RaynoG 0 Posted March 9, 2017 Report Share Posted March 9, 2017 Hi guys,Recently deployed CRM on my VPS with Apache and PHP7.0 running and I am getting the following error when I try to add a new user. "ForbiddenYou don't have permission to access /x2engine/index.php/users/create on this server.Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. " I would appreciate any advice.Thanks Quote Link to post Share on other sites
X2Raymond 164 Posted March 9, 2017 Report Share Posted March 9, 2017 Which user are you logged into the system as? The user create page should be restricted to the admin user. If you are an ordinary user, did you locate a link to this page or enter the URL into the address bar manually? Have you received a forbidden error when viewing any other pages in the system? Quote Link to post Share on other sites
RaynoG 0 Posted March 10, 2017 Author Report Share Posted March 10, 2017 Logged in as the admin user. Forbidden error message only discovered whilst trying to add new users to the CRM. I am concerned this error might be PHP / Apache side? Quote Link to post Share on other sites
X2Raymond 164 Posted March 10, 2017 Report Share Posted March 10, 2017 Ah I see, it is interesting the forbidden error is only raised on that page, but it is possible that it is due to permissions. First it may be best to check your web server error log, usually at /var/log/apache2/error.log on Debian/Ubuntu Linux systems. You will also want to verify the permissions and ownership of the contents of protected/modules/users, comparing this to the permissions and ownership of another directory, such as protected/modules/contacts: ls -l protected/modules/users ls -l protected/modules/contactsYou'll want to ensure that the files are readable by the owner of the web server process. This is usually www-data on Debian and Ubuntu, but you can locate it in the second column of the output of "ps aux | egrep 'apache|http'". Please let me know what you find and we can sort out your issue on the user create page. Quote Link to post Share on other sites
amancalledhawk 2 Posted June 26, 2017 Report Share Posted June 26, 2017 This is what I got: [root@XXXX ~]# ls -l /home/XXXXX/public_html/protected/modules/userstotal 28drwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22 2016 assetsdrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 controllersdrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 datadrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 models-rw-r--r-- 1 XXXXXX XXXXXX 379 Dec 22 2016 register.php-rw-r--r-- 1 XXXXXX XXXXXX 452 Dec 22 2016 UsersModule.phpdrwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22 2016 views[root@XXXXXX ~]# ls -l /home/XXXXXX/public_html/protected/modules/contactstotal 32-rw-r--r-- 1 XXXXXX XXXXXX 2527 Dec 22 2016 ContactsModule.phpdrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 controllersdrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 datadrwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22 2016 models-rw-r--r-- 1 XXXXXX XXXXXX 8593 Dec 22 2016 register.phpdrwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22 2016 views When I go into my own account and try to change the avatar, I get a similar error. ForbiddenYou don't have permission to access /index.php/profile/uploadPhoto/3 on this server.Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. I haven't changed anything since installing. Is this the same problem or do I have to make a new post? Quote Link to post Share on other sites
amancalledhawk 2 Posted June 26, 2017 Report Share Posted June 26, 2017 In my case, apparently I can't upload any file into any area. Quote Link to post Share on other sites
X2Raymond 164 Posted June 27, 2017 Report Share Posted June 27, 2017 Hello amancalledhawk, Ah yes, that does sound like there may be a permissions issue here. What about the output of: ps aux | egrep 'apache|http' Is the owner of the web server process the same owner of the webroot files? If not, you'll want to update the ownership/permissions of the files so that the web server user can write files into the webroot. How about the web server error log, are there any entries around the time of error? Can you verify that the .htaccess file is present in the webroot and that mod_rewrite is enabled? Raymond Quote Link to post Share on other sites
amancalledhawk 2 Posted July 3, 2017 Report Share Posted July 3, 2017 root 2232 0.0 0.0 186764 8460 ? Ss Jun25 0:03 /usr/sbin/httpdroot 27656 0.0 0.0 105368 920 pts/0 S+ 01:09 0:00 egrep apache|httpnobody 31631 0.0 0.0 187420 5576 ? S Jun28 0:00 /usr/sbin/httpdnobody 31632 0.0 0.0 187632 6476 ? S Jun28 0:00 /usr/sbin/httpdnobody 31633 0.0 0.0 187420 5580 ? S Jun28 0:00 /usr/sbin/httpdnobody 31634 0.0 0.0 187420 5580 ? S Jun28 0:00 /usr/sbin/httpdnobody 31635 0.0 0.0 187420 5580 ? S Jun28 0:00 /usr/sbin/httpd Did you want the stuff above this? The owner should be the same for all. How do I check this? This was inside the htaccess: <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA] RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]</IfModule><FilesMatch "\.(jpg|png|gif|js|css|ico)$"> <IfModule mod_headers.c> Header set ETag "" Header set Cache-Control "max-age=2592000" Header set Expires "01 Jan 2112 00:00:00 GMT" </IfModule></FilesMatch><IfModule mod_expires.c> ExpiresByType text/css "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/png "access plus 1 month"</IfModule><IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA] RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]</IfModule><FilesMatch "\.(jpg|png|gif|js|css|ico)$"> <IfModule mod_headers.c> Header set ETag "" Header set Cache-Control "max-age=2592000" Header set Expires "01 Jan 2112 00:00:00 GMT" </IfModule></FilesMatch><IfModule mod_expires.c> ExpiresByType text/css "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/png "access plus 1 month"</IfModule> Quote Link to post Share on other sites
X2Raymond 164 Posted July 5, 2017 Report Share Posted July 5, 2017 Ah I see, I believe it may be caused by the web server process being executed by "nobody", and not having write access in the webroot. Depending on the security you require on your server and whether you have other virtual hosts enabled, there are a few options to resolve:Change the web server process to be executed by the owner of the webroot files ("XXXXX" in the output above). This can be done in the Apache config by updating the "User" and "Group" directives. If this is the only virtual host running on this server, this would be suitable, but if you're running other web apps, it is best to keep strict separation with permissions at a bare minimum. Give "nobody" permission to write to the webroot, either by changing the ownership of the files in the webroot to be owned by "nobody" (chown -R nobody /path/to/webroot),or by opening up the "other" write permission (not advisable). If you still want to write the webroot files as your user ("XXXXX"), keep group ownership set and add write permission. For further information, please see the "Server Preparation" section of the installations wiki article here: http://wiki.x2crm.com/wiki/Preparing_a_Linux_Server_Environment#Server_Preparation When you are using multiple vhosts, you may wish to have each virtual host executed by a dedicated user. If you're using a PHP application server, like php-fpm, then you'll want to use the appropriate directives for that application to configure the user/group. suexec is another option for Apache for use with mod_fcgid. Quote Link to post Share on other sites
amancalledhawk 2 Posted July 6, 2017 Report Share Posted July 6, 2017 I don't know about virtual hosts, but I don't believe we are running one. Out of the box, we installed the software onto our system. When it comes to certain things, I am still very much the noob. I am going to re-read your information when I am not so tired after a long day of other work. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.