Forums | Mahara Community
Support
/
Access denied on File uploaded
05 May 2009, 5:29
Hi Nigel,
I'm still setting up the temp server, but just want to know if anyone can reproduce the same problem as the following. (I tested in clean installed Mahara)
Ubuntu 8.04 LTS Server, Apache 2, PHP 5, MySQL 5, Mahara 1.0.9 and all other minor things...
1) Login as admin, create a user, such as "wilson"
2) Logout admin, and login wilson (skip many standard steps!)
3) create 2 folders a) "test1" and b) "test2 " (yes, with the space at the end)
4) upload anything (e.g. test.doc) to test1 folder
5) create view, drag-n-drop the "folder" to download, click "test1" folder
6) and view the "view", click on the file "test.doc", everything works well as it is.
7) Now, go to "My File" and drag-n-drop the "test.doc" from "test1" to "test2 " folder
8) go back to the view and change the settings of "download" folder from "test1" to "test2 "
9) view the "view" and click the "test.doc"
10) Can you see Access Denied message?
I'm still setting up the temporary server and will not port production data (too big, over 6GB of students upload) because it seems not data related problem.
Thanks a lot!!
Regards,
Wilson.
05 May 2009, 22:44
Hi - thanks for that list of steps - it enabled me to also duplicate the problem against the latest 1.1 stable code. After investigation, I believe the issue is present in all versions of Mahara.
Basically, the key thing here is that you had a file in one folder, you put it in a view, then you moved that file to another folder (things like the name of the folders, or who was doing the moving don't matter). This action causes the artefact parent cache to get out of sync, at least until the next time it is cleaned (this happens every minute at cron).
Normally, what I would expect is that you would see access denied for up to a minute, then it would start working. But if it's still not accessible after a minute, then I would guess that maybe your cron is broken somehow? Even if the RSS feeds are updating, maybe the cron job then crashes when trying to rebuild the artefact parent cache. It would be interesting to see if this is the case, which you can find out if you log the output of the cronjob to a file somewhere.
ANYway. I have produced a patch that will make the behaviour a little smarter. It should make it so that moving files around folders is less likely to cause the access denied issue - but will only be truly effective as long as the cron job is also running.
We're not doing any patches to Mahara 1.0.X apart from security related ones, so the issue won't be patched there. Because it's quite a core change, I'm awaiting the feedback of the other devs before applying it to 1.1_STABLE, but it's already been applied to master. If you want it therefore, you would have to either upgrade to 1.1, or apply it yourself.
Thanks again for the report, and the helpful list of steps
07 May 2009, 0:26
The patch has now been applied to 1.1_STABLE, so it will be in 1.1.4.08 May 2009, 2:25
Hi Nigel,
I also notice there is some instances students' files (no folder under My File) inside some blog post has the same Access Denied problem, but lucky it can be downloaded. I checked the cron, and there is no error returns. I will upgrade to the latest stable in the Summer time because right now is very busy with teachers' assessment.
Thanks for your help and have a nice weekend.
Wilson.
14 May 2009, 3:12
I have a smiliar issue of mahara denying access to a file. I can downlaod it, other admins can download it, but its denying everyone else. What folder is the actual file hosted in? So I could link a forum post with http://blah.blah/blah/blah/file.here ?14 May 2009, 20:26
They're hosted in dataroot, so there's no direct way to access them, this is intentional for security purposes.
Files that you put in your files section are only accessible by you, and admins - but we actually will probably restrict this to just you in future. In order to make a file accessible to someone else, you have to share it through a view. Then the link to the file has to be to artefact/file/download.php?file=[id]&view=[id], where the view ID is that of the view through which the users have access to the file.
16 June 2009, 2:54
Hi,the problem continues. I have just upgrade the version of Mahara, from 1.1.2 to 1.1.4 with no problems, but when i try to access to files uploaded everytime Mahara shows me the error message: Access denied - You do not have access to view this page
like user that have uploaded the file and like admin's site.
any suggestion?
thanks
16 June 2009, 18:52
Hi - are you sure the cron job is running? If it is, every night the permissions will be re-built.
One thing you could do to test if you're having the same problem that the rest of the thread is having, is try moving a file from one folder to another, then seeing if you can access it.
If you're still having problems, then I suspect your problem is unrelated to this issue. It would be good to know more about what you're trying to do in this case - are users having problems seeing their own files, or only other people's files? And if it's just other people's files, what URLs are you using to access them?
18 June 2009, 6:49
Hi Nigel,thanks for your interest.
Yes, the cron is runnig every minut.
Apache shows sometimes this errors:
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] [WAR] f4
(artefact/file/lib.php:797) Undefined variable: owner, referer:
http://servername.ub.edu/admin/site/files.php
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] Call stack (most
recent first):, referer: http://servername.ub.edu/admin/site/files.php
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] *
log_message("Undefined variable: owner", 8, true, true,
"/var/www/mahara/artefact/file/lib.php", 797) at
/var/www/mahara/lib/errors.php:378, referer:
http://servername.ub.edu/admin/site/files.php
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] * error(8,
"Undefined variable: owner", "/var/www/mahara/artefact/file/lib.php",
797, array(size 7)) at /var/www/mahara/artefact/file/lib.php:797,
referer: http://servername.ub.edu/admin/site/files.php
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] *
ArtefactTypeFile::save_uploaded_file("userfile", object(stdClass)) at
/var/www/mahara/artefact/file/upload.php:103, referer:
http://servername.ub.edu/admin/site/files.php
[Thu Jun 18 12:27:23 2009] [error] [client 127.0.0.1] , referer:
http://servername.ub.edu/admin/site/files.php
After upload the file shows like this in maharadata folder:
drwxrwxrwx 2 admincvc admincvc 16 2009-06-18 12:27 .
drwxrwxrwx 28 admincvc admincvc 4096 2009-06-18 13:27 ..
-rwx------ 1 admincvc admincvc 70089 2009-06-18 12:27 253
This is a normal behaviour of the process?
Thanks