I can't upload images to CRM SUITE

English Language - Forum
4

There are a number of areas where the forbidden response can come from:

  1. Permissions - You’ve stated that everything all the way down to the files concerned is 755, so this is not possible.
  2. The webserver itself - Configuration (.conf file), and .htaccess. Generally these are designed in a default configuration to block direct access to an upload folder, so I’m still suspicious that this might be the cause.
  3. php.ini settings and defined web root folders - This is not the case, as you can access other files, and this is not a .php file.
  4. Operating system restrictions - These include selinux and apparmor, which may mean that the permissions on the file may be a bit different. (Occurs on Redhat and Ubuntu based systems). I’m suspicious of this as well, as your kernel version has el7 in it (Meaning a RedHat 7.7 based system)

Lets look at situation 4, as I suspect that this is most likely.

Please give the output of:

getenforce

This will tell us if selinux security is enabled. If it is, you will see an error relating to attempting to access coopas-logo.jpg in you /var/log/audit/audit.log

If this is the case, you can trivially confirm the problem by running:

sudo setenforce 0
(this switches off the additional enforcement…which is bad as it removes another layer of security) re-enable with:
sudo setenforce 1

If these commands are not available, then you’d need to install them. Alternatively, if you run the command:

ls -alZ coopas-logo.jpg

You will get the security context of the file in question - that’s what the -Z does. It will be similar to:
-rwxr-xr-x. 1 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 56 Jun 11 10:23 ./upload/coopas-logo.jpg

Your upload folder should look similar to this:
drwxr-xr-x. 3 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 4096 Jul 3 14:34 upload

We could create a full security policy for the folders in question, BUT that would probably be a bit overkill for this one instance, so in order to change the security contexts for the folders in question, you would need to run:
sudo chcon -R -t httpd_sys_rw_content_t ./upload

That should resolve the upload folder issue.

Resources if you’re interested in this particular security capability:

Let us know how it goes…and if we need to look elsewhere for your problem?