homepage Welcome to WebmasterWorld Guest from 54.211.100.183
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Why I don't have permissions
stu2

5+ Year Member



 
Msg#: 4154678 posted 9:54 am on Jun 18, 2010 (gmt 0)

If I use this command to download a file from my site, I get the error posted..

<form><input type="button" value="filename.zip" onClick="window.location.href='http//example.com/downloads/filename.zip'"></form>

I keep getting this error...

You don't have permission to access /downloads/filename.zip on this server.

The permissions for this file are set at CHMod 666. Even changing to 777 doesn't help. What am I misunderstanding here?

 

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4154678 posted 1:27 pm on Jun 18, 2010 (gmt 0)

what are the permissions and ownership of the /downloads/ directory?

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4154678 posted 1:36 pm on Jun 18, 2010 (gmt 0)

Mayby caused by a typo? http://example.com/downloads/filename.zip

stu2

5+ Year Member



 
Msg#: 4154678 posted 2:06 pm on Jun 18, 2010 (gmt 0)

Permission of /downloads is 777

Typo corrected but still the same problem.

After I got the correct Error Handler in the .htaccess file, it says Error 404 File Not Found.

stu2

5+ Year Member



 
Msg#: 4154678 posted 2:29 pm on Jun 18, 2010 (gmt 0)

OK Problem fixed. I found I had an .htaccess file in the /downloads directory which was blocking the downloads. Deleting that fixed the problem.

stu2

5+ Year Member



 
Msg#: 4154678 posted 2:43 pm on Jun 18, 2010 (gmt 0)

Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4154678 posted 5:30 pm on Jun 18, 2010 (gmt 0)

Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?


It really is, 777 is world write, and second you shouldn't need world write permissions to access the files. Also don't know if removing the .htaccess directive was such a good idea, you can probably just go to /downloads and see the entire directory contents. What you want to do is if the directory alone is requested, issue the forbidden. See the Apache forum for help.

This directory should only need read for group and all, read/write for owner: 644. These are usually the defaults, delete the directory and recreate it, and do nothing. That should do it.

If you need to protect these files, some scripting may be involved. What you do is put the file in a private location, and the download link opens a script that locates and outputs the file. Topic for another day?

stu2

5+ Year Member



 
Msg#: 4154678 posted 5:58 pm on Jun 18, 2010 (gmt 0)

I recreated the folder. The files were 644 the folder was created with 744. The folder would allow any changes lowering it below 744. The only permission allowing download was 777 for everything.

The .htaccess file only had the entry deny from all in it.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4154678 posted 10:30 pm on Jun 18, 2010 (gmt 0)

This directory should only need read for group and all, read/write for owner: 644.

a directory usually needs the execute bit set so that should be 755, not 644.

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4154678 posted 2:08 am on Jun 19, 2010 (gmt 0)

<smacks head> Well, 777 wasn't required for sure. :-(

stu2

5+ Year Member



 
Msg#: 4154678 posted 5:16 am on Jun 19, 2010 (gmt 0)

Anyone? Or should I move this to the Apache Forum?

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4154678 posted 5:46 am on Jun 19, 2010 (gmt 0)

so just to clarify your situation:
- /downloads/ is in the document root directory?
- the permissions for /downloads/ are 755?
- the permissions for /downloads/filename.zip are 644?
- there is nothing in .htaccess or /downloads/.htaccess that might restrict a request
- you have checked the server access/error logs for any further messages or clues?

perhaps there is something in the server configuration file in the context of that specific directory.

stu2

5+ Year Member



 
Msg#: 4154678 posted 4:04 am on Jun 20, 2010 (gmt 0)

yep the /downloads directory is directly off the root directory.

When I deleted this /downloads directory and recreated it and put the downloads inside it, the /downloads directory was 744 and the files were 644. But they wouldn't download. Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

I don't have an .htaccess file in /downloads My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

Should this be something else? Then why would it work at CHMOD 777 and nothing else. What should this read as?

I haven't checked any logs yet. I wouldn't even know how to edit the server config. This is just a basic hosting account using cpanel.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4154678 posted 6:38 am on Jun 20, 2010 (gmt 0)

Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

did you try the directory permissions set to 755 AND file permissions set to 644?
this is a yes or no answer.

My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

this context specification only affects access to files that end in ".htaccess", so you can ignore this directive for this problem.

Then why would it work at CHMOD 777 and nothing else.

the only difference between 777 and 755 is that in the first case the group and user also have permission to write to the directory instead of just the owner.
the difference should be irrelevant for a read operation.

I haven't checked any logs yet.

check the logs.

stu2

5+ Year Member



 
Msg#: 4154678 posted 6:44 am on Jun 20, 2010 (gmt 0)

OK 755 for the directory and 644 for the files worked. Thanks.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved