Welcome to WebmasterWorld Guest from 54.145.221.99

Forum Moderators: phranque

Message Too Old, No Replies

Why I don't have permissions

   
9:54 am on Jun 18, 2010 (gmt 0)

5+ Year Member



If I use this command to download a file from my site, I get the error posted..

<form><input type="button" value="filename.zip" onClick="window.location.href='http//example.com/downloads/filename.zip'"></form>

I keep getting this error...

You don't have permission to access /downloads/filename.zip on this server.

The permissions for this file are set at CHMod 666. Even changing to 777 doesn't help. What am I misunderstanding here?
1:27 pm on Jun 18, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



what are the permissions and ownership of the /downloads/ directory?
1:36 pm on Jun 18, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Mayby caused by a typo? http:
2:06 pm on Jun 18, 2010 (gmt 0)

5+ Year Member



Permission of /downloads is 777

Typo corrected but still the same problem.

After I got the correct Error Handler in the .htaccess file, it says Error 404 File Not Found.
2:29 pm on Jun 18, 2010 (gmt 0)

5+ Year Member



OK Problem fixed. I found I had an .htaccess file in the /downloads directory which was blocking the downloads. Deleting that fixed the problem.
2:43 pm on Jun 18, 2010 (gmt 0)

5+ Year Member



Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?
5:30 pm on Jun 18, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?


It really is, 777 is world write, and second you shouldn't need world write permissions to access the files. Also don't know if removing the .htaccess directive was such a good idea, you can probably just go to /downloads and see the entire directory contents. What you want to do is if the directory alone is requested, issue the forbidden. See the Apache forum for help.

This directory should only need read for group and all, read/write for owner: 644. These are usually the defaults, delete the directory and recreate it, and do nothing. That should do it.

If you need to protect these files, some scripting may be involved. What you do is put the file in a private location, and the download link opens a script that locates and outputs the file. Topic for another day?
5:58 pm on Jun 18, 2010 (gmt 0)

5+ Year Member



I recreated the folder. The files were 644 the folder was created with 744. The folder would allow any changes lowering it below 744. The only permission allowing download was 777 for everything.

The .htaccess file only had the entry deny from all in it.
10:30 pm on Jun 18, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



This directory should only need read for group and all, read/write for owner: 644.

a directory usually needs the execute bit set so that should be 755, not 644.
2:08 am on Jun 19, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



<smacks head> Well, 777 wasn't required for sure. :-(
5:16 am on Jun 19, 2010 (gmt 0)

5+ Year Member



Anyone? Or should I move this to the Apache Forum?
5:46 am on Jun 19, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



so just to clarify your situation:
- /downloads/ is in the document root directory?
- the permissions for /downloads/ are 755?
- the permissions for /downloads/filename.zip are 644?
- there is nothing in .htaccess or /downloads/.htaccess that might restrict a request
- you have checked the server access/error logs for any further messages or clues?

perhaps there is something in the server configuration file in the context of that specific directory.
4:04 am on Jun 20, 2010 (gmt 0)

5+ Year Member



yep the /downloads directory is directly off the root directory.

When I deleted this /downloads directory and recreated it and put the downloads inside it, the /downloads directory was 744 and the files were 644. But they wouldn't download. Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

I don't have an .htaccess file in /downloads My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

Should this be something else? Then why would it work at CHMOD 777 and nothing else. What should this read as?

I haven't checked any logs yet. I wouldn't even know how to edit the server config. This is just a basic hosting account using cpanel.
6:38 am on Jun 20, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Only CHMOD the directory and the files to 777, was the only case in which they would download. I tried other combinations too.

did you try the directory permissions set to 755 AND file permissions set to 644?
this is a yes or no answer.

My root .htacess file has this in it..

<Files .htaccess>
Deny from all
</Files>

this context specification only affects access to files that end in ".htaccess", so you can ignore this directive for this problem.

Then why would it work at CHMOD 777 and nothing else.

the only difference between 777 and 755 is that in the first case the group and user also have permission to write to the directory instead of just the owner.
the difference should be irrelevant for a read operation.

I haven't checked any logs yet.

check the logs.
6:44 am on Jun 20, 2010 (gmt 0)

5+ Year Member



OK 755 for the directory and 644 for the files worked. Thanks.