-- 2 root adm 4096 Mar 26 16:08 .
drwxrwxr-x 14 root syslog 4096 Mar 26 06:25 ..
-rw-r--r-- 1 root root 0 Mar 26 16:08 access.log
-rwxrwxrwx 1 www-data adm 108849 Mar 26 06:10 access.log.1
-rw-rw-r-- 1 www-data adm 14206 Mar 25 06:17 access.log.2.gz
-rw-rw-r-- 1 www-data adm 14067 Mar 24 05:31 access.log.3.gz
-rw-r--r-- 1 root root 0 Mar 26 16:08 error.log
-rw-rw-r-- 1 www-data adm 2522 Mar 24 17:13 error.log.1
I try to read log file by deploy user:
deploy@li445-201:~$ cat /var/log/nginx/access.log.1
cat: /var/log/nginx/access.log.1: Permission denied
Why I can't read log file? I've set even 777 permission on it
The file's permissions show that any user should be able to read, write or execute the file. The directory in which this file is located, however, restricts this access.
In order for a user to be able to list the files in a directory, you need read and execute privileges. There is a good explanation of why you need the execute bit that you can read about here. You need to be able to access the inodes, which is where the requirement originates. I always thought you could read the file but not list the directory, but it seems you need the execute bit to read files in most situations.
And this directory-based restriction goes all the way up to
/. This is why a 777 file in your/home/$USERdirectory can't be accessed by another user, because your home directory has no read nor execute privileges for 'other'.