Permission check tools (FreeBSD install)

Hi, is there any script that can be executed to check correct permissions for a new installation?

We have a provider which runs FreeBSD in quite a secure setup, and adds SSL to that (so it’s more FAMP than LAMP :slight_smile: ). The problem is that SuiteCRM and this level of security do NOT seem to get on in any way, shape or fashion:

  • practically ANY admin function I try gets me to the XSS warning page with ever longer lines to add to config_override.php (see below);
  • I have buttons and popups that state “undefined” and
  • I have many function errors (see enclosed)

By way of illustration, the XSS alert I just got for having the temerity to access the diagnostics page gives me this to include (note the repetition):

$sugar_config['http_referer']['actions'] =array( 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'SaveConfig', 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'Save', 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'Locale', 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'Diagnostic', 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'DiagnosticRun', 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'DiagnosticDownload' );

What I need is a single line that says “I am really past this now, just enable EVERYTHING so I can get this set up” :frowning: - but I suspect something more fundamental is happening. Maybe it’s just access rights, but with God knows how many hundreds of directories that gets just a bit laborious. I can have FileZilla make them all 755, but that’s about the only volume chmod tool I have on that server…

The first thing I’m going to do is to kill the SSL cert, then wipe the installation and its DB in the MySQL server and set all of it up from scratch, with default options. I will re-unzip the SuiteCRM archive on the Mac and push the +10000 files in via FileZilla which is normally quite good at preserving rights. However, I have had about 3 instances where a file already existed with a zero length where a source file had to go with content. I’ll make a note of it, could be significant too.

I think the SSL cert alone was enough for all sorts of side effects (URL comes out at http://sitename:443 instead of https://structure, and I suspect appending the port number is not one of the healthiest approaches, as far as I’m aware the server auto-maps everything to SSL anyway).

Question: what is the MAXIMUM version of PHP supported? They run PHP 5.6.18, but I can enable an earlier version, just in case that is an issue.

Apologies for our security gremlins, they’re not fans of publicising any extraneous data.

So, the question: what is the best diagnostic methodology to track this step by step?

Hi,

7.5.1 have some “file include path” bug because roadmap. Many file in custom/ directory have moved to core and some reference is still for custom directory,.

1 Like

Ah, that’s somewhat disappointing and politically rather unhelpful. Just when I get to a point where Open Source is more preferable than proprietary (various arguments, cost is not the only one). The install manual linked is also of v7.1 which hasn’t helped in the impression this makes.

Is there any description of what needs to be corrected in 7.5.1 before it works?

Thank you for the reply - glad it wasn’t all me :slight_smile:

On the plus side, given the conditions that I’m up against I ought to make the perfect beta tester - if it works here, it ought to work pretty much everywhere…

I think I may have discovered a possible source for copious XSS alerts: ad blocking! I have uBlock and Ghostery installed, and with them enabled I have not yet had an alarm.