Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 159
  • Last Modified:

Windows Server 2008 Permission Problem

On the following site:

http://faboh.com/faboh25/

There is a permissions error in the folder that does not allow the folder open a stream and prevents the site from loading. I can connect to the server through Plesk or RDC. Permissions look good from what I can tell. This is site was running on my computer and migrated it to the remote server.

What else should I be checking?
0
domgarofalo
Asked:
domgarofalo
  • 20
  • 16
  • +1
1 Solution
 
arnoldCommented:
what is line 18 in the PHP code what does it try to access and where is that file located?
It is likely a path related error that you missed
i.e. require or include "path/to/the/file" which works on your home system, but on this system the path/to/the/file is incorrect.
look at the file contents then see whether the required/include item is available on the remote system.

C:\Inetpub\vhosts\faboh.com\httpdocs\faboh25/includes/defines.php
does this file exist as listed on the server where it is generating the error?
0
 
rharland2009Commented:
Do you know what line 18 of that PHP script reads?
0
 
Michael DyerSenior Systems Support AnalystCommented:
As a test, you could give the "Everyone" group full control and see what happens.  That will enable you to determine if it really is the permissions on this folder.  I've had it be the inetpub folder or the C:\Windows\System32\inetsrv folder before.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
domgarofaloAuthor Commented:
Arnold, here is the code for line 18:

      require_once JPATH_BASE.'/includes/defines.php';

I have confirmed that the file is there.
0
 
arnoldCommented:
Run icacls on the includes and the file separately.
To see the permissions on includes does it inherit permissions from parent?

What are the contents of defines? Does it try to include/require a module that is not available on this system?
0
 
domgarofaloAuthor Commented:
Michael,

I don't have an 'Everyone' group that shows up in Group or Usernames on the Security tab.
Is there a way that I could add it?
0
 
domgarofaloAuthor Commented:
Arnold, could you give me an example of what icacl command to run? I am not very familiar with it.
0
 
arnoldCommented:
on the command line(start, run, cmd) navigate to c:\inetpub\vhosts\faboh.com\httpdocs\faboh25\includes\defines.php
when in vhosts
icaclc faboh.com
cd faboh.com
icacls httpdocs
cd httpdocs
icacls faboh25
cd faboh25
icacls includes
cd includes
icacls defines.php
0
 
domgarofaloAuthor Commented:
Thanks Arnold. I'll do that right away.
0
 
arnoldCommented:
What you are looking for is IUSR_systemname having rights.
Compare the results on your home system.

Is your site based in the same location?
Compare the website config on the home system to the one on the server.
0
 
domgarofaloAuthor Commented:
Ok, I did it. Still the same thing. Everything processed correctly.
0
 
arnoldCommented:
Try php empy page
<? Phpinfo();
?>
0
 
arnoldCommented:
All icacls does is return the permission information, you need to see whether IIS has the requisite permissions.  The other thing is to check what defines.php does.

Does your IIs log, look at the error log to see what is going on.
0
 
domgarofaloAuthor Commented:
Arnold, here is what the info page says.

http://faboh.com/faboh25/info.php
0
 
domgarofaloAuthor Commented:
Here is what the defines.php says.

<?php
/**
 * @package            Joomla.Site
 * @subpackage      Application
 * @copyright      Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
 * @license            GNU General Public License version 2 or later; see LICENSE.txt
 */

// No direct access.
defined('_JEXEC') or die;

/**
 * Joomla! Application define.
 */

//Global definitions.
//Joomla framework path definitions.
$parts = explode(DIRECTORY_SEPARATOR, JPATH_BASE);

//Defines.
define('JPATH_ROOT',                  implode(DIRECTORY_SEPARATOR, $parts));

define('JPATH_SITE',                  JPATH_ROOT);
define('JPATH_CONFIGURATION',      JPATH_ROOT);
define('JPATH_ADMINISTRATOR',      JPATH_ROOT . '/administrator');
define('JPATH_LIBRARIES',            JPATH_ROOT . '/libraries');
define('JPATH_PLUGINS',                  JPATH_ROOT . '/plugins'  );
define('JPATH_INSTALLATION',      JPATH_ROOT . '/installation');
define('JPATH_THEMES',                  JPATH_BASE . '/templates');
define('JPATH_CACHE',                  JPATH_BASE . '/cache');
define('JPATH_MANIFESTS',            JPATH_ADMINISTRATOR . '/manifests');
0
 
domgarofaloAuthor Commented:
Here's the log from today.

2015-01-01 00:01:56 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 0 236 10437 556
2015-01-01 00:02:13 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 123.125.71.78 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - www.faboh.com 200 0 64 0 179 1290
2015-01-01 00:03:30 W3SVC5 FABOH2008 184.168.105.182 GET /proxy.php - 80 - 195.91.243.81 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0 param1=CookieString RefererString chek.zennolab.com 404 0 64 0 399 215
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 - - faboh.com 200 0 0 4860 178 1478
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 POST /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 303 0 0 391 476 835
2015-01-01 00:07:03 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 200 0 0 4960 463 1338
2015-01-01 00:09:52 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 54.224.177.116 HTTP/1.1 Mozilla/5.0+(compatible;+linkdexbot/2.0;++http://www.linkdex.com/bots/) - - faboh.com 200 0 0 6800 175 2874
2015-01-01 00:10:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 21896 91022
2015-01-01 00:12:41 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/02-about-us - 80 - 66.249.65.46 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.faboh.com 200 0 0 7373 358 4115
2015-01-01 00:14:07 W3SVC5 FABOH2008 184.168.105.182 GET /docs/October2013.pdf - 80 - 180.76.6.136 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - wwww.faboh.com 200 0 64 458752 236 4409
2015-01-01 00:15:54 W3SVC5 FABOH2008 184.168.105.182 GET /robots.txt - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 1156 265 49
2015-01-01 00:16:01 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/03-resources/members/becoming-a-member - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 6933 316 997
2015-01-01 00:25:28 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 69.253.215.179 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+8_1_1+like+Mac+OS+X)+AppleWebKit/600.1.4+(KHTML,+like+Gecko)+Version/8.0+Mobile/12B435+Safari/600.1.4 - http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28589106.html faboh.com 200 0 64 0 446 5414
2015-01-01 00:27:10 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 20250 72383
2015-01-01 00:36:53 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25 - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 301 0 0 397 588 468
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 599 589 3377
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/info.php - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 14897 597 1356
2015-01-01 00:37:31 W3SVC5 FABOH2008 184.168.105.182 HEAD / - 80 - 208.93.104.7 HTTP/1.1 http://www.yellowpages.com/about/legal/crawl - - faboh.com 200 0 0 382 94 1027
2015-01-01 00:45:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 64 0 20570 31704
0
 
domgarofaloAuthor Commented:
I did a search for 'defines.php' in the log and could not find it. There is already a site running in the root of this domain just fine. When I move the folders and files from the 'faboh25' folder to the root I get the same error. I need to get it to work in the 'faboh25' folder before I move it to the root or I will end up with the same problem.
0
 
arnoldCommented:
Your issue is a direct result of the defines.php file try accessing it directly, it will prompt you login credentials.
The  current defines.php does not prompt for authentication.
Try reapplying the permissions from faboh25 down to the child objects.
0
 
arnoldCommented:
Defines.php is motte quested by the browser, the index.php and related errors should be in the Iis/php error log

You should remove/disable access to the info.php page.
0
 
domgarofaloAuthor Commented:
Arnold, what would be the steps to reapply those permissions?
0
 
arnoldCommented:
The includes folder seems to be the one missing access rights.

Using explorer navigate to the faboh25 folder.
Right click on the includes folder and select properties, advanced, make sure it has inherit permission from parent.
Then see.

When you ran icacls,
Presumably the current defines.php file should be the same as the faboh25.
0
 
domgarofaloAuthor Commented:
Arnold, I tried that and I am still having the same problem.
0
 
domgarofaloAuthor Commented:
Sorry for the delay between posts. I spilled acetone all over the keyboard of my MacBook Air and it totally wrecked it. I am back with a different computer.
0
 
arnoldCommented:
Double check the permissions on the includes that currently work versus the ones on the one that does not.

Do you have faboh25 setup as a virtual directory or is the data loaded there
How about the includes?
Trying to figure out the source of the login prompt to the includes within faboh25

If they are virtual directories, make sure anonymous access is allowed, security tab.
0
 
domgarofaloAuthor Commented:
Arnold, is there any way I could give you access to my server without posting the credentials here?
0
 
arnoldCommented:
You could email me: aktrader2 at excite.com. Ip and password for a new temporary username  eexchange as the username whose logon hours you could limit to a short window (1-2hours) after your post here that email was sent.
0
 
domgarofaloAuthor Commented:
Arnold, sorry for the delay. I will email you those credentials today.
0
 
domgarofaloAuthor Commented:
I have send you the information.
0
 
arnoldCommented:
Dom,

The issue is that all the directories and their contents under the faboh25 directory are marked as encrypted.
IIS when accessing these can not decrypt them which is why it generates a prompt to the viewer for authentication.  The system can not generate an authentication request to a non-interactive session which is what index.php's include includes/defines.php tries to do. in this server transaction the result is immidiate, access denied. and the error is displayed in the browser.

http://www.faboh.com/faboh25/media and any other directory there will generate the same prompt.
0
 
domgarofaloAuthor Commented:
Thank you! Is there a way to unencrypt the files. I wonder if my Mac did this when I generated the .zip file.
0
 
arnoldCommented:
Are the files encrypted on your mac?
open the zip rather than uncompressing it and see what attributes there are reflected for files in the media folder.

I can not answer what the source of the encryption is.
See whether you can upon login view the contents of the files directly, if you can, that means your user has decryption rights, which means you can uncheck the encrypt (properties of file/directory, advanced, uncheck the encrypt files for security) and apply that should decrypt the files.
make sure to try on a single file if successful run it on the directories. within the faboh25.
0
 
domgarofaloAuthor Commented:
I lost that .zip file with my other computer. I am going to try a couple of things in the server with .zip files and I'll let you know what happens.
0
 
arnoldCommented:
Before you go looking at the zip file, check whose certificate is referenced as the encryptor properties of an encrypted file, advanced, details it should tell you whose EFS certificate is allowed to decryp this file.

The encrypt might have been a simple error i.e. the user with which you logged in and unzipped the files, could be the user for whom the system generated and created the EFS cert and whose cert was used to decrypt.

I remember you mentioned spilling acetone on the keyboard, is the mac done for?

Do you have the zip file on this system still where you uncompressed the data?
0
 
domgarofaloAuthor Commented:
I checked for the certificate in the encryptor properties, couldn't find anything.

As far as I know, Mac doesn't encrypt the files when it creates a .zip file unless you specifically add it.

Yes, the Mac is done for. The .zip file is on the desktop, I took it out of the Recycle Bin.
0
 
arnoldCommented:
look at the rdp connection under the username you sent me.  The encryption was done by domgarofalo.
Login as that user, and you should be able to decrypt those files.

Under the user you provided, I did not have access to the Zip.

properties of a file, advanced, detail will show you who encrypted the files.
0
 
domgarofaloAuthor Commented:
Arnold, I logged in and decrypted the files. Same error still. Good news though, in IIS Manager under Authentication I disabled Windows Authentication and the faboh26 folder works now! I still have no ideal how the files in faboh25 were encrypted.
0
 
arnoldCommented:
It looks like the user when creating the faboh25 folder, you might have checked the encrypt contents option it could have been through the app you were using to unzip/uncompress the zip file.  no way to know. i.e. the app has an option to set attributes on the folders to which it is extracting data one of which is encrypt contents.

The difficulty to explain why the decrypted files resulted in the same error is not clear. i.e. whether not all files decrypted or the attempt did not go well, or something else is still interferring with the access .......

glad you have it resolved by using a new directory tree with.
Windows authentication is only an issue when anonymous access is not automatically granted.
0
 
domgarofaloAuthor Commented:
Great Expert!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 20
  • 16
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now