Page 1 of 1

Frontend User Management: Access Denied for added groups

Posted: Fri Feb 15, 2019 7:23 pm
by Harald08
Hi
I use Version 2.2.9, system information below. Actually I added some new user properties and I wanted to use them for an existing group. I kicked the name of that group and a new page opened showing "Access Denied".
This happens for all groups.
Where is the problem? How can I modify existing groups?
Harald

----------------------------------------------

Cms Version: 2.2.9

Installed Modules:

AdminSearch: 1.0.4
CGExtensions: 1.61.5
CGSimpleSmarty: 2.2.1
CMSContentManager: 1.1.7
CmsJobManager: 0.1.3
DesignManager: 1.1.5
FileManager: 1.6.8
FilePicker: 1.0.3
FrontEndUsers: 2.12.7
MicroTiny: 2.2.3
ModuleManager: 2.1.5
Navigator: 1.0.9
News: 2.51.4
Search: 1.51.6
SelfRegistration: 1.14.3


Config Information:

php_memory_limit:
max_upload_size: 16000000
url_rewriting: none
page_extension:
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: America/New_York
permissive_smarty: false


Php Information:

phpversion: 7.2.15
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_ALL: 24565
E_STRICT: 2048
E_DEPRECATED: 0
test_file_timedifference: No time difference found
test_db_timedifference: No time difference found
create_dir_and_file: 1
memory_limit: 512M
max_execution_time: 30
register_globals: Off (False)
output_buffering: 4096
disable_functions: exec, shell_exec, system, dl, passthru, proc_open, proc_close, mail
open_basedir:
test_remote_url: Success
file_uploads: On (True)
post_max_size: 16M
upload_max_filesize: 16M
session_save_path: /tmp (0700)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
check_ini_set: On (True)
curl: On


Performance Information:

allow_browser_cache: On (True)
browser_cache_expiry: 60
php_opcache: On (True)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
auto_clear_cache_age: On (True)

Server Information:

Server Software: LiteSpeed
Server Api: litespeed
Server Os: Linux 3.10.0-714.10.2.lve1.5.17.el7.x86_64 On x86_64
Server Db Type: MySQL (mysqli)
Server Db Version: 5.7.23
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable


Permission Information:

tmp: /home/ibdhde/public_html/h/tmp (0755)
tmp_cache: /home/ibdhde/public_html/h/tmp/cache (0755)
templates_c: /home/ibdhde/public_html/h/tmp/templates_c (0755)
modules: /home/ibdhde/public_html/h/modules (0755)
uploads: /home/ibdhde/public_html/h/uploads (0755)
File Creation Mask (umask): /home/ibdhde/public_html/h/tmp/cache (0755)
config_file: 0444

Re: Frontend User Management: Access Denied for added groups

Posted: Fri Feb 15, 2019 7:52 pm
by DIGI3
Was this access denied message a CMSMS page with a message or a 403 page from the server?

If it's the latter, you probably have mod_security enabled, or some other security on the server.

Re: Frontend User Management: Access Denied for added groups

Posted: Fri Feb 15, 2019 8:04 pm
by Harald08
Thanks for your reply. It is a CMSMS page. Screen shot is attached.

Re: Frontend User Management: Access Denied for added groups

Posted: Sat Feb 16, 2019 3:38 pm
by DIGI3
Seems like something is wrong with the user permissions, although I wasn't able to recreate it in testing. You could try creating a new backend admin user and see if it still happens when you login with that user.

Re: Frontend User Management: Access Denied for added groups

Posted: Sat Feb 16, 2019 5:51 pm
by Harald08
I creating 3 new backend admin user for testing: they have all the same problem.
I will install CMSMS on an other server and give a report with that.

Re: Frontend User Management: Access Denied for added groups

Posted: Tue Feb 19, 2019 11:06 am
by Harald08
As announced in my previous input I tried to install cmsms on my second provider. That failed in stept 4 of the installation script with the error "The waiting time for the connection has expired." I will checkt he solution for this problem later.

So I returned to my first provider. This provider has a one-click installation for cmsms based on Softaculous 5.1.5.

This time I used the manual installation via cmsms-2.2.9.1-install.php in an other web space with an other database. The requirements check for all item were good an the installation finished correctly. I added the modules FrontEndUsers & SelfRegistration to replicate the configuration for this post. Than I tested modifying a group in FrontEndUsers and it failed as posted above.

Than I checked the permissions of the installed cmsms dataset: most folders 755, most files: 644. For my understanding this says, that folders can be executed and files have no permission to be executed and it should be the other way around. So I changes the permission of all files for the module FrontEndUsers to 755. I repeated the test and now I could modify a group in FrontEndUsers as expected.

So I can solve my posted problem now with manual adjustment of permissions for cmsms files.

So finally my Questions are:
what are the correct permission-setting for files and folders in cmsms?
how can the correct permission be set by default?
Is it adjustable during the installation steps or is it a bug in the installation file?

Regards Harald

Re: Frontend User Management: Access Denied for added groups

Posted: Wed Feb 20, 2019 10:42 pm
by Harald08
Unfortunatelly setting 755 permissions for the FEU files did not realy solve the problem. After editing some values in my installation I returned to FEU groups and again "Access denied" after clicking on the name of a group.

So I further investigated the problem and made 3 new installations using 3 different providers. I could replicate this problem with each of the 3 providers.

Attached is are screenshot of the debugging results for the action that causes the problem "Access denied".
Bildschirmfoto 2019-02-20 um 23.11.42.jpg
Bildschirmfoto 2019-02-20 um 23.13.14.jpg
Bildschirmfoto 2019-02-20 um 23.13.59.jpg
The "Access denied" seems to result after the statement
SELECT group_id FROM cmsc2_user_groups WHERE user_id = 1
on the bottom of the second screenshot.

What could be the solution for that problem?

Re: Frontend User Management: Access Denied for added groups

Posted: Tue Mar 05, 2019 11:19 am
by Rinker
Have you solved it???

I have the same problem after upgrading feu 2.7 to the latest version.
I've fill a bug report.

Re: Frontend User Management: Access Denied for added groups

Posted: Tue Mar 05, 2019 4:11 pm
by Harald08
No, is is still an open issue.