domgarofalo
asked on
Windows Server 2008 Permission Problem
On the following site:
http://faboh.com/faboh25/
There is a permissions error in the folder that does not allow the folder open a stream and prevents the site from loading. I can connect to the server through Plesk or RDC. Permissions look good from what I can tell. This is site was running on my computer and migrated it to the remote server.
What else should I be checking?
http://faboh.com/faboh25/
There is a permissions error in the folder that does not allow the folder open a stream and prevents the site from loading. I can connect to the server through Plesk or RDC. Permissions look good from what I can tell. This is site was running on my computer and migrated it to the remote server.
What else should I be checking?
Do you know what line 18 of that PHP script reads?
As a test, you could give the "Everyone" group full control and see what happens. That will enable you to determine if it really is the permissions on this folder. I've had it be the inetpub folder or the C:\Windows\System32\inetsr v folder before.
ASKER
Arnold, here is the code for line 18:
require_once JPATH_BASE.'/includes/defi nes.php';
I have confirmed that the file is there.
require_once JPATH_BASE.'/includes/defi
I have confirmed that the file is there.
Run icacls on the includes and the file separately.
To see the permissions on includes does it inherit permissions from parent?
What are the contents of defines? Does it try to include/require a module that is not available on this system?
To see the permissions on includes does it inherit permissions from parent?
What are the contents of defines? Does it try to include/require a module that is not available on this system?
ASKER
Michael,
I don't have an 'Everyone' group that shows up in Group or Usernames on the Security tab.
Is there a way that I could add it?
I don't have an 'Everyone' group that shows up in Group or Usernames on the Security tab.
Is there a way that I could add it?
ASKER
Arnold, could you give me an example of what icacl command to run? I am not very familiar with it.
on the command line(start, run, cmd) navigate to c:\inetpub\vhosts\faboh.co m\httpdocs \faboh25\i ncludes\de fines.php
when in vhosts
icaclc faboh.com
cd faboh.com
icacls httpdocs
cd httpdocs
icacls faboh25
cd faboh25
icacls includes
cd includes
icacls defines.php
when in vhosts
icaclc faboh.com
cd faboh.com
icacls httpdocs
cd httpdocs
icacls faboh25
cd faboh25
icacls includes
cd includes
icacls defines.php
ASKER
Thanks Arnold. I'll do that right away.
What you are looking for is IUSR_systemname having rights.
Compare the results on your home system.
Is your site based in the same location?
Compare the website config on the home system to the one on the server.
Compare the results on your home system.
Is your site based in the same location?
Compare the website config on the home system to the one on the server.
ASKER
Ok, I did it. Still the same thing. Everything processed correctly.
Try php empy page
<? Phpinfo();
?>
<? Phpinfo();
?>
All icacls does is return the permission information, you need to see whether IIS has the requisite permissions. The other thing is to check what defines.php does.
Does your IIs log, look at the error log to see what is going on.
Does your IIs log, look at the error log to see what is going on.
ASKER
ASKER
Here is what the defines.php says.
<?php
/**
* @package Joomla.Site
* @subpackage Application
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
// No direct access.
defined('_JEXEC') or die;
/**
* Joomla! Application define.
*/
//Global definitions.
//Joomla framework path definitions.
$parts = explode(DIRECTORY_SEPARATO R, JPATH_BASE);
//Defines.
define('JPATH_ROOT', implode(DIRECTORY_SEPARATO R, $parts));
define('JPATH_SITE', JPATH_ROOT);
define('JPATH_CONFIGURATIO N', JPATH_ROOT);
define('JPATH_ADMINISTRATO R', JPATH_ROOT . '/administrator');
define('JPATH_LIBRARIES', JPATH_ROOT . '/libraries');
define('JPATH_PLUGINS', JPATH_ROOT . '/plugins' );
define('JPATH_INSTALLATION ', JPATH_ROOT . '/installation');
define('JPATH_THEMES', JPATH_BASE . '/templates');
define('JPATH_CACHE', JPATH_BASE . '/cache');
define('JPATH_MANIFESTS', JPATH_ADMINISTRATOR . '/manifests');
<?php
/**
* @package Joomla.Site
* @subpackage Application
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
// No direct access.
defined('_JEXEC') or die;
/**
* Joomla! Application define.
*/
//Global definitions.
//Joomla framework path definitions.
$parts = explode(DIRECTORY_SEPARATO
//Defines.
define('JPATH_ROOT', implode(DIRECTORY_SEPARATO
define('JPATH_SITE', JPATH_ROOT);
define('JPATH_CONFIGURATIO
define('JPATH_ADMINISTRATO
define('JPATH_LIBRARIES', JPATH_ROOT . '/libraries');
define('JPATH_PLUGINS', JPATH_ROOT . '/plugins' );
define('JPATH_INSTALLATION
define('JPATH_THEMES', JPATH_BASE . '/templates');
define('JPATH_CACHE', JPATH_BASE . '/cache');
define('JPATH_MANIFESTS', JPATH_ADMINISTRATOR . '/manifests');
ASKER
Here's the log from today.
2015-01-01 00:01:56 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue print/plug ins/button s/icons/si mple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6. 1;+WOW64)+ AppleWebKi t/537.36+( KHTML,+lik e+Gecko)+C hrome/34.0 .1847.131+ Safari/537 .36 - - faboh.com 200 0 0 236 10437 556
2015-01-01 00:02:13 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 123.125.71.78 HTTP/1.1 Mozilla/5.0+(compatible;+B aiduspider /2.0;++http://www.baidu.com/search/spider.html) - - www.faboh.com 200 0 64 0 179 1290
2015-01-01 00:03:30 W3SVC5 FABOH2008 184.168.105.182 GET /proxy.php - 80 - 195.91.243.81 HTTP/1.1 Mozilla/5.0+(Windows+NT+6. 1;+WOW64;+ rv:24.0)+G ecko/20100 101+Firefo x/24.0 param1=CookieString RefererString chek.zennolab.com 404 0 64 0 399 215
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5. 1;+rv:29.0 )+Gecko/20 100101+Fir efox/29.0 - - faboh.com 200 0 0 4860 178 1478
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 POST /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5. 1;+rv:29.0 )+Gecko/20 100101+Fir efox/29.0 a9f53da081d866baf6db826a08 490c96=7fb 3c86877d5b 622dec25ba 4eed3cbf8 - faboh.com 303 0 0 391 476 835
2015-01-01 00:07:03 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5. 1;+rv:29.0 )+Gecko/20 100101+Fir efox/29.0 a9f53da081d866baf6db826a08 490c96=7fb 3c86877d5b 622dec25ba 4eed3cbf8 - faboh.com 200 0 0 4960 463 1338
2015-01-01 00:09:52 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 54.224.177.116 HTTP/1.1 Mozilla/5.0+(compatible;+l inkdexbot/ 2.0;++http://www.linkdex.com/bots/) - - faboh.com 200 0 0 6800 175 2874
2015-01-01 00:10:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue print/plug ins/button s/icons/si mple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6. 1;+WOW64)+ AppleWebKi t/537.36+( KHTML,+lik e+Gecko)+C hrome/34.0 .1847.131+ Safari/537 .36 - - faboh.com 500 0 64 0 21896 91022
2015-01-01 00:12:41 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/02-about-us - 80 - 66.249.65.46 HTTP/1.1 Mozilla/5.0+(compatible;+G ooglebot/2 .1;++http://www.google.com/bot.html) - - www.faboh.com 200 0 0 7373 358 4115
2015-01-01 00:14:07 W3SVC5 FABOH2008 184.168.105.182 GET /docs/October2013.pdf - 80 - 180.76.6.136 HTTP/1.1 Mozilla/5.0+(compatible;+B aiduspider /2.0;++http://www.baidu.com/search/spider.html) - - wwww.faboh.com 200 0 64 458752 236 4409
2015-01-01 00:15:54 W3SVC5 FABOH2008 184.168.105.182 GET /robots.txt - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+b ingbot/2.0 ;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 1156 265 49
2015-01-01 00:16:01 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/03-resources/me mbers/beco ming-a-mem ber - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+b ingbot/2.0 ;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 6933 316 997
2015-01-01 00:25:28 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 69.253.215.179 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+ 8_1_1+like +Mac+OS+X) +AppleWebK it/600.1.4 +(KHTML,+l ike+Gecko) +Version/8 .0+Mobile/ 12B435+Saf ari/600.1. 4 - https://www.experts-exchange.com/questions/28589106/Windows-Server-2008-Permission-Problem.html faboh.com 200 0 64 0 446 5414
2015-01-01 00:27:10 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue print/plug ins/button s/icons/si mple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6. 1;+WOW64)+ AppleWebKi t/537.36+( KHTML,+lik e+Gecko)+C hrome/34.0 .1847.131+ Safari/537 .36 - - faboh.com 500 0 64 0 20250 72383
2015-01-01 00:36:53 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25 - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In tel+Mac+OS +X+10_10_1 )+AppleWeb Kit/537.36 +(KHTML,+l ike+Gecko) +Chrome/39 .0.2171.95 +Safari/53 7.36 becd650dad895babdaf7064434 268714=867 94ea85232b 6a10446664 b01411aff; +__utma=24 957741.186 7704672.14 19987415.1 420055430. 1420066119 .4;+__utmc =24957741; +__utmz=24 957741.141 9987415.1. 1.utmcsr=( direct)|ut mccn=(dire ct)|utmcmd =(none) - faboh.com 301 0 0 397 588 468
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In tel+Mac+OS +X+10_10_1 )+AppleWeb Kit/537.36 +(KHTML,+l ike+Gecko) +Chrome/39 .0.2171.95 +Safari/53 7.36 becd650dad895babdaf7064434 268714=867 94ea85232b 6a10446664 b01411aff; +__utma=24 957741.186 7704672.14 19987415.1 420055430. 1420066119 .4;+__utmc =24957741; +__utmz=24 957741.141 9987415.1. 1.utmcsr=( direct)|ut mccn=(dire ct)|utmcmd =(none) - faboh.com 200 0 0 599 589 3377
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/info.php - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In tel+Mac+OS +X+10_10_1 )+AppleWeb Kit/537.36 +(KHTML,+l ike+Gecko) +Chrome/39 .0.2171.95 +Safari/53 7.36 becd650dad895babdaf7064434 268714=867 94ea85232b 6a10446664 b01411aff; +__utma=24 957741.186 7704672.14 19987415.1 420055430. 1420066119 .4;+__utmc =24957741; +__utmz=24 957741.141 9987415.1. 1.utmcsr=( direct)|ut mccn=(dire ct)|utmcmd =(none) - faboh.com 200 0 0 14897 597 1356
2015-01-01 00:37:31 W3SVC5 FABOH2008 184.168.105.182 HEAD / - 80 - 208.93.104.7 HTTP/1.1 http://www.yellowpages.com/about/legal/crawl - - faboh.com 200 0 0 382 94 1027
2015-01-01 00:45:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue print/plug ins/button s/icons/si mple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6. 1;+WOW64)+ AppleWebKi t/537.36+( KHTML,+lik e+Gecko)+C hrome/34.0 .1847.131+ Safari/537 .36 - - faboh.com 200 0 64 0 20570 31704
2015-01-01 00:01:56 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue
2015-01-01 00:02:13 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 123.125.71.78 HTTP/1.1 Mozilla/5.0+(compatible;+B
2015-01-01 00:03:30 W3SVC5 FABOH2008 184.168.105.182 GET /proxy.php - 80 - 195.91.243.81 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 POST /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.
2015-01-01 00:07:03 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.
2015-01-01 00:09:52 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 54.224.177.116 HTTP/1.1 Mozilla/5.0+(compatible;+l
2015-01-01 00:10:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue
2015-01-01 00:12:41 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/02-about-us - 80 - 66.249.65.46 HTTP/1.1 Mozilla/5.0+(compatible;+G
2015-01-01 00:14:07 W3SVC5 FABOH2008 184.168.105.182 GET /docs/October2013.pdf - 80 - 180.76.6.136 HTTP/1.1 Mozilla/5.0+(compatible;+B
2015-01-01 00:15:54 W3SVC5 FABOH2008 184.168.105.182 GET /robots.txt - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+b
2015-01-01 00:16:01 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/03-resources/me
2015-01-01 00:25:28 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 69.253.215.179 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+
2015-01-01 00:27:10 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue
2015-01-01 00:36:53 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25 - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/info.php - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+In
2015-01-01 00:37:31 W3SVC5 FABOH2008 184.168.105.182 HEAD / - 80 - 208.93.104.7 HTTP/1.1 http://www.yellowpages.com/about/legal/crawl - - faboh.com 200 0 0 382 94 1027
2015-01-01 00:45:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blue
ASKER
I did a search for 'defines.php' in the log and could not find it. There is already a site running in the root of this domain just fine. When I move the folders and files from the 'faboh25' folder to the root I get the same error. I need to get it to work in the 'faboh25' folder before I move it to the root or I will end up with the same problem.
Your issue is a direct result of the defines.php file try accessing it directly, it will prompt you login credentials.
The current defines.php does not prompt for authentication.
Try reapplying the permissions from faboh25 down to the child objects.
The current defines.php does not prompt for authentication.
Try reapplying the permissions from faboh25 down to the child objects.
Defines.php is motte quested by the browser, the index.php and related errors should be in the Iis/php error log
You should remove/disable access to the info.php page.
You should remove/disable access to the info.php page.
ASKER
Arnold, what would be the steps to reapply those permissions?
The includes folder seems to be the one missing access rights.
Using explorer navigate to the faboh25 folder.
Right click on the includes folder and select properties, advanced, make sure it has inherit permission from parent.
Then see.
When you ran icacls,
Presumably the current defines.php file should be the same as the faboh25.
Using explorer navigate to the faboh25 folder.
Right click on the includes folder and select properties, advanced, make sure it has inherit permission from parent.
Then see.
When you ran icacls,
Presumably the current defines.php file should be the same as the faboh25.
ASKER
Arnold, I tried that and I am still having the same problem.
ASKER
Sorry for the delay between posts. I spilled acetone all over the keyboard of my MacBook Air and it totally wrecked it. I am back with a different computer.
Double check the permissions on the includes that currently work versus the ones on the one that does not.
Do you have faboh25 setup as a virtual directory or is the data loaded there
How about the includes?
Trying to figure out the source of the login prompt to the includes within faboh25
If they are virtual directories, make sure anonymous access is allowed, security tab.
Do you have faboh25 setup as a virtual directory or is the data loaded there
How about the includes?
Trying to figure out the source of the login prompt to the includes within faboh25
If they are virtual directories, make sure anonymous access is allowed, security tab.
ASKER
Arnold, is there any way I could give you access to my server without posting the credentials here?
You could email me: aktrader2 at excite.com. Ip and password for a new temporary username eexchange as the username whose logon hours you could limit to a short window (1-2hours) after your post here that email was sent.
ASKER
Arnold, sorry for the delay. I will email you those credentials today.
ASKER
I have send you the information.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you! Is there a way to unencrypt the files. I wonder if my Mac did this when I generated the .zip file.
Are the files encrypted on your mac?
open the zip rather than uncompressing it and see what attributes there are reflected for files in the media folder.
I can not answer what the source of the encryption is.
See whether you can upon login view the contents of the files directly, if you can, that means your user has decryption rights, which means you can uncheck the encrypt (properties of file/directory, advanced, uncheck the encrypt files for security) and apply that should decrypt the files.
make sure to try on a single file if successful run it on the directories. within the faboh25.
open the zip rather than uncompressing it and see what attributes there are reflected for files in the media folder.
I can not answer what the source of the encryption is.
See whether you can upon login view the contents of the files directly, if you can, that means your user has decryption rights, which means you can uncheck the encrypt (properties of file/directory, advanced, uncheck the encrypt files for security) and apply that should decrypt the files.
make sure to try on a single file if successful run it on the directories. within the faboh25.
ASKER
I lost that .zip file with my other computer. I am going to try a couple of things in the server with .zip files and I'll let you know what happens.
Before you go looking at the zip file, check whose certificate is referenced as the encryptor properties of an encrypted file, advanced, details it should tell you whose EFS certificate is allowed to decryp this file.
The encrypt might have been a simple error i.e. the user with which you logged in and unzipped the files, could be the user for whom the system generated and created the EFS cert and whose cert was used to decrypt.
I remember you mentioned spilling acetone on the keyboard, is the mac done for?
Do you have the zip file on this system still where you uncompressed the data?
The encrypt might have been a simple error i.e. the user with which you logged in and unzipped the files, could be the user for whom the system generated and created the EFS cert and whose cert was used to decrypt.
I remember you mentioned spilling acetone on the keyboard, is the mac done for?
Do you have the zip file on this system still where you uncompressed the data?
ASKER
I checked for the certificate in the encryptor properties, couldn't find anything.
As far as I know, Mac doesn't encrypt the files when it creates a .zip file unless you specifically add it.
Yes, the Mac is done for. The .zip file is on the desktop, I took it out of the Recycle Bin.
As far as I know, Mac doesn't encrypt the files when it creates a .zip file unless you specifically add it.
Yes, the Mac is done for. The .zip file is on the desktop, I took it out of the Recycle Bin.
look at the rdp connection under the username you sent me. The encryption was done by domgarofalo.
Login as that user, and you should be able to decrypt those files.
Under the user you provided, I did not have access to the Zip.
properties of a file, advanced, detail will show you who encrypted the files.
Login as that user, and you should be able to decrypt those files.
Under the user you provided, I did not have access to the Zip.
properties of a file, advanced, detail will show you who encrypted the files.
ASKER
Arnold, I logged in and decrypted the files. Same error still. Good news though, in IIS Manager under Authentication I disabled Windows Authentication and the faboh26 folder works now! I still have no ideal how the files in faboh25 were encrypted.
It looks like the user when creating the faboh25 folder, you might have checked the encrypt contents option it could have been through the app you were using to unzip/uncompress the zip file. no way to know. i.e. the app has an option to set attributes on the folders to which it is extracting data one of which is encrypt contents.
The difficulty to explain why the decrypted files resulted in the same error is not clear. i.e. whether not all files decrypted or the attempt did not go well, or something else is still interferring with the access .......
glad you have it resolved by using a new directory tree with.
Windows authentication is only an issue when anonymous access is not automatically granted.
The difficulty to explain why the decrypted files resulted in the same error is not clear. i.e. whether not all files decrypted or the attempt did not go well, or something else is still interferring with the access .......
glad you have it resolved by using a new directory tree with.
Windows authentication is only an issue when anonymous access is not automatically granted.
ASKER
Great Expert!
It is likely a path related error that you missed
i.e. require or include "path/to/the/file" which works on your home system, but on this system the path/to/the/file is incorrect.
look at the file contents then see whether the required/include item is available on the remote system.
C:\Inetpub\vhosts\faboh.co
does this file exist as listed on the server where it is generating the error?