Jump to content
X2Community Forums

You don't have permission to access /x2engine/index.php/users/create on this server.


Recommended Posts

Hi guys,

Recently deployed CRM on my VPS with Apache and PHP7.0 running and I am getting the following error when I try to add a new user.

 

"Forbidden

You don't have permission to access /x2engine/index.php/users/create on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. "

 

I would appreciate any advice.

Thanks

Link to post
Share on other sites

Which user are you logged into the system as? The user create page should be restricted to the admin user. If you are an ordinary user, did you locate a link to this page or enter the URL into the address bar manually? Have you received a forbidden error when viewing any other pages in the system?

Link to post
Share on other sites

Ah I see, it is interesting the forbidden error is only raised on that page, but it is possible that it is due to permissions. First it may be best to check your web server error log, usually at /var/log/apache2/error.log on Debian/Ubuntu Linux systems. You will also want to verify the permissions and ownership of the contents of protected/modules/users, comparing this to the permissions and ownership of another directory, such as protected/modules/contacts:

ls -l protected/modules/users
ls -l protected/modules/contacts

You'll want to ensure that the files are readable by the owner of the web server process. This is usually www-data on Debian and Ubuntu, but you can locate it in the second  column of the output of "ps aux | egrep 'apache|http'". Please let me know what you find and we can sort out your issue on the user create page.

Link to post
Share on other sites
  • 3 months later...

This is what I got:

 

[root@XXXX ~]# ls -l /home/XXXXX/public_html/protected/modules/users
total 28
drwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22  2016 assets
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 controllers
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 data
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 models
-rw-r--r-- 1 XXXXXX XXXXXX 379 Dec 22  2016 register.php
-rw-r--r-- 1 XXXXXX XXXXXX 452 Dec 22  2016 UsersModule.php
drwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22  2016 views
[root@XXXXXX ~]# ls -l /home/XXXXXX/public_html/protected/modules/contacts
total 32
-rw-r--r-- 1 XXXXXX XXXXXX 2527 Dec 22  2016 ContactsModule.php
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 controllers
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 data
drwxr-xr-x 2 XXXXXX XXXXXX 4096 Dec 22  2016 models
-rw-r--r-- 1 XXXXXX XXXXXX 8593 Dec 22  2016 register.php
drwxr-xr-x 3 XXXXXX XXXXXX 4096 Dec 22  2016 views
 
When I go into my own account and try to change the avatar, I get a similar error.
 
Forbidden

You don't have permission to access /index.php/profile/uploadPhoto/3 on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

 

I haven't changed anything since installing. Is this the same problem or do I have to make a new post?

Link to post
Share on other sites

Hello amancalledhawk,

 

Ah yes, that does sound like there may be a permissions issue here. What about the output of:

ps aux | egrep 'apache|http'

Is the owner of the web server process the same owner of the webroot files? If not, you'll want to update the ownership/permissions of the files so that the web server user can write files into the webroot.

 

How about the web server error log, are there any entries around the time of error? Can you verify that the .htaccess file is present in the webroot and that mod_rewrite is enabled?

 

Raymond

Link to post
Share on other sites

root      2232  0.0  0.0 186764  8460 ?        Ss   Jun25   0:03 /usr/sbin/httpd
root     27656  0.0  0.0 105368   920 pts/0    S+   01:09   0:00 egrep apache|http
nobody   31631  0.0  0.0 187420  5576 ?        S    Jun28   0:00 /usr/sbin/httpd
nobody   31632  0.0  0.0 187632  6476 ?        S    Jun28   0:00 /usr/sbin/httpd
nobody   31633  0.0  0.0 187420  5580 ?        S    Jun28   0:00 /usr/sbin/httpd
nobody   31634  0.0  0.0 187420  5580 ?        S    Jun28   0:00 /usr/sbin/httpd
nobody   31635  0.0  0.0 187420  5580 ?        S    Jun28   0:00 /usr/sbin/httpd
 

Did you want the stuff above this?

 

The owner should be the same for all. How do I check this?

 

This was inside the htaccess:

 


<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
</IfModule>
<FilesMatch "\.(jpg|png|gif|js|css|ico)$">
        <IfModule mod_headers.c>
                Header set ETag ""
                Header set Cache-Control "max-age=2592000"
                Header set Expires "01 Jan 2112 00:00:00 GMT"
        </IfModule>
</FilesMatch>
<IfModule mod_expires.c>
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType text/javascript "access plus 1 month"
        ExpiresByType application/x-javascript "access plus 1 month"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/jpg "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
</IfModule>

<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
</IfModule>
<FilesMatch "\.(jpg|png|gif|js|css|ico)$">
        <IfModule mod_headers.c>
                Header set ETag ""
                Header set Cache-Control "max-age=2592000"
                Header set Expires "01 Jan 2112 00:00:00 GMT"
        </IfModule>
</FilesMatch>
<IfModule mod_expires.c>
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType text/javascript "access plus 1 month"
        ExpiresByType application/x-javascript "access plus 1 month"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/jpg "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
</IfModule>
 

Link to post
Share on other sites

Ah I see, I believe it may be caused by the web server process being executed by "nobody", and not having write access in the webroot. Depending on the security you require on your server and whether you have other virtual hosts enabled, there are a few options to resolve:

  1. Change the web server process to be executed by the owner of the webroot files ("XXXXX" in the output above). This can be done in the Apache config by updating the "User" and "Group" directives. If this is the only virtual host running on this server, this would be suitable, but if you're running other web apps, it is best to keep strict separation with permissions at a bare minimum.
  2. Give "nobody" permission to write to the webroot, either by changing the ownership of the files in the webroot to be owned by "nobody" (chown -R nobody /path/to/webroot),or by opening up the "other" write permission (not advisable). If you still want to write the webroot files as your user ("XXXXX"), keep group ownership set and add write permission. For further information, please see the "Server Preparation" section of the installations wiki article here: http://wiki.x2crm.com/wiki/Preparing_a_Linux_Server_Environment#Server_Preparation
  3. When you are using multiple vhosts, you may wish to have each virtual host executed by a dedicated user. If you're using a PHP application server, like php-fpm, then you'll want to use the appropriate directives for that application to configure the user/group. suexec is another option for Apache for use with mod_fcgid.
Link to post
Share on other sites

I don't know about virtual hosts, but I don't believe we are running one. Out of the box, we installed the software onto our system. When it comes to certain things, I am still very much the noob. I am going to re-read your information when I am not so tired after a long day of other work.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...