Hey,

I did a lot of googling and searching around the forum but I cant seem to find the flaw :unsure:

I get a 404 not found in chrome
Failed to load resource: the server responded with a status of 404 ()

access log
[01/Oct/2019:17:45:25 +0200] “GET /cache/jsLanguage/de_DE.js?v=XSse56BIRiBlazbBZwlXXX HTTP/1.0” 404 1213

errorlog shows a related error but 45 minutes earlier. At this stage there are no more entries in the error log.
[core:crit] [pid 18914:tid 140371516368640] (13)Permission denied: [client XXX:9480] AH00529: /var/www/vhosts/…/cache/jsLanguage/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/vhosts/…/cache/jsLanguage/’ is executable, referer: https://domain.tld/index.php?module=Administration&action=repair

(there is no htaccess file and I doubt there should be in this folder)

What did I do:
I set permissions (Plesk setup)
chown -R myuser:psacln .
chown myuser:psaserv .
chmod -R 755 .
chmod -R 775 cache custom modules themes data upload
chmod 775 config_override.php 2>/dev/null

If I give the cache Folder 777 permissions the chrome error changes to
https://domain.tld/cache/jsLanguage/de_DE.js?v=XSse56BIRiBlazbBZwlXXX net::ERR_ABORTED 404

The language files in the cache are created with 644 permissions by the system when I activate a different language for example.

I did a lot of googling and searching around the forum but I cant seem to find the flaw.

Do you have an Idea where to start off or how to fix this?

Best,
Sven

Hi, welcome.

What is your version of SuiteCRM?

If it’s the latest, or one before, you probably need this fix:

https://github.com/salesagility/SuiteCRM/pull/7762/files

Please tell me if it solves your problem.

Hey pgr,

thanks for helping out so quickly.

I applied the fix but as the file is called UpgradeAccess.php I feel like I need to run something to apply the changes?

I tried the quick repair and the system check in the Upgrade Wizard section. But the error is still kinda the same.

some new error arose though: open_basedir restriction

Tue Oct 01 22:01:05.563053 2019] [proxy_fcgi:error] [pid 14931:tid 140400576898816] [client IP:28553] AH01071: Got error 'PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:01:05.564618 2019] [proxy_fcgi:error] [pid 14931:tid 140400576898816] [client IP:28553] AH01071: Got error 'NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:01:30.189670 2019] [proxy_fcgi:error] [pid 14931:tid 140400383719168] [client IP:32665] AH01071: Got error 'PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:02:26.181015 2019] [core:crit] [pid 14931:tid 140400257840896] (13)Permission denied: [client IP:41827] AH00529: /var/www/vhosts/domain.tld/suitecrm.tld/cache/jsLanguage/UpgradeWizard/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.tld/suitecrm.tld/cache/jsLanguage/UpgradeWizard/' is executable, referer: https://suitecrm.tld/index.php?module=UpgradeWizard&action=index

Again, what is your version of SuiteCRM, please?

You are right about something else being needed, please go in Admin / Repairs and run the “rebuild htaccess” action.

If that doesn’t work, check that open_basedir setting in your php.ini. I never heard about it, but maybe there’s something peculiar to your system, coming from that setting. Remember to restart web server if you make any changes to php.ini.

Hey pgr,

I apologize for overreading: Version 7.11.8 Sugar Version 6.5.25 (Build 344)

Your link partly resolved the issue. (I recreated htaccess, also quick repaired again and rebuilt the language js)

I recreated .htaccess twice, but it generated the file wrong:

END SUGARCRM RESTRICTIONS

instead of

END SUGARCRM RESTRICTIONS

I was able to fix it manually but unfortunately I dont know php well enough to commit the resolution on git by myself.

Now the result is I dont get the “undefined” anymore and all the fields appear, but there is still an error in the console (but I cannot figure out what is affected by it)
Chrome Dev Console:

https://domain.tld/cache/jsLanguage/Leads/en_us.js?v=dhPMlNFmZHUfKQBrGNsXXX 
same for Contacts etc.

access log

[02/Oct/2019:16:01:16 +0200] "GET /cache/jsLanguage/Leads/en_us.js?v=dhPMlNFmZHUfKQBrGNsXXX HTTP/1.0" 404 1213 "https://domain.tld/index.php?action=ajaxui" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"

Not really sure if I should consider it resolved or not.

Edit:
I called it off to early it seems.
The error “undefined” comes only when I want to create a new User (not contact, not lead), but the browser errors come all the time.

I fixed permissions again and set open_basedir to “none” but the errors persist:

GET https://domain.tld/cache/jsLanguage/en_us.js?v=dhPMlNFmZHUfKQBrGNs4WA net::ERR_ABORTED 404 (index.php:35)
GET https://domain.tld/cache/jsLanguage/Contacts/en_us.js?v=dhPMlNFmZHUfKQBrGNs4WA 404 (VM119563:1)

I find this part strange

chown -R myuser:psacln .
chown myuser:psaserv .

Why is that second command?

And more importantly, is “myuser” the user that your web server is running under?

You can check this by going in Admin / Schedulers and looking at the crontab instructions at the bottom - your web server user name is mentioned there

[quote]chown -R myuser:psacln .
chown myuser:psaserv .[/quote]
This is the default config for Plesk servers. Plesk sort of emulates a shared server by segregating the virtual hosts and running them under a separate user. The server is running under myuser, the scheduler section shows this:

In order to run SuiteCRM Schedulers, edit your web server user's crontab file with this command:
sudo crontab -e -u myuser
... and add the following line to the crontab file:
*    *    *    *    *     cd /var/www/vhosts/domain.tld; php -f cron.php > /dev/null 2>&1

As for the permissions (found here)

End of trying-to-fix

I spun up a new copy of SuiteCRM which initially (after install) showed the same undefined. But fixing permissions as stated above did the trick and it shows now “User can access modules and records based on roles.”

Thanks pgr, for bearing with me. All the best

update:
whenever I use new views the cache generates a file in
/var/www/vhosts/domain.tld/cache/jsLanguage and I need to fix permissions again. For example I have a new installation and I now want to enable a connector, it will create a language en_us.js file in /Connectors which has false permissions (644) => and thus throws a 403 in Chrome Dev Console. The file needs to be executable though (permissions 744 or more do work).

I suspect my inital problem was a result of SuiteCRM expecting some files in the cache which I deleted (and forgot about doing so) and the database going out of sync with reality so to say - which resulted in throwing 404 errors.

Hint: I did not apply the .htaccess hotfix from the posts above, but it works nontheless.

Thanks again for your help! Appreciate it a lot.

A couple more things you can check, then:

• the default_permissions entry in your config.php

• the permission to create new files is governed by the permissions on the parent directory. So check if these are sufficient, including the SetOID and SetGID bits which are relevant for this. In short, give it perms like 2755 on the directories.

• have you set up your cron jobs already? If they are running as root, they will mess up your cache. Make sure they run under the same web server user name.

You gave me the solution.

cronjobs:
I indeed used to used root cronjobs but now I changed them to myuser.

permissions:
I did not even know about the first bit before :lol:
I set permissions to 2755 now for normal folders and 2775 for special folders. When a new folder gets created in jsLanguages it gets permissions 2770 (and correct ownership) - which results in 403 in Chrome. If I manually chmod 2775 the folder, no 403 appears even though the file inside has a natural 644 permission (like you said).

Brings me to the point config.php.
‘default_permissions’ =>
array (
‘dir_mode’ => 1528,
‘file_mode’ => 493,
‘user’ => ‘’,
‘group’ => ‘’,
),

According to Sugar Manual 1528 is the decimal value for octal 2770 and if I want octal 2775 I need decimal 1533.

I set it via config_override.php:
$sugar_config[‘default_permissions’][‘dir_mode’] = ‘1533’;
Now everything works fine!

Do you know why 1528 is the standard?

Am I unsafe now? How do you recommend me tighten permissions in general for production system?

Thank you, Sir B-)

For future users: See also this thread

You can type the values in PHP octal notation, which is to start with a 0.

So you write 02755 and PHP will understand correctly (although it will rewrite it as decimal in the next QR&R, but that is not relevant).

I recommend also filling the user and group fields in default_permissions.

About the recommended values, they arent’ very coherent, I’ve seen people recommend different things throughout the years. If you get the ownerships right I think you can drop all the “world” accesses (the final octal digit) to zero, like 750, 770, etc.

were you able to fixed it? I’m dealing with that same problem.

Hey
if you are using suitecrm 7.x
Try fixing you file permissions and repair your htaccess in the admin>repair>repair htaccess

may I know what specific folder that I need to change the permission and what permission is required?

Hey
you need to run these commands in the suitecrm root directory

  sudo chown -R www-data:www-data .
  sudo chmod -R 755 .
  sudo chmod -R 775 cache custom modules themes data upload
  sudo chmod 775 config_override.php 2>/dev/null

replace www-data with the name of your apache user
A shortcut I use to find this user is to look in the scheduler listview

image719×234 5.68 KB

Let me know If I can personally help you further

Hello @pgr , I have same issue, it was working before before I upgrade my 7.10.16 SuiteCRM to version 7.10.36. I can apply same fix?

@waraikobuot
I don’t really know what you mean. I would advise starting your own thread and including a lot more precise information there.

@pgr done sir, please check here 403 Forbidden after updating SuiteCRM from 7.10.16 to 7.10.36