errorlog shows a related error but 45 minutes earlier. At this stage there are no more entries in the error log.
[core:crit] [pid 18914:tid 140371516368640] (13)Permission denied: [client XXX:9480] AH00529: /var/www/vhosts/…/cache/jsLanguage/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/vhosts/…/cache/jsLanguage/’ is executable, referer: https://domain.tld/index.php?module=Administration&action=repair
(there is no htaccess file and I doubt there should be in this folder)
What did I do:
I set permissions (Plesk setup)
chown -R myuser:psacln .
chown myuser:psaserv .
chmod -R 755 .
chmod -R 775 cache custom modules themes data upload
chmod 775 config_override.php 2>/dev/null
I applied the fix but as the file is called UpgradeAccess.php I feel like I need to run something to apply the changes?
I tried the quick repair and the system check in the Upgrade Wizard section. But the error is still kinda the same.
some new error arose though: open_basedir restriction
Tue Oct 01 22:01:05.563053 2019] [proxy_fcgi:error] [pid 14931:tid 140400576898816] [client IP:28553] AH01071: Got error 'PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:01:05.564618 2019] [proxy_fcgi:error] [pid 14931:tid 140400576898816] [client IP:28553] AH01071: Got error 'NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:01:30.189670 2019] [proxy_fcgi:error] [pid 14931:tid 140400383719168] [client IP:32665] AH01071: Got error 'PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/en_us.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/de_DE.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(cache/modules/unified_search_modules.php/language/nl_NL.lang.php) is not within the allowed path(s): (/var/www/vhosts/domain.tld/:/tmp/) in /var/www/vhosts/domain.tld/suitecrm.tld/include/SugarObjects/LanguageManager.php on line 179', referer: https://suitecrm.tld/index.php?module=Administration&action=Upgrade
[Tue Oct 01 22:02:26.181015 2019] [core:crit] [pid 14931:tid 140400257840896] (13)Permission denied: [client IP:41827] AH00529: /var/www/vhosts/domain.tld/suitecrm.tld/cache/jsLanguage/UpgradeWizard/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.tld/suitecrm.tld/cache/jsLanguage/UpgradeWizard/' is executable, referer: https://suitecrm.tld/index.php?module=UpgradeWizard&action=index
You are right about something else being needed, please go in Admin / Repairs and run the “rebuild htaccess” action.
If that doesn’t work, check that open_basedir setting in your php.ini. I never heard about it, but maybe there’s something peculiar to your system, coming from that setting. Remember to restart web server if you make any changes to php.ini.
I apologize for overreading: Version 7.11.8 Sugar Version 6.5.25 (Build 344)
Your link partly resolved the issue. (I recreated htaccess, also quick repaired again and rebuilt the language js)
I recreated .htaccess twice, but it generated the file wrong:
END SUGARCRM RESTRICTIONS
instead of
END SUGARCRM RESTRICTIONS
I was able to fix it manually but unfortunately I dont know php well enough to commit the resolution on git by myself.
Now the result is I dont get the “undefined” anymore and all the fields appear, but there is still an error in the console (but I cannot figure out what is affected by it)
Chrome Dev Console:
https://domain.tld/cache/jsLanguage/Leads/en_us.js?v=dhPMlNFmZHUfKQBrGNsXXX
same for Contacts etc.
access log
[02/Oct/2019:16:01:16 +0200] "GET /cache/jsLanguage/Leads/en_us.js?v=dhPMlNFmZHUfKQBrGNsXXX HTTP/1.0" 404 1213 "https://domain.tld/index.php?action=ajaxui" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
Not really sure if I should consider it resolved or not.
Edit:
I called it off to early it seems.
The error “undefined” comes only when I want to create a new User (not contact, not lead), but the browser errors come all the time.
I fixed permissions again and set open_basedir to “none” but the errors persist:
[quote]chown -R myuser:psacln .
chown myuser:psaserv .[/quote]
This is the default config for Plesk servers. Plesk sort of emulates a shared server by segregating the virtual hosts and running them under a separate user. The server is running under myuser, the scheduler section shows this:
In order to run SuiteCRM Schedulers, edit your web server user's crontab file with this command:
sudo crontab -e -u myuser
... and add the following line to the crontab file:
* * * * * cd /var/www/vhosts/domain.tld; php -f cron.php > /dev/null 2>&1
I spun up a new copy of SuiteCRM which initially (after install) showed the same undefined. But fixing permissions as stated above did the trick and it shows now “User can access modules and records based on roles.”
update:
whenever I use new views the cache generates a file in
/var/www/vhosts/domain.tld/cache/jsLanguage and I need to fix permissions again. For example I have a new installation and I now want to enable a connector, it will create a language en_us.js file in /Connectors which has false permissions (644) => and thus throws a 403 in Chrome Dev Console. The file needs to be executable though (permissions 744 or more do work).
I suspect my inital problem was a result of SuiteCRM expecting some files in the cache which I deleted (and forgot about doing so) and the database going out of sync with reality so to say - which resulted in throwing 404 errors.
Hint: I did not apply the .htaccess hotfix from the posts above, but it works nontheless.
the permission to create new files is governed by the permissions on the parent directory. So check if these are sufficient, including the SetOID and SetGID bits which are relevant for this. In short, give it perms like 2755 on the directories.
have you set up your cron jobs already? If they are running as root, they will mess up your cache. Make sure they run under the same web server user name.
cronjobs:
I indeed used to used root cronjobs but now I changed them to myuser.
permissions:
I did not even know about the first bit before :lol:
I set permissions to 2755 now for normal folders and 2775 for special folders. When a new folder gets created in jsLanguages it gets permissions 2770 (and correct ownership) - which results in 403 in Chrome. If I manually chmod 2775 the folder, no 403 appears even though the file inside has a natural 644 permission (like you said).
Brings me to the point config.php.
‘default_permissions’ =>
array (
‘dir_mode’ => 1528,
‘file_mode’ => 493,
‘user’ => ‘’,
‘group’ => ‘’,
),
According to Sugar Manual 1528 is the decimal value for octal 2770 and if I want octal 2775 I need decimal 1533.
I set it via config_override.php:
$sugar_config[‘default_permissions’][‘dir_mode’] = ‘1533’;
Now everything works fine!
Do you know why 1528 is the standard?
Am I unsafe now? How do you recommend me tighten permissions in general for production system?
You can type the values in PHP octal notation, which is to start with a 0.
So you write 02755 and PHP will understand correctly (although it will rewrite it as decimal in the next QR&R, but that is not relevant).
I recommend also filling the user and group fields in default_permissions.
About the recommended values, they arent’ very coherent, I’ve seen people recommend different things throughout the years. If you get the ownerships right I think you can drop all the “world” accesses (the final octal digit) to zero, like 750, 770, etc.
