• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 2.0 Beta 7 upgrade and lot of permission errors

Andy.N

Well-known member
#1
Moving a forum from latest 1.5.15a to beta 7 today and run into a few issues that are interesting. The site is running PHP 7.1.10, nginx 1.13.6 and mariadb 10.2.29

1) When trying to upgrade from web interface, it complains that /data and /internal_data is not globally writable so I run
chmod -R 777 /usr/local/www/forum/data/
chmod -R 777 /usr/local/www/forum/internal_data/

Refresh the page, restart nginx, etc does not seem to make a difference. So I ended up upgrading from CLI php cmd.php xf:upgrade which ran without issue.

2) Logging into ACP and try to do a file check and got this error
Code:
[LIST]
[*]League\Flysystem\Exception: Impossible to create the root directory "/usr/local/www/forum/internal_data/file_check"
[*]src/XF/LocalFsAdapter.php:1
[/LIST]
Stack trace
#0 src/vendor/league/flysystem/src/Adapter/Local.php(127): XF\LocalFsAdapter->ensureDirectory('/usr/local/www/...')
#1 src/vendor/league/flysystem/src/Filesystem.php(101): League\Flysystem\Adapter\Local->write('file_check/temp...', '{"missing":[],"...', Object(League\Flysystem\Config))
#2 [internal function]: League\Flysystem\Filesystem->put('file_check/temp...', '{"missing":[],"...', Object(League\Flysystem\Config))
#3 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('parent::put', Array)
#4 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('put', Array)
#5 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(57): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('put', Array)
#6 [internal function]: League\Flysystem\EventableFilesystem\EventableFilesystem->put('file_check/temp...', '{"missing":[],"...')
#7 src/vendor/league/flysystem/src/MountManager.php(269): call_user_func_array(Array, Array)
#8 src/vendor/league/flysystem/src/MountManager.php(179): League\Flysystem\MountManager->invokePluginOnFilesystem('put', Array, 'internal-data')
#9 src/XF/Job/FileCheck.php(136): League\Flysystem\MountManager->__call('put', Array)
#10 src/XF/Job/Manager.php(241): XF\Job\FileCheck->run(7.9999988079071)
#11 src/XF/Job/Manager.php(187): XF\Job\Manager->runJobInternal(Array, 7.9999988079071)
#12 src/XF/Job/Manager.php(103): XF\Job\Manager->runJobEntry(Array, 7.9999988079071)
#13 src/XF/Admin/Controller/Tools.php(120): XF\Job\Manager->runByIds(Array, 8)
#14 src/XF/Mvc/Dispatcher.php(249): XF\Admin\Controller\Tools->actionRunJob(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Tools', 'RunJob', 'html', Object(XF\Mvc\ParameterBag), 'tools', Object(XF\Admin\Controller\Tools), NULL)
#16 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#17 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#18 src/XF.php(328): XF\App->run()
#19 admin.php(13): XF::runApp('XF\\Admin\\App')
#20 {main}Request state
array(4) {
  ["url"] => string(30) "/forum/admin.php?tools/run-job"
  ["referrer"] => string(147) "testing/forum/admin.php?tools/run-job&only=fileCheck&_xfRedirect=%2Fforum%2Fadmin.php%3Ftools%2Ffile-check%2F1%2Fresults"
  ["_GET"] => array(1) {
    ["tools/run-job"] => string(0) ""
  }
  ["_POST"] => array(3) {
    ["_xfRedirect"] => string(77) "http://mfeapp1v.bc.baruch.cuny.edu/forum/admin.php?tools/file-check/1/results"
    ["_xfToken"] => string(8) "********"
    ["only_ids"] => string(1) "9"
  }
}
3) When I tried to delete my avatar, I got this error
Code:
[LIST]
[*]ErrorException: [E_WARNING] unlink(/usr/local/www/forum/data/avatars/o/0/1.jpg): Permission denied
[*] 
[*]src/vendor/league/flysystem/src/Adapter/Local.php:252
[*]Generated by: Andy Nguyen
[*] 
[*]Oct 20, 2017 at 8:12 PM
[/LIST]
Stack trace
#0 [internal function]: XF::handlePhpError(2, '[E_WARNING] unl...', '/usr/local/www/...', 252, Array)
#1 src/vendor/league/flysystem/src/Adapter/Local.php(252): unlink('/usr/local/www/...')
#2 src/vendor/league/flysystem/src/Filesystem.php(236): League\Flysystem\Adapter\Local->delete('avatars/o/0/1.j...')
#3 [internal function]: League\Flysystem\Filesystem->delete('avatars/o/0/1.j...', Array)
#4 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('parent::delete', Array)
#5 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('delete', Array)
#6 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(330): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('delete', Array)
#7 [internal function]: League\Flysystem\EventableFilesystem\EventableFilesystem->delete('avatars/o/0/1.j...')
#8 src/vendor/league/flysystem/src/MountManager.php(269): call_user_func_array(Array, Array)
#9 src/vendor/league/flysystem/src/MountManager.php(179): League\Flysystem\MountManager->invokePluginOnFilesystem('delete', Array, 'data')
#10 src/XF/Util/File.php(125): League\Flysystem\MountManager->__call('delete', Array)
#11 src/XF/Service/User/Avatar.php(486): XF\Util\File::deleteFromAbstractedPath('data://avatars/...')
#12 src/XF/Service/User/Avatar.php(444): XF\Service\User\Avatar->deleteAvatarFiles()
#13 src/XF/Pub/Controller/Account.php(442): XF\Service\User\Avatar->deleteAvatar()
#14 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Account->actionAvatar(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'Avatar', 'json', Object(XF\Mvc\ParameterBag), 'account', Object(XF\Pub\Controller\Account), NULL)
#16 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#17 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#18 src/XF.php(328): XF\App->run()
#19 index.php(13): XF::runApp('XF\\Pub\\App')
#20 {main}Request state
array(4) {
  ["url"] => string(21) "/forum/account/avatar"
  ["referrer"] => string(64) "http://testing/forum/account/account-details"
  ["_GET"] => array(1) {
    ["/forum/account/avatar"] => string(0) ""
  }
  ["_POST"] => array(8) {
    ["avatar_crop_x"] => string(1) "0"
    ["avatar_crop_y"] => string(2) "12"
    ["use_custom"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["delete_avatar"] => string(1) "1"
    ["_xfRequestUri"] => string(30) "/forum/account/account-details"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
4) In my inbox, there is an empty conversation dated 1969 which did not exist before the upgrade. Clicking on it will error out.

Screen Shot 2017-10-20 at 7.24.11 PM.png

Code:
Server error log

[LIST]
[*]ErrorException: [E_NOTICE] Trying to get property of non-object
[*] 
[*]src/XF/Pub/Controller/Conversation.php:164
[/LIST]
Stack trace
#0 src/XF/Pub/Controller/Conversation.php(164): XF::handlePhpError(8, '[E_NOTICE] Tryi...', '/usr/local/www/...', 164, Array)
#1 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Conversation->actionView(Object(XF\Mvc\ParameterBag))
#2 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF\\Pub\\Controll...', 'View', 'html', Object(XF\Mvc\ParameterBag), 'conversations', Object(XF\Pub\Controller\Conversation), Object(XF\Mvc\Reply\Reroute))
#3 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#4 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#5 src/XF.php(328): XF\App->run()
#6 index.php(13): XF::runApp('XF\\Pub\\App')
#7 {main}Request state
array(4) {
  ["url"] => string(27) "/forum/conversations/12665/"
  ["referrer"] => string(55) "http://testing/forum/conversations/"
  ["_GET"] => array(1) {
    ["/forum/conversations/12665/"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}
 

Andy.N

Well-known member
#2
Looking around more for similar error messages, it appears to be a file/folder permission or ownership.
All the files under those 2 folders are owned by nginx

drwxrwsrwx. 9 nginx nginx 4096 Sep 5 13:21 internal_data
drwxrwsrwx. 5 nginx nginx 72 Oct 21 2011 data
 
#4
R u able to access yourdomain.com/install folder

If not check ssl conf or yourdomain.conf file and grant access to install, libraray etc.

And reupload files and do upgrade.

I m not exper but you may try this
 

Mike

XenForo developer
Staff member
#5
If the files and folders are owned by nginx -- and that's who PHP is running as -- then indeed, normally you wouldn't need to chmod 0777.

At a guess, are you running something like SELinux? That may be limiting where writes can happen, so you would likely need to tweak those rules (or disable it).
 

Andy.N

Well-known member
#6
If the files and folders are owned by nginx -- and that's who PHP is running as -- then indeed, normally you wouldn't need to chmod 0777.

At a guess, are you running something like SELinux? That may be limiting where writes can happen, so you would likely need to tweak those rules (or disable it).
It is indeed running SELinux with Red Hat 7.3
Here is content of the /etc/selinux/confix file. I disabled it and the errors went away. What would you suggest instead of disabling it completely.
Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are pr$
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
 

Mike

XenForo developer
Staff member
#7
It's simplest to disable it and that is generally what happens. Unfortunately, I don't really know enough about SELinux to comment on how to configure it.
 

Andy.N

Well-known member
#8
It's simplest to disable it and that is generally what happens. Unfortunately, I don't really know enough about SELinux to comment on how to configure it.
Yep. Disable it solved many permission issue.
Can you take a look at the bug with empty conversation messages?

Thank you