Permission settings prevent image loading

klikini

After a recent upgrade, new images I uploaded could not be viewed by the public (only the admin account) due to permission problems. After setting the permissions of my entire site recursivley to public read access (and yes, I changed zp-data to private), the permissions of the new photos are still set to private. I have already uninstalled/wiped/reinstalled the site twice, so please let me know if you have ideas.

Currently, all images are loading except newly uploaded ones. If I recursively change all permissions in albums and cache, they will load. Until that, they show up as an image error on the site and a 403 forbidden when I load the full image.

Thanks in advance. (PS: site is snaperturephotos.com)

acrylian

What did setup tell about permissions? If you haven't already please look here:
http://www.zenphoto.org/news/permissions-for-zenphoto-files-and-folders

If that all doesn't help, you may have to contact your host.

Your site seems to work fine to me as far as I can see, except that it seems a bit slow.

sbillard

Look in your configuration file for the line that sets `$conf['CHMOD']`. That is the base permissions Zenphoto will use when creating files and folders. If it is missing or too strict a permission for your server you should edit the line.

klikini

@arcylian - Check out http://snaperturephotos.com/Animals/

@sbillard - What file is this in? I looked in zenphoto_config.txt but I couldn't find it.

sbillard

Your config file `.../zp-data/zenphoto_config.txt` If the line is not in that file it would be because you have not set the permissions value during setup.

klikini

How do I add it? What data value should I give it (755?)

acrylian

You can delete it (save your db etc credentials first) and re-run setup to let it re-create it.

sbillard

What acrylian said is incorrect.

You need to run setup and set the permissions. There will be a line about file permissions. Normally if you have not set the permissions there will be a warning box alerting you to the fact that they are not chosen. If there is no warning box there will be a link to expose the details.

But the problem is that we cannot tell you what the right answer to the data value since that is totally dependent on your server. Most likely the value you used when you recursively set the permissions on your albums and cache is the right one, though.

klikini

So I unlocked the setup files and ran setup, choosing the "relaxed" option (it was set to strict by default, and I was manually setting the permissions to 755). When I clicked the apply button in the permissions box of setup, I got a 500 internal server error. When I visit the site, I get the same thing. Did I just break my entire site?

sbillard

Quite possibly yes. File/folder permissions can be dicey. Set them too relaxed and the security software on your site may refuse to run scripts.You can probably fix the permissions with FTP, though.

It may well be that your site is simply mis-configured for an application like Zenphoto. Basically Zenphoto has to be able to read/write files and folders that it "owns". Strict permissions should work for that.

If the "user" that FTP runs under is different from the "user" that your CGI scripts run under you will constantly have permissions issues since Zenphoto will not be the owner of the newly uploaded items.

klikini

I have set the permissions of ALL files and folders on the server to 755, and now I get a 403 error. How do you suggest I keep my albums/names/descriptions on the files to wipe/reinstall the site? And can I move the photo files to another folder on the site, delete all ZP files, install ZP, then move the photo files back to the albums folder in my FTP program? (I also have SSH access)

klikini

I managed to reset everything, but now when I click on the album thumbnail I get a 404 error.

sbillard

If I visit your root (http://snaperturephotos.com/) site I get

Index of /

OLD/
blog/
indbin/
k.files/
login.html
Apache Server at snaperturephotos.com Port 80

This indicates that either the installation files are gone, or they are not visible to your WEB server.

klikini

Yeah, I deleted them to start over. I moved the entire web root to OLD. I'm installing ZP in a /cms folder, so I don't have to deal with its files AND my files in the same place.

klikini

So I was running setup, and I selected "relaxed" as the permission. When I hit apply, I got a 500 server error. This happens every time, and this is running setup on a clean install. Ideas please?

sbillard

Don't set the permissions to relaxed!

Seriously, you will have to have a discussion with your server support people to resolve this. Clearly they do not allow relaxed permissions. You can leave things the way FTP leaves them if that works, but of course that does not resolve your problems with the uploads.

Basically, unless the web server and the FTP server use the same user you are simply going to have file permissions issues.

klikini

Is there any way to set the default permissions to 755 (not in the setup list)?

EDIT: Contacted HostGator, awaiting reply.

sbillard

In your configuration file above the line that reads
`/** Do not edit below this line. **/`
insert the following:
`
$conf['CHMOD'] = 0644;
if (!defined('CHMOD_VALUE')) { define('CHMOD_VALUE', $conf['CHMOD']); }
`

klikini

Can I do `$conf['CHMOD'] = 0755;`?

acrylian

deally, permissions should be set up with 0644 files/0755 directories ([rw-r--r--] files and [rwxr-xr-x] directories) permissions, with [youruser:webservergroup] ownership. If you can do that, we highly recommend it.

http://www.zenphoto.org/news/permissions-for-zenphoto-files-and-folders

So no, basically its always a pair.

sbillard

And the pair is determined by Zenphoto from the files permissions by "ANDing" 0111 to it. Thus `$conf['CHMOD'] = 0644;` yields 0755 for folders.

klikini

Reinstalling now (waiting for FTP of all the files to finish). Every time I install ZP, I get: `Zenphoto suggests you make the sensitive files in the zp-data folder accessable by owner only (permissions = 0600). The file permissions for setup.log are 0644 which may allow unauthorized access.` What should I do about this? I usually just ignore it...

sbillard

Probably for your server you should ignore this, but understand that these files might be vulnerable.

But that you get this error at all would indicate your site has severely restricted what applications can do with regard to setting file permissions. (Either that or you are not running current Zenphoto software. I do hope that you checked and are not making that mistake.)

Sometimes hosters get a bit too aggressive with their security and cripple legitimate applications. All totally unnecessary and a bit naive of them.

klikini

Is there anything in the files I would care about? The public can only read them, right? And they aren't advertised.

sbillard

Well, for instance, your MySQL credentials are in the configuration file. You probably don't want the public to read that. They are not advertised, but any hacker worth his salt will have read the Zenphoto code and know how to find them.

klikini

Okay. So should I set the permissions of the files to 600 and folders to ...?

Also: HostGator said that the FTP account and the admin account were the same, so "owner" will always be me.

sbillard

I cannot make recommendations for your host. If he is correct then the settings from setup would work. Since apparently they do not something is amiss.

klikini

Site is up and running, added that code to the config file. I uploaded a test image and it worked! Now what should I set the permissions for the zp-data dirs to? Files are 600 now.