Welcome to WebmasterWorld Guest from 54.198.134.32

Forum Moderators: phranque

Message Too Old, No Replies

Why I don't have permissions

     
9:54 am on Jun 18, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts: 479
votes: 0


If I use this command to download a file from my site, I get the error posted..

<form><input type="button" value="filename.zip" onClick="window.location.href='http//example.com/downloads/filename.zip'"></form>

I keep getting this error...

You don't have permission to access /downloads/filename.zip on this server.

The permissions for this file are set at CHMod 666. Even changing to 777 doesn't help. What am I misunderstanding here?
1:27 pm on June 18, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11073
votes: 106


what are the permissions and ownership of the /downloads/ directory?
1:36 pm on June 18, 2010 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2936
votes: 24


Mayby caused by a typo? http:
2:06 pm on June 18, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


Permission of /downloads is 777

Typo corrected but still the same problem.

After I got the correct Error Handler in the .htaccess file, it says Error 404 File Not Found.
2:29 pm on June 18, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


OK Problem fixed. I found I had an .htaccess file in the /downloads directory which was blocking the downloads. Deleting that fixed the problem.
2:43 pm on June 18, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?
5:30 pm on June 18, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?


It really is, 777 is world write, and second you shouldn't need world write permissions to access the files. Also don't know if removing the .htaccess directive was such a good idea, you can probably just go to /downloads and see the entire directory contents. What you want to do is if the directory alone is requested, issue the forbidden. See the Apache forum for help.

This directory should only need read for group and all, read/write for owner: 644. These are usually the defaults, delete the directory and recreate it, and do nothing. That should do it.

If you need to protect these files, some scripting may be involved. What you do is put the file in a private location, and the download link opens a script that locates and outputs the file. Topic for another day?
5:58 pm on June 18, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


I recreated the folder. The files were 644 the folder was created with 744. The folder would allow any changes lowering it below 744. The only permission allowing download was 777 for everything.

The .htaccess file only had the entry deny from all in it.
10:30 pm on June 18, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11073
votes: 106


This directory should only need read for group and all, read/write for owner: 644.

a directory usually needs the execute bit set so that should be 755, not 644.
2:08 am on June 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


<smacks head> Well, 777 wasn't required for sure. :-(
5:16 am on June 19, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


Anyone? Or should I move this to the Apache Forum?
5:46 am on June 19, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11073
votes: 106


so just to clarify your situation:
- /downloads/ is in the document root directory?
- the permissions for /downloads/ are 755?
- the permissions for /downloads/filename.zip are 644?
- there is nothing in .htaccess or /downloads/.htaccess that might restrict a request
- you have checked the server access/error logs for any further messages or clues?

perhaps there is something in the server configuration file in the context of that specific directory.
4:04 am on June 20, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


yep the /downloads directory is directly off the root directory.

When I deleted this /downloads directory and recreated it and put the downloads inside it, the /downloads directory was 744 and the files were 644. But they wouldn't download. Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

I don't have an .htaccess file in /downloads My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

Should this be something else? Then why would it work at CHMOD 777 and nothing else. What should this read as?

I haven't checked any logs yet. I wouldn't even know how to edit the server config. This is just a basic hosting account using cpanel.
6:38 am on June 20, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11073
votes: 106


Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

did you try the directory permissions set to 755 AND file permissions set to 644?
this is a yes or no answer.

My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

this context specification only affects access to files that end in ".htaccess", so you can ignore this directive for this problem.

Then why would it work at CHMOD 777 and nothing else.

the only difference between 777 and 755 is that in the first case the group and user also have permission to write to the directory instead of just the owner.
the difference should be irrelevant for a read operation.

I haven't checked any logs yet.

check the logs.
6:44 am on June 20, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2005
posts:479
votes: 0


OK 755 for the directory and 644 for the files worked. Thanks.