Studio Permission Owner Problem ??

šŸ’¬ General Discussion
1

Version 7.7.8
Sugar Version 6.5.24 (Build 509)

I have 2 servers production and a shdow. Problem only exists on shadow server.

After restoring database and the /var/www/html/CRM I cannot make field changes with Studio. (I have used tar.xzv and tried just copying without compression, same results)

Examining the apache log I get this:
[root@localhost httpd]# tail error_log
[Thu May 11 12:26:00.102595 2017] [:error] [pid 27335] [client 192.168.1.15:42183] PHP Warning: sugar_file_put_contents_atomic() : fatal rename failure ā€˜/tmp/tempKvwbh1ā€™ -> ā€˜cache/modules/Contacts/Contactvardefs.phpā€™ in /var/www/html/CRM/include/utils/sugar_file_utils.php on line 205, referer: http://192.168.1.205/CRM/index.php?module=ModuleBuilder&action=index&type=studio
[Thu May 11 12:26:00.111688 2017] [:error] [pid 27335] [client 192.168.1.15:42183] PHP Warning: sugar_file_put_contents_atomic() : fatal rename failure ā€˜/tmp/tempwu4U0Lā€™ -> ā€˜cache/modules/EditCustomFields/FieldsMetaDatavardefs.phpā€™ in /var/www/html/CRM/include/utils/sugar_file_utils.php on line 205, referer: http://192.168.1.205/CRM/index.php?module=ModuleBuilder&action=index&type=studio
[Thu May 11 12:32:52.004000 2017] [mpm_prefork:notice] [pid 27332] AH00170: caught SIGWINCH, shutting down gracefully
[Thu May 11 12:32:53.075179 2017] [core:notice] [pid 27414] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu May 11 12:32:53.075838 2017] [suexec:notice] [pid 27414] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the serverā€™s fully qualified domain name, using localhost.localdomain. Set the ā€˜ServerNameā€™ directive globally to suppress this message
[Thu May 11 12:32:53.101466 2017] [auth_digest:notice] [pid 27414] AH01757: generating secret for digest authentication ā€¦
[Thu May 11 12:32:53.102080 2017] [lbmethod_heartbeat:notice] [pid 27414] AH02282: No slotmem from mod_heartmonitor
[Thu May 11 12:32:53.149037 2017] [mpm_prefork:notice] [pid 27414] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured ā€“ resuming normal operations
[Thu May 11 12:32:53.149092 2017] [core:notice] [pid 27414] AH00094: Command line: ā€˜/usr/sbin/httpd -D FOREGROUNDā€™
[root@localhost httpd]#

2

Have you tried a Quick Repair and Rebuild?

Do you have anything in suitecrm.log?

Pay attention to the time of the log messages: we need to focus on the messages that happen when you try to edit something in Studio.

3

Tried Quick Repair and Rebuild. It adds lines to the error_log.
Nothing relevant in suitecrm.log
Truncated error_log
followed these set permissions from install guide

sudo chown -R www-data:www-data . (Except in my case apache:apache)
sudo chmod -R 755 .
sudo chmod -R 775 cache custom modules themes data upload config_override.php

Ran quick repair and rebuild again and got 1067 lines in error_log:

here are a few lines from that log.

[Fri May 12 08:40:51.377947 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//AOS_Quotes/AOS_Quotesvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: http://19
2.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378067 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//Campaigns/Campaignvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: http://192.1
68.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378123 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//AOS_PDF_Templates/AOS_PDF_Templatesvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, refe
rer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378178 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//ProjectTask/ProjectTaskvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: http://
192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378236 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//SugarFeed/SugarFeedvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: http://192.
168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378288 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//Opportunities/Opportunityvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: http:
//192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Fri May 12 08:40:51.378340 2017] [:error] [pid 28314] [client 192.168.1.8:59124] PHP Warning: unlink(cache/modules//AOS_Contracts/AOS_Contractsvardefs.php): Permission denied in /var/www/html/CRM/modules/Administration/QuickRepairAndRebuild.php on line 432, referer: htt
p://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade

Could it be the way I copy the CRM data from the production server? I have tried tar and direct scp?

4

The way you copied could affect permissions, but after your reset them it shouldnā€™t affect anything.

Are you sure the apache:apache is correct? If you try doing

ls -al

on your SuiteCRM root directory you can see by the ownership and permissions of the suitecrm.log file what your web server user is (we know that user can write to that file).

Also, have you already configured your cron jobs? These can mess up permissions (every minute!) if not set correctlyā€¦

5

ownership shows apache:apache permissions are all -rwxr-xr-x or drwxr-xr-x

I have not configured any cron job. crontab -e is empty
this is only a shadow server for the purposes of database import. I have 600,000 records to import, do not want to do on production server, but my hands are tied until I get the shadow server working properly.

suitecrm.log has no entries except from prior months probably when configuring the production server.

My first issue is to allow edting of fields, removing checkmark off of required field. (To allow import)

6

Weird.

And what do you get if you do
ls -al /var/www/html/CRM/cache/modules/Campaigns/
or
ls -al /tmp

Those are directories mentioned in the errors you posted the other day.

Iā€™m trying to find out if permissions were degraded for some reasonā€¦

You can also try tweaking your config.php, this part:


  'default_permissions' =>
  array (
    'dir_mode' => 1517,
    'file_mode' => 420,
    'user' => 'apache',
    'group' => 'apache',
  ),

use those values 1517 and 420. Then you might need to reset permissions all over (the chown and the two chmods), do a Quick Repair and Rebuild, and see if itā€™s better.

7

[randy@localhost CRM]$ ls -al /var/www/html/CRM/cache/modules/Campaigns/
total 24
drwxrwsr-x. 3 apache apache 49 May 9 10:39 .
drwxrwxr-x. 106 apache apache 4096 Feb 9 10:31 ā€¦
-rwxrwxr-x. 1 apache apache 17977 May 9 10:39 Campaignvardefs.php
drwxrwsr-x. 2 apache apache 28 Mar 30 17:30 language
[randy@localhost CRM]$

[randy@localhost CRM]$ ls -al /tmp
total 8
drwxrwxrwt. 14 root root 4096 May 15 11:36 .
dr-xr-xr-x. 17 root root 267 May 9 10:02 ā€¦
drwxrwxrwt. 2 root root 6 May 8 16:46 .font-unix
drwxrwxrwt. 2 root root 6 May 8 16:46 .ICE-unix
-rwx------. 1 root root 836 May 8 16:51 ks-script-L9kntJ
drwx------. 3 root root 17 May 8 16:52 systemd-private-1bc774d03ade4ec9ac76d45393366bcd-systemd-hostnamed.service-BrguPa
drwx------. 3 root root 17 May 15 11:36 systemd-private-214873772d6749dc96d698658043aaa0-httpd.service-pen6fx
drwx------. 3 root root 17 May 15 11:36 systemd-private-214873772d6749dc96d698658043aaa0-mariadb.service-CERutY
drwx------. 3 root root 17 May 15 10:46 systemd-private-73811c1c367a4ee7899a9b9ecb456e11-httpd.service-gYjZJq
drwx------. 3 root root 17 May 15 10:46 systemd-private-73811c1c367a4ee7899a9b9ecb456e11-mariadb.service-61NG5c
drwx------. 3 root root 17 May 12 08:32 systemd-private-b55f8a0488c64edd88e47a5ee2d9e0f4-httpd.service-zC6vgM
drwx------. 3 root root 17 May 9 09:20 systemd-private-b55f8a0488c64edd88e47a5ee2d9e0f4-mariadb.service-wfa03m
drwxrwxrwt. 2 root root 6 May 8 16:46 .Test-unix
drwxrwxrwt. 2 root root 6 May 8 16:46 .X11-unix
drwxrwxrwt. 2 root root 6 May 8 16:46 .XIM-unix
-rw-------. 1 root root 0 May 8 16:45 yum.log
[randy@localhost CRM]$

Going to tweak config.php. Should I do the chmod -R with 755 775 or 1517 and 420?
I will standby. Thank you for your help.

8

The chmods you must do with the numbers like 755 and 775.

These numbers are in octal, the others are in decimal.

You could input them in config.php in octal, by prepending a 0, it would look like this:

  'default_permissions' =>
  array (
    'dir_mode' => 02755,
    'file_mode' => 0644,
    'user' => 'apache',
    'group' => 'apache',
  ),

that means exactly the same as before, and is much more readable, but unfortunately after a Repair they always get converted to decimalā€¦

I canā€™t make much sense from the output of those commands you show, I donā€™t see a reason for this to be failing.

By the way, a quick command to analyze permissions on a server is this:

tree -iudpf cache

There Iā€™m only focusing on the cache folder, but you can also use it for the entire SuiteCRM tree, and then grep it for what you want (for example, ā€œrootā€ ownerships).

If you remove that ā€œdā€ from the command, instead of showing you only directories, it will show you every single file also.

Try those two commands and see if you can gather anything interesting from their outputsā€¦

9

Here is what was in the config.php

ā€˜default_permissionsā€™ =>
array (
ā€˜dir_modeā€™ => 1528,
ā€˜file_modeā€™ => 432,
ā€˜userā€™ => ā€˜ā€™,
ā€˜groupā€™ => ā€˜ā€™,

Exactly the same as the production server. And the production server is okay.
Going to try and make changes on the shadow server.

10

Thatā€™s 0660 for files and 02770 for directories. So it might make a difference for ā€œworldā€ access. Though it should be getting access through ā€œgroupā€ or ā€œuserā€, not ā€œworldā€ā€¦

I donā€™t have much hope in this config.php tweak, to be honest. Itā€™s just one other thing to tryā€¦

Hey, maybe we should confirm what is your web server user, that might be configured differently between the Production and Shadow servers. And that makes a lot of difference. Can you go into Admin/diagnostics and get a copy of the output of phpinfo()? Then you can see there which user and group your web server is running under.

11

Just made the config.php changes, no change in my issue.
I ran those 2 commands and not sure what I am looking for, but the only anomaly I see is in the templates folder:

drwxrwxr-x apache ] cache/smarty/templates_c
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%04^045^0453F55B%%ListView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%11^113^113CB5C1%%forDetailView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%1B^1BA^1BA1C11C%%EditView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%2D^2D7^2D7A76C1%%header.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%47^472^472B27CC%%forEditView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%55^551^55120495%%EditView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%56^566^56669478%%default.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%5A^5A6^5A68691A%%remindersDefaults.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%85^852^85294558%%get_form_header.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%AF^AFD^AFD99A58%%_head.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%C7^C7E^C7E346C7%%reminders.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%D4^D4C^D4C94210%%footer.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%D9^D96^D96D6B19%%DetailView.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%E2^E2B^E2BC33C5%%SubPanelTiles.tpl.php
[-rw-rā€“r-- apache ] cache/smarty/templates_c/%%F5^F56^F562D944%%_headerModuleList.tpl.php
[drwxrwxr-x apache ] cache/sprites
[drwxrwsr-x apache ] cache/sprites/default

12

You may be onto something, I am getting errors running the diagnostic see below:

Executing Diagnostic Operationsā€¦
100%

Getting config.phpā€¦
Done

Getting custom dirā€¦
Done

Getting phpinfo()
Cannot write to file cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/phpinfo.html
Done

Gettingā€¦ Database infoā€¦ Database dumpsā€¦ Database schema
Done

Getting md5 informationā€¦
Done

Checking that bean files existā€¦
Cannot write to file cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/beanFiles.html
Done

Getting suitecrm.log
Couldnā€™t copy suitecrm.log to cacheDir.
Done

SuiteCRM schema output (VARDEFS)
Cannot write to file cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/vardefschema.html
Done

I went ahead and created my own phpinfo() so I could see the output
usergroup = apache(48)/48

13

A couple of questions

  1. how EXACTLY did you do your own phpinfo()? If itā€™s from the command-line, itā€™s a different PHP (the CLI). If itā€™s called from the web browser, then itā€™s ok.

  2. What do you get with

ls -al cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/

we really need to understand WHY it canā€™t write thereā€¦

14

  1. It is called from the browserā€™s url line
    http://192.168.1.205/info.php

[root@localhost CRM]# ls -al cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/
ls: cannot access cache/diagnostic/3c62e293-9fe4-078d-38f1-5919d869fdd6/diagnostic20170515-163239/: No such file or directory
[root@localhost CRM]#

15

The phpinfo is correct, then.

That directory seems to be temporary, so now itā€™s goneā€¦

Iā€™m running out of ideas, this is very mysterious.

Maybe check your umask (but Iā€™m guessing itā€™s 0002 or 0022 which is normal).

Maybe check if you have any .htaccess files changing permissions somehere?

16

[root@localhost diagnostic]# umask
0022

[root@localhost CRM]# ls -la .htaccess
-rwxr-xr-x. 1 apache apache 720 Dec 7 08:42 .htaccess

Could it be this server is running under VirtualBox, some kinda weird permissions issue?

everybody else has just quit, still scratching their heads.

Thanks for hangin in there.

17

I donā€™t think VirtualBox has anything to do with this problem, I always run my SuiteCRMā€™s virtualizedā€¦

Whatā€™s inside that .htaccess file?

1 Like
18

[root@localhost CRM]# cat .htaccess

BEGIN SUGARCRM RESTRICTIONS

RedirectMatch 403 (?i)..log$
RedirectMatch 403 (?i)/+not_imported_..txt
RedirectMatch 403 (?i)/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+..(php|tpl)
RedirectMatch 403 (?i)/+emailmandelivery.php
RedirectMatch 403 (?i)/+upload
RedirectMatch 403 (?i)/+cache/+diagnostic
RedirectMatch 403 (?i)/+files.md5$

Options +FollowSymLinks
RewriteEngine On
RewriteBase /CRM
RewriteRule ^cache/jsLanguage/(ā€¦_ā€¦).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w)/(ā€¦_ā€¦).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]

END SUGARCRM RESTRICTIONS[root@localhost

19

Mine seems to have more stuff (this is from version 7.8.0 beta that i ave on my test server):


# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch 403 (?i).*\.log$
RedirectMatch 403 (?i)/+not_imported_.*\.txt
RedirectMatch 403 (?i)/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+.*\.(php|tpl)
RedirectMatch 403 (?i)/+emailmandelivery\.php
RedirectMatch 403 (?i)/+upload
RedirectMatch 403 (?i)/+custom/+blowfish
RedirectMatch 403 (?i)/+cache/+diagnostic
RedirectMatch 403 (?i)/+files\.md5$
# END SUGARCRM RESTRICTIONS
<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
</IfModule>
<FilesMatch "\.(jpg|png|gif|js|css|ico)$">
        <IfModule mod_headers.c>
                Header set ETag ""
                Header set Cache-Control "max-age=2592000"
                Header set Expires "01 Jan 2112 00:00:00 GMT"
        </IfModule>
</FilesMatch>
<IfModule mod_expires.c>
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType text/javascript "access plus 1 month"
        ExpiresByType application/x-javascript "access plus 1 month"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType image/jpg "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
</IfModule>r

I donā€™t know if that makes any difference, but you might as well try itā€¦

Just one more question: you donā€™t happen to have more than one instance of SuiteCRM running in the same server, do you?

20

Here is the output after altering the .htaccess to match yours:
[root@localhost httpd]# tail error_log
[Tue May 16 04:32:46.982706 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteP/pathCache.php): Permission denied in /var/www/html/CRM/include/SugarTheme/SugarTheme.php on line 382, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982768 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/Suite7/pathCache.php): Permission denied in /var/www/html/CRM/include/SugarTheme/SugarTheme.php on line 382, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982813 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/pathCache.php): Permission denied in /var/www/html/CRM/include/SugarTheme/SugarTheme.php on line 382, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982881 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/modules/Contacts/SearchForm_basic.tpl): Permission denied in /var/www/html/CRM/include/dir_inc.php on line 127, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982905 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/modules/Contacts/SearchFormHeader.tpl): Permission denied in /var/www/html/CRM/include/dir_inc.php on line 127, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982933 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/modules/Contacts/SearchFormFooter.tpl): Permission denied in /var/www/html/CRM/include/dir_inc.php on line 127, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982962 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/modules/Contacts/EditView.tpl): Permission denied in /var/www/html/CRM/include/dir_inc.php on line 127, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.982990 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Warning: unlink(cache/themes/SuiteR/modules/Contacts/DetailView.tpl): Permission denied in /var/www/html/CRM/include/dir_inc.php on line 127, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.983015 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Notice: Undefined index: log in /var/www/html/CRM/include/dir_inc.php on line 149, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade
[Tue May 16 04:32:46.983020 2017] [:error] [pid 2336] [client 192.168.1.8:46758] PHP Fatal error: Call to a member function error() on a non-object in /var/www/html/CRM/include/dir_inc.php on line 149, referer: http://192.168.1.205/CRM/index.php?module=Administration&action=Upgrade

On the production server I copied the CRM root to a name with the old version number prior to suiteCRM upgrades along with itā€™s mysqlDUMP, just in case of disasters. This resulted in numerous instances, which was never available for use.

A while back shortly after discovering current issue I created a second iteration CRM2 on the shadow server to see if I could make a difference. It did not work.

Do you recommend rebuilding shadow server from scratch? I mean build virtual server, load packages and install SuiteCRM version 7.7.8 prior to copying files and database down from production server?

The insurance company I am representing is becoming impatient, as their overloaded access database is running more an more slow and failing. I need to get their data imported ASAP.

Production Server ---->CentOS Linux release 7.2.1511 (Core)
Shadow Server-------->CentOS Linux release 7.3.1611 (Core)

Should I use a different OS?