Access Denied

Permalink
I moved my website from one URL to another. The site is up and working. When I log in and click on the toolbox icon, I get the message access denied.

I also connected the site to the Concrete5 Community, but it does not appear on my project list. This means I cannot assign my theme license to the new URL.

Any help greatly appreciated! Thanks

johnmbrimelow
 
ob7dev replied on at Permalink Reply
ob7dev
Do you have access to the server and files? You can start by removing the canonical URL saved in plain text in the application/config directory and then clear the cache using ./bin/concrete5 if you have ssh access to the host.
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
After doing quite a bit of testing (and trying out flushing the cache,
and checking the config files as per forum suggestions) heres what
I'm finding:

That user permission issue seems to be stemming from it losing its
"Groups" designation.

I was able to manually add that user back to the administrator, and
resolve that access denied issue, only to have it return a few minutes
later. I was unable to find out WHY its clearing the user group, but it does appear that whatever is causing that is the main issue.
JohntheFish replied on at Permalink Reply
JohntheFish
If this is server user and groups, you are best contacting your host support to get it resolved.

Ideally, the web server user (often a Mr 'apache' ) should own all files and directories beneath the web root.

Some hosts are set up so that a separate 'account_name' user owns the files/directories, or an ftp user_name owns the files/directories, and those users together with the web server user are in a common group with group permissions for the web server user to read/write the files/directories.
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
Here's the response I received from Dreamhost. I still cannot link the site to C5 or access the control panel. Upon login, I'm still getting Access Denied when I select the toolbox, top left.
The response from DH:
The second part of what C5 said above is how it's generally setup:

ps605491:/home/atamirac#
drwxr-xr-x 6 atamirac pg193144 4.0K Jan 11 10:32 werexperiential.com

The first batch of letters are for the directory permissions online. The
permissions C5 referred to were the user/group permissions, which in this
case would be:

atamirac/pg193144

Your domain has the user/group permissions above set by default when the
domain is created. However, the site install itself will apply
permissions to the files depending on what the file is for. For example:

drwxr-xr-x 21 atamirac pg193144 4.0K May 23 2016 concrete

So, C5 should be applying their base install files using the correct
user/group permissions to set on the files and folders for it. So, that
looks to be okay. Their install should also apply the correct web
permissions for read/write/execute depending on the file as well.
JohntheFish replied on at Permalink Reply
JohntheFish
Dreamhost have told you what the account permissions should be and that when c5 is installed directly in the account, that c5 will have the correct permissions.
You need to locate the files that you are getting the permission errors on and check their permissions and ownership against the above. Because you didn't install c5 directly, but copied from another install, the possibility is that some of the permissions do not match what is required.
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
Since I have clients who are looking at the website, I'm loathe to jump into the deep end and possibly break something.
Interestingly, I did manage to access the control panel through the TOR browser. Chrome, Firefox and Safari all gave me "access denied" even with clearing all cache and history. TOR then became unusable as well. While I had a connection on TOR, I assigned the site to C5 and got a C5 code link to projects. This however took me back to the original URL. I think this break is the crux of my problem. I don't know how to work around a fix for this.
If it helps, here's a snapshot of my environment I copied while I had access:
# concrete5 Version
Core Version - 5.7.5.13
Version Installed - 5.7.5.13
Database Version - 20160615000000

# concrete5 Packages
Framework Theme (1.7.7), Neat (0.9.2), Simple Anchor (1.0.1), Spacer (0.9.4), Vimeo Video (1.0.2)

# concrete5 Overrides
languages/cs_CZ/LC_MESSAGES/messages.mo, languages/cs_CZ/LC_MESSAGES, languages/cs_CZ, languages/da_DK/LC_MESSAGES/messages.mo, languages/da_DK/LC_MESSAGES, languages/da_DK, languages/de_DE/LC_MESSAGES/messages.mo, languages/de_DE/LC_MESSAGES, languages/de_DE, languages/el_GR/LC_MESSAGES/messages.mo, languages/el_GR/LC_MESSAGES, languages/el_GR, languages/es_PY/LC_MESSAGES/messages.mo, languages/es_PY/LC_MESSAGES, languages/es_PY, languages/fi_FI/LC_MESSAGES/messages.mo, languages/fi_FI/LC_MESSAGES, languages/fi_FI, languages/fr_FR/LC_MESSAGES/messages.mo, languages/fr_FR/LC_MESSAGES, languages/fr_FR, languages/it_IT/LC_MESSAGES/messages.mo, languages/it_IT/LC_MESSAGES, languages/it_IT, languages/ja_JP/LC_MESSAGES/messages.mo, languages/ja_JP/LC_MESSAGES, languages/ja_JP, languages/pt_BR/LC_MESSAGES/messages.mo, languages/pt_BR/LC_MESSAGES, languages/pt_BR, languages/ru_RU/LC_MESSAGES/messages.mo, languages/ru_RU/LC_MESSAGES, languages/ru_RU, languages/sv_SE/LC_MESSAGES/messages.mo, languages/sv_SE/LC_MESSAGES, languages/sv_SE, languages/tr_TR/LC_MESSAGES/messages.mo, languages/tr_TR/LC_MESSAGES, languages/tr_TR, languages/cs_CZ/LC_MESSAGES/messages.mo, languages/cs_CZ/LC_MESSAGES, languages/cs_CZ, languages/da_DK/LC_MESSAGES/messages.mo, languages/da_DK/LC_MESSAGES, languages/da_DK, languages/de_DE/LC_MESSAGES/messages.mo, languages/de_DE/LC_MESSAGES, languages/de_DE, languages/el_GR/LC_MESSAGES/messages.mo, languages/el_GR/LC_MESSAGES, languages/el_GR, languages/es_PY/LC_MESSAGES/messages.mo, languages/es_PY/LC_MESSAGES, languages/es_PY, languages/fi_FI/LC_MESSAGES/messages.mo, languages/fi_FI/LC_MESSAGES, languages/fi_FI, languages/fr_FR/LC_MESSAGES/messages.mo, languages/fr_FR/LC_MESSAGES, languages/fr_FR, languages/it_IT/LC_MESSAGES/messages.mo, languages/it_IT/LC_MESSAGES, languages/it_IT, languages/ja_JP/LC_MESSAGES/messages.mo, languages/ja_JP/LC_MESSAGES, languages/ja_JP, languages/pt_BR/LC_MESSAGES/messages.mo, languages/pt_BR/LC_MESSAGES, languages/pt_BR, languages/ru_RU/LC_MESSAGES/messages.mo, languages/ru_RU/LC_MESSAGES, languages/ru_RU, languages/sv_SE/LC_MESSAGES/messages.mo, languages/sv_SE/LC_MESSAGES, languages/sv_SE, languages/tr_TR/LC_MESSAGES/messages.mo, languages/tr_TR/LC_MESSAGES, languages/tr_TR

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - Off
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
7.0.32

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, json, libxml, mbstring, mcrypt, memcached, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, pspell, Reflection, session, SimpleXML, soap, sockets, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib

# PHP Settings
max_execution_time - 30
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - -1
max_input_vars - 1000
memory_limit - 90M
post_max_size - 65M
sql.safe_mode - Off
upload_max_filesize - 64M
memcached.sess_lock_max_wait - not set
memcached.sess_lock_wait_max - 2000
memcached.sess_server_failure_limit - 0
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 1440
soap.wsdl_cache_limit - 5
echan101 replied on at Permalink Reply
> Since I have clients who are looking at the website, I'm loathe to jump into the deep end and possibly break something.

Yes this is very important.

To avoid any downtime, you could create a local copy on your computer. Here are some instructions to try :

IF YOU USE SOFTACULOUS (I haven't validated these instructions):

1. Download AMPPS to your local machine
2. Install AMPPS.
3. In AMPPS > Softaculous, install Concrete5.
4. Make a note of the Installation ID of your backup file. The installation id is in the name of the backup zip that you have copied of your old installation. It's the first number in the filename. For instance, if your backup zip is "concrete.5.2011-05-10_09-07-04.zip" then the new installation id is "5". You can also see the installation id when you click on the backup link of the server installation - the last characters in the url will be your id. For eg: "backup&insid=106" in this case 106 is the id.
5. The backup will be recognized if the installation id of the installation on live server and localhost are the same. You will need to edit the installation id of the installation in .softaculous/installations.php for that installation and then the backups will be reading on your local server as well.
6. Place the zip in the softaculous_backups folder
7. In Softaculous, restore your Concrete installation.
8. You may need to create the MySQL database - I don't quite know how Softaculous restore works. Anyway the database name is in softsql.sql and the database username and password is in \application\config\database.php

IF YOU WANT TO RESTORE MANUALLY

1. Download the Concrete5 local installer herehttps://bitnami.com/stack/concrete5/installer... . There is also a Virtual Machine available if you prefer.
2. Install Concrete5.
3. Read the Bitnami instructions:https://docs.bitnami.com/general/apps/concrete5/...
4. Do not install Sample data.
5. Do not deploy to Bitnami.
6. For the Apache firewall settings, only allow access from Private networks.
7. Start the stack.
8. For security make the Apache Service and MySQL Service start manually: Win + R > "services.msc" > look for the two concrete5 services > set to manual
9. Navigate to C:\Bitnami\concrete5-8.4.3-2\apps\concrete5\htdocs
10. Using 7-zip, extract the backup of the Concrete5 instance into this folder, so that the folders are overwritten
11. Open phpMyAdmin
12. Enter in credentials (username: root; password: same as password entered during installation (even if username is different, the password is the same))
13. Create the database table (this info should be in your sql backup, if you can't find this info then just try the next step and it'll tell you the name of the table that is missing).
14. Click on the database table you created.
15. then Import the mySQL database.
16. Make note of the database username and password in \application\config\database.php
17. In phpMyAdmin, click on the database you created, and add the new database user account (to this database).

MAKE SURE YOU PERFORM THE FOLLOWING STEPS AFTER THIS IN EITHER CASE:

1. Delete the cache by executing the following commands (it is important to use these specific folders for the command to work):
cd C:\Bitnami\concrete5-8.4.3-2\php
..\apps\concrete5\htdocs\concrete\bin\concrete5 c5:clear-cache
Alternatively, delete the folder and its contents in the following folder: \application\files\cache

2. Remove "Pretty URLs" (which would otherwise remove index.php from the URLs and make the backup unusable):
cd C:\Bitnami\concrete5-8.4.3-2\php
..\apps\concrete5\htdocs\concrete\bin\concrete5 c5:config set -g concrete.seo.url_rewriting false
Alternatively edit the file: \application\config\generated_overrides\concrete.php
'seo' => [
    'redirect_to_canonical_url' => 0,
    'url_rewriting' => false,
],

3. Turn off canonical URLs, otherwise all the pages will be redirected to your old domain. To do this, edit the file: \application\config\generated_overrides\site.php
'seo' => [
   'canonical_url' => '',
   'canonical_url_alternative' => '',
   'canonical_tag' => [
       'enabled' => true,
   ],
],
echan101 replied on at Permalink Reply
Once you get it up and running, log into Concrete5 and clear the cache from the Dashboard. This is important because the Block Cache is not stored in \application\files\cache.
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
The main takeaway from the Dreamhost comment...
reach out to the concrete5 community to see if there
is some security mechanism that may be preventing you from accessing the
backend

I think this is the crux of the problem. I don't have any error logs to judge, just no access to edit the site or to link it to C5.

The rest of the Dreamhost response:
I am so sorry you are having trouble with your Concrete5 Installation! :(

Are you stating you are getting a Access denied after logging into
Concrete5? I see there was a bug reported in one of the 8.x versions, but
you state you are using 5.7? I am not too familiar with Concrete5 and
recommend that you reach out to the concrete5 community to see if there
is some security mechanism that may be preventing you from accessing the
backend. It is possible that your IP was blocked and may need to be
removed in the database. Please contact the community once more to see if
they can provide more information on the issue. If there is anything else
you need help with, please let me know! Thanks! Have a great day!
echan101 replied on at Permalink Reply
Could you please try the following:
1. Delete the cache folder and its contents in the following folder:
\application\files\cache


2. Remove "Pretty URLs" (which would otherwise remove index.php from the URLs and make the backup unusable):
\application\config\generated_overrides\concrete.php
'seo' => [
    'redirect_to_canonical_url' => 0,
    'url_rewriting' => false,
],


3. Turn off canonical URLs, otherwise all the pages will be redirected to your old domain. To do this, edit the file:
\config\generated_overrides\site.php

'seo' => [
   'canonical_url' => '',
   'canonical_url_alternative' => '',
   'canonical_tag' => [
       'enabled' => true,
   ],
],
echan101 replied on at Permalink Reply
4. Rename \.htaccess to something different (just in case this is redirecting things, and Concrete5 may add some config in their for pretty URLs).
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
wonder if the underlying issue could be solved by releasing the original URL project from C5?
echan101 replied on at Permalink Reply
>> I wonder if the underlying issue could be solved by releasing the original URL project from C5?

No this won't solve the issue.
johnmbrimelow replied on at Permalink Reply
johnmbrimelow
I moved my site to a new URL. I connected the new site to the community but the old URL is found when clicking on the link to community. I understand I need to release the old URL from the community. Here's my question: what's the order for release/restore? My assumption is to first release all themes and add-ons from the old URL, then delete the URL/project from my C5 projects, then release the new URL from the old C5 projects. I would then clear the new URL cache, connect the project to the community, then, hopefully, the new URL will show up under my projects and I'd then be able to re-connect my add-ons and theme licenses. Is this a correct assumption for the steps?
echan101 replied on at Permalink Reply
This is in the wrong thread and it won't solve your permissions problem.
typoman76 replied on at Permalink Reply
typoman76
Let me add a note to this thread. I had the same message after moving a site to a new server. The site was working, login was working but every dashboad-page was shown with "Access Denied".
In our case the php settings were set as PHP FPM and the solution was to switch to PHP FastCGI. (As far as I understand this changes under which user concrete5 can access the files. And PHP FastCGI is running the files und my user permissions).
Perhaps this is helping somebody on googling.
There are other helpful tipps in this thread too.