You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
#1 2015-10-02 12:24:48
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
GLPI-v0.90-master - new install for files web access issue .htaccess
Dear Brother,
We try to new install the glpi-master, and found the NEW GLPI-SETUP have a Error of following
Test Done: Web access to files directory is protected
Test Result: Web access to the files directory, should not be allowed Check the .htaccess file and the web server configuration.
After we change the config/ files/ files/* to 777 permission will prompt the error.
Thanks & Regards,
James Chim
Last edited by JamesChimHK (2015-10-02 12:34:57)
Offline
#2 2015-10-02 12:25:39
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Detail of GLPI New Install (After change the Permission)
Checking of the compatibility of your environment with the execution of GLPI
Test done Results
Testing PHP Parser PHP version is at least 5.4.0 - Perfect!
Test Ok - the MySQLi class exist - Perfect!
Sessions test Sessions support is available - Perfect!
Test if Session_use_trans_sid is used Ok - the sessions works (no problem with trans_id) - Perfect!
magic_quotes_sybase extension test The magic_quotes_sybase option isn't active on your server - Perfect!
Test ctype functions The functionality is found - Perfect!
Fileinfo extension test The functionality is found - Perfect!
Test json functions The functionality is found - Perfect!
Mbstring extension test The functionality is found - Perfect!
GD extension test The functionality is found - Perfect!
Zlib extension test The functionality is found - Perfect!
Allocated memory test Allocated memory > 64MB - Perfect!
Checking write permissions for setting files A file and a directory have be created and deleted - Perfect!
Checking write permissions for document files A file and a directory have be created and deleted - Perfect!
Checking write permissions for dump files A file and a directory have be created and deleted - Perfect!
Checking write permissions for session files A file and a directory have be created and deleted - Perfect!
Checking write permissions for automatic actions files A file and a directory have be created and deleted - Perfect!
Checking write permissions for cache files A file and a directory have be created and deleted - Perfect!
Checking write permissions for graphic files A file and a directory have be created and deleted - Perfect!
Checking write permissions for lock files A file and a directory have be created and deleted - Perfect!
Checking write permissions for plugins document files A file and a directory have be created and deleted - Perfect!
Checking write permissions for temporary files A file and a directory have be created and deleted - Perfect!
Checking write permissions for rss files A file and a directory have be created and deleted - Perfect!
Checking write permissions for upload files A file and a directory have be created and deleted - Perfect!
Checking write permissions for picture files A file and a directory have be created and deleted - Perfect!
Checking write permissions for log files A file was created - Perfect!
Web access to files directory is protected
Web access to the files directory, should not be allowed
Check the .htaccess file and the web server configuration.
SELinux mode is Disabled Disabled
Last edited by JamesChimHK (2015-10-02 12:26:50)
Offline
#3 2015-10-02 12:30:46
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Detail of GLPI SETUP New Install (Before change the Permission)
Step 0
Checking of the compatibility of your environment with the execution of GLPI
Test done Results
Testing PHP Parser PHP version is at least 5.4.0 - Perfect!
Test Ok - the MySQLi class exist - Perfect!
Sessions test Sessions support is available - Perfect!
Test if Session_use_trans_sid is used Ok - the sessions works (no problem with trans_id) - Perfect!
magic_quotes_sybase extension test The magic_quotes_sybase option isn't active on your server - Perfect!
Test ctype functions The functionality is found - Perfect!
Fileinfo extension test The functionality is found - Perfect!
Test json functions The functionality is found - Perfect!
Mbstring extension test The functionality is found - Perfect!
GD extension test The functionality is found - Perfect!
Zlib extension test The functionality is found - Perfect!
Allocated memory test Allocated memory > 64MB - Perfect!
Checking write permissions for setting files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/config'
Checking write permissions for document files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files'
Checking write permissions for dump files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_dumps'
Checking write permissions for session files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_sessions'
Checking write permissions for automatic actions files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_cron'
Checking write permissions for cache files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_cache/'
Checking write permissions for graphic files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_graphs'
Checking write permissions for lock files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_lock'
Checking write permissions for plugins document files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_plugins'
Checking write permissions for temporary files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_tmp'
Checking write permissions for rss files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_rss'
Checking write permissions for upload files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_uploads'
Checking write permissions for picture files
The directory could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_pictures'
Checking write permissions for log files
The file could not be created.
Check permissions of directory: /var/www/html/glpi-master/files/_log
Web access to files directory is protected Web access to files directory is protected
SELinux mode is Disabled Disabled
Offline
#4 2015-10-02 13:01:48
- yllen
- GLPI-DEV
- From: Sillery (51)
- Registered: 2008-01-14
- Posts: 15,278
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
777 for files ? Very very very bad for security!
For installation files and config directories need to have Apache as owner in recursive (all sub directory for files)
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
#5 2015-10-03 09:12:39
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Dear yllen,
we use the centos 7 linux as the glpi server. and following below steps
1. tar -zxvf glpi-master.tar.gz
2. chown -R apache:apache glpi-master
3. mv glpi-master /var/www/html
4. open the browse and enter the http://localhost/glpi-master
5. click English -> Install
6. the screen will show the error/warning
Checking of the compatibility of your environment with the execution of GLPI
Test done Results
Testing PHP Parser PHP version is at least 5.4.0 - Perfect!
Test Ok - the MySQLi class exist - Perfect!
Sessions test Sessions support is available - Perfect!
Test if Session_use_trans_sid is used Ok - the sessions works (no problem with trans_id) - Perfect!
magic_quotes_sybase extension test The magic_quotes_sybase option isn't active on your server - Perfect!
Test ctype functions The functionality is found - Perfect!
Fileinfo extension test The functionality is found - Perfect!
Test json functions The functionality is found - Perfect!
Mbstring extension test The functionality is found - Perfect!
GD extension test The functionality is found - Perfect!
Zlib extension test The functionality is found - Perfect!
Allocated memory test Allocated memory > 64MB - Perfect!
Checking write permissions for setting files A file and a directory have be created and deleted - Perfect!
Checking write permissions for document files A file and a directory have be created and deleted - Perfect!
Checking write permissions for dump files A file and a directory have be created and deleted - Perfect!
Checking write permissions for session files A file and a directory have be created and deleted - Perfect!
Checking write permissions for automatic actions files A file and a directory have be created and deleted - Perfect!
Checking write permissions for cache files A file and a directory have be created and deleted - Perfect!
Checking write permissions for graphic files A file and a directory have be created and deleted - Perfect!
Checking write permissions for lock files A file and a directory have be created and deleted - Perfect!
Checking write permissions for plugins document files A file and a directory have be created and deleted - Perfect!
Checking write permissions for temporary files A file and a directory have be created and deleted - Perfect!
Checking write permissions for rss files A file and a directory have be created and deleted - Perfect!
Checking write permissions for upload files A file and a directory have be created and deleted - Perfect!
Checking write permissions for picture files A file and a directory have be created and deleted - Perfect!
Checking write permissions for log files A file was created - Perfect!
Web access to files directory is protected
Web access to the files directory, should not be allowed
Check the .htaccess file and the web server configuration.
SELinux mode is Disabled Disabled
Thanks & Regards.
James Cim
Last edited by JamesChimHK (2015-10-03 09:28:16)
Offline
#6 2015-10-03 14:57:09
- yllen
- GLPI-DEV
- From: Sillery (51)
- Registered: 2008-01-14
- Posts: 15,278
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
3. when you move a directory, root became owner of directory
1. tar -zxvf glpi-master.tar.gz /var/www/html
2. cd /var/ww/html
3. chown -R user:apache files/ config/
4 do your installation
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
#7 2015-10-04 17:55:46
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Dear yllen,
the result for your reference
[root@VM-HELPDESK glpi-master]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:999:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
colord:x:998:997:User for colord:/var/lib/colord:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
libstoragemgmt:x:997:995:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
saslauth:x:996:76:"Saslauthd user":/run/saslauthd:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
chrony:x:995:994::/var/lib/chrony:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
sssd:x:994:993:User for sssd:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
unbound:x:993:992:Unbound DNS resolver:/etc/unbound:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:992:990::/run/gnome-initial-setup/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
wtpuser:x:1000:1000:wtpuser:/home/wtpuser:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin
[root@VM-HELPDESK glpi-master]# pwd
/var/www/html/glpi-master
[root@VM-HELPDESK glpi-master]# ls -l
total 76
drwxr-xr-x 1 root root 3058 Oct 1 20:46 ajax
-rw-r--r-- 1 root root 194 Oct 1 20:46 AUTHORS.txt
-rw-r--r-- 1 root root 64 Oct 1 20:46 CHANGELOG.txt
drwxr-xr-x 1 root root 90 Oct 4 23:28 config
-rw-r--r-- 1 root root 18092 Oct 1 20:46 COPYING.txt
drwxr-xr-x 1 root root 242 Oct 1 20:46 css
drwxr-xr-x 1 root root 168 Oct 4 23:28 files
drwxr-xr-x 1 root root 18628 Oct 1 20:46 front
drwxr-xr-x 1 root root 19292 Oct 1 20:46 inc
-rw-r--r-- 1 root root 6718 Oct 1 20:46 index.php
drwxr-xr-x 1 root root 1378 Oct 1 20:46 install
drwxr-xr-x 1 root root 276 Oct 1 20:46 lib
-rw-r--r-- 1 root root 145 Oct 1 20:46 LISEZMOI.txt
drwxr-xr-x 1 root root 1638 Oct 1 20:46 locales
drwxr-xr-x 1 root root 3806 Oct 1 20:46 pics
drwxr-xr-x 1 root root 20 Oct 1 20:46 plugins
-rw-r--r-- 1 root root 124 Oct 1 20:46 README.txt
-rw-r--r-- 1 root root 21354 Oct 1 20:46 script.js
drwxr-xr-x 1 root root 248 Oct 1 20:46 scripts
-rw-r--r-- 1 root root 6256 Oct 1 20:46 status.php
[root@VM-HELPDESK glpi-master]# chown -R user:apache files/ config/
chown: invalid user: ‘user:apache’
[root@VM-HELPDESK glpi-master]# chown -R wtpuser:apache files/ config/
[root@VM-HELPDESK glpi-master]# ls -l
total 76
drwxr-xr-x 1 root root 3058 Oct 1 20:46 ajax
-rw-r--r-- 1 root root 194 Oct 1 20:46 AUTHORS.txt
-rw-r--r-- 1 root root 64 Oct 1 20:46 CHANGELOG.txt
drwxr-xr-x 1 wtpuser apache 90 Oct 4 23:28 config
-rw-r--r-- 1 root root 18092 Oct 1 20:46 COPYING.txt
drwxr-xr-x 1 root root 242 Oct 1 20:46 css
drwxr-xr-x 1 wtpuser apache 168 Oct 4 23:28 files
drwxr-xr-x 1 root root 18628 Oct 1 20:46 front
drwxr-xr-x 1 root root 19292 Oct 1 20:46 inc
-rw-r--r-- 1 root root 6718 Oct 1 20:46 index.php
drwxr-xr-x 1 root root 1378 Oct 1 20:46 install
drwxr-xr-x 1 root root 276 Oct 1 20:46 lib
-rw-r--r-- 1 root root 145 Oct 1 20:46 LISEZMOI.txt
drwxr-xr-x 1 root root 1638 Oct 1 20:46 locales
drwxr-xr-x 1 root root 3806 Oct 1 20:46 pics
drwxr-xr-x 1 root root 20 Oct 1 20:46 plugins
-rw-r--r-- 1 root root 124 Oct 1 20:46 README.txt
-rw-r--r-- 1 root root 21354 Oct 1 20:46 script.js
drwxr-xr-x 1 root root 248 Oct 1 20:46 scripts
-rw-r--r-- 1 root root 6256 Oct 1 20:46 status.php
[root@VM-HELPDESK glpi-master]#
The Result Sames as Detail of GLPI SETUP New Install (Before change the Permission)
Offline
#8 2015-10-04 17:58:24
- JamesChimHK
- Member
- Registered: 2013-01-22
- Posts: 32
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
If we apply chown -R apache:apache files/ config/
[root@VM-HELPDESK glpi-master]# chown -R apache:apache files/ config/
The Result is same as Detail of GLPI New Install (After change the Permission)
Offline
#9 2015-10-04 19:30:50
- yllen
- GLPI-DEV
- From: Sillery (51)
- Registered: 2008-01-14
- Posts: 15,278
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Have you look at the .htaccess file?
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
#10 2015-10-05 09:55:34
- tsmr
- GLPI-DEV
- From: Rennes
- Registered: 2005-08-26
- Posts: 11,632
- Website
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
selinux error i think
Xavier Caillaud
Blog GLPI Infotel
Offline
#11 2015-10-08 23:06:21
- falecomluizfernando
- Member
- From: Brasil
- Registered: 2014-01-06
- Posts: 2
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
Ignore the message and continue to install. I have same problem and continued.
Offline
#12 2015-10-09 07:13:10
- remi
- GLPI-DEV
- From: Champagne
- Registered: 2007-04-28
- Posts: 7,127
- Website
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
> Web access to the files directory, should not be allowed
> Check the .htaccess file and the web server configuration.
Very bad idea to ignore this message.
Check apache configuration, AllowOverride must be set to allow .htaccess to work, and protect directory.
Edited:
In /etc/http/conf/httpd.conf
Search for <Directory "/var/www/html">
And change AllowOverride from None to All (or Limit which should be enough)
Last edited by remi (2015-10-09 07:45:29)
Dév. Fedora 29 - PHP 5.6/7.0/7.1/7.2/7.3/7.4 - MariaDB 10.3 - GLPI master
Certifié ITILv3 - RPM pour Fedora, RHEL et CentOS sur https://blog.remirepo.net/
Offline
#13 2015-10-09 07:16:01
- remi
- GLPI-DEV
- From: Champagne
- Registered: 2007-04-28
- Posts: 7,127
- Website
Re: GLPI-v0.90-master - new install for files web access issue .htaccess
> we use the centos 7 linux as the glpi server.
On CentOS, use the RPM 
yum install glpi
Dév. Fedora 29 - PHP 5.6/7.0/7.1/7.2/7.3/7.4 - MariaDB 10.3 - GLPI master
Certifié ITILv3 - RPM pour Fedora, RHEL et CentOS sur https://blog.remirepo.net/
Offline