Hello everyone.
I could see that this topic was talked a lot, I read everything, but I did”t find the solution. “I can’t upload images to CRM SUITE.” My Suit verison is: 7.11.15 I have already tried all the possible solutions that very kindly provided and it was not solved.
Something that may affect this is that when accessing an image by URL, it does not allow me by mistake 303 as you can see in this image. (URL: https://coopas.com.ar/crm/upload/tmp_logo_company_upload/coopas-logo.jpg)
Has anyone found a solution to this? I appreciate your help to continue.
Firstly, the error is 403 (Forbidden), rather than 303…and the URL concerned in the Login screen shot that you’ve provided is in fact:
https://coopas.com.ar/crm/custom/themes/default/images/company_logo.png (Url obtained by checking source for broken image)
The location that I’m guessing the logo was uploaded to was:
https://coopas.com.ar/crm/upload/tmp_logo_company_upload/coopas-logo.jpg
(also 403 forbidden)
There are a number of reasons for this, and I’m going to make a few guesses:
- I’m going to guess that your .htaccess should forbid direct access to the upload folder.
- You haven’t actually put the company logo in the correct place?
- I’m a little in doubt that you’ve set everything to 775 so please check that applies to every folder from the webroot down to the logo itself. You should see the 403 error in the webserver logs.
- Whilst I dont expect it, you may be using selinux/apparmor? What operating system/version and webserver are you using?
I’m a little concerned as to why you needed to change utils.php, as it will plausibly get over-written when you do an upgrade. Ideally try and leave the php files alone unless you know what you’re doing.
Can you ssh and connect to the server and confirm the exact location of your coopas-logo.jpg file?
Anothermouse I appreciate your help and time.
Well with the logo photo I could already solve it, thank you very much.
Now: the only thing I would be missing is the problem of uploading photos as and how they look, for example to the profile photo of these user
The “.htaccess” i controled it and it is not blocking anything.
Then on the permissions side, for example, enable this image path for everyone (from its root in 775) and still cannot be seen: https://coopas.com.ar/crm/upload/tmp_logo_company_upload/coopas-logo. jpg
With or that you asked me, YES, I can connect and see exactly the location of the file “coopas-logo.jpg” the file is there but it goes wrong 403. I suppose that’s where the problem is.
And finally here is the information that you ask me:
I also sho you the “utils.php” where I already checked that this is the way things were said in other blog articles.
I really appreciate your help, I hope we find a solution.
Thank you very much.
There are a number of areas where the forbidden response can come from:
- Permissions - You’ve stated that everything all the way down to the files concerned is 755, so this is not possible.
- The webserver itself - Configuration (.conf file), and .htaccess. Generally these are designed in a default configuration to block direct access to an upload folder, so I’m still suspicious that this might be the cause.
- php.ini settings and defined web root folders - This is not the case, as you can access other files, and this is not a .php file.
- Operating system restrictions - These include selinux and apparmor, which may mean that the permissions on the file may be a bit different. (Occurs on Redhat and Ubuntu based systems). I’m suspicious of this as well, as your kernel version has el7 in it (Meaning a RedHat 7.7 based system)
Lets look at situation 4, as I suspect that this is most likely.
Please give the output of:
getenforce
This will tell us if selinux security is enabled. If it is, you will see an error relating to attempting to access coopas-logo.jpg in you /var/log/audit/audit.log
If this is the case, you can trivially confirm the problem by running:
sudo setenforce 0
(this switches off the additional enforcement…which is bad as it removes another layer of security) re-enable with:
sudo setenforce 1
If these commands are not available, then you’d need to install them. Alternatively, if you run the command:
ls -alZ coopas-logo.jpg
You will get the security context of the file in question - that’s what the -Z does. It will be similar to:
-rwxr-xr-x. 1 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 56 Jun 11 10:23 ./upload/coopas-logo.jpg
Your upload folder should look similar to this:
drwxr-xr-x. 3 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 4096 Jul 3 14:34 upload
We could create a full security policy for the folders in question, BUT that would probably be a bit overkill for this one instance, so in order to change the security contexts for the folders in question, you would need to run:
sudo chcon -R -t httpd_sys_rw_content_t ./upload
That should resolve the upload folder issue.
Resources if you’re interested in this particular security capability:
Let us know how it goes…and if we need to look elsewhere for your problem?
Note that download.php is an authenticated entry-point, meaning that if no user is logged in, it will redirect to the login page. So you can’t provide an image publicly through that entry-point.
Also, the upload folder is not meant to be accessed directly. Some files get served from there, but they go through more complex mechanisms, not just pointing to the file with a URL.
If you put files in the public folder, they will get served directly. You can create the directory if it doesn’t exist yet. This is what is used for images sent out in emails, for example - they need to be accessible publicly.
Looks like you now have your Logo visible. Congratulations:)
Would love to know what you ended up needing to do in order to fix it. Feel free to like any key bits of information or responses from the community that helped to identify the problem.
Well. Thank you for your answer. Thanks Anothermouse and thanks Pgr.
Now i contact my hosting provider to solve it.
In the case of being the first problem, i should enable all the directories, subdirectories and files in the “crm” folder. Is there a way to do it faster?
Sorry for not knowing that much.
Thank you.
‘Enabling’ all directories, subdirectories and files in the crm folder is bad. From a security perspective, you run the risk of creating vulnerabilities could result in serious problems later. You should only alter what you need.
Not knowing that much isn’t a problem, as we’re all here to learn, but it looks like you may need to do some studying to get to a sensible level to be able to fault find/correct errors by yourself.
There are ways of changing the permissions on all directories recursively but most of them shouldn’t need to be changed. You need to find the cause of the problem and correct that issue. Think of this as a surgical scalpel rather that using a chain saw!
In order to find the cause of the problems, you need to look at the log files. For your el7, the key files to look at are:
Your suitecrm.log
The apache logs:
/var/log/httpd/name_of_site_error.log
/var/log/httpd/name_of_site_access.log
If you’re using selinux which ideally you should, then:
/var/log/audit/audit.log
In order to see exactly what errors are occurring that need to be remedied, I suggest the following command:
sudo tail -f log_file_name_error.log
This will show you the end of the log file. If you then press enter a couple of times you will get some blank lines, and then try and upload the file. You’ll probably get a whole load of entries. You can then press ctrl-c in order to return to the command prompt, and you can scroll through from the spaces that you inserted in order to work out the cause of the problem.
Incidentally cutting and pasting that sort of information into a community Q is very helpful for us to work out what is wrong.
