How do troubleshoot "Permission denied"?
1,117 views
Skip to first unread message
ljt...@gmail.com
Oct 31, 2017, 12:16:34 PM10/31/17
to SimpleSAMLphp
What are you trying to do?
I'm trying to access https://staging.mysite.mainsite.com/simplesaml and I kept getting this error, "Permission denied."
What have you done?
Describe here the steps you have taken:
- What does your setup look like?
- On local machine: www.dd:8443/simplesaml/ and on Acquia's staging: https://staging.mysite.mainsite.com/simplesaml
- What documentation are you following if you are following any apart from the official?
- Are you using any third-party software (e.g. a Drupal plugin)?
- Simplesamlphp_auth module but I'm not even at the point of configuring simplesaml_auth in Drupal yet.
- How are you testing your setup?
- I'm simply trying to access the simplesaml setup page.
- What did you do to debug your problem?
- I've tried my local machine as well as at Acquia's environment
- etc.
- Permissions of docroot/simplesaml, vendor/simplesamlphp/cert, vendor/simplesamlphp/config, and vendor/simplesamlphp/metadata is lrwxr-xr-x
Is there anything wrong?
If you are seeing an error or you are getting a different behavior than you expected, state clearly what happened and what did you expect. If there is an error involved, add the error message with the stack trace if possible. Add as much information as you can to help diagnose the issue, e.g:
If you are seeing an error or you are getting a different behavior than you expected, state clearly what happened and what did you expect. If there is an error involved, add the error message with the stack trace if possible. Add as much information as you can to help diagnose the issue, e.g:
- Log traces from SimpleSAMLphp
- The Acquia log shows this error: Symbolic link not allowed or link target not accessible: /var/www/stagingserver/docroot/simplesaml
- Log traces from your web server (particularly from the error log)
- On local machine shows:
- Fatal error: Uncaught Exception: Unable to load Composer autoloader in /Users/username/Sites/drupalsites/vendor/simplesamlphp/lib/_autoload.php:18 Stack trace: #0 /Users/username/Sites/drupalsites/vendor/simplesamlphp/www/_include.php(32): require_once() #1 /Users/username/Sites/drupalsites/vendor/simplesamlphp/www/index.php(3): require_once('/Users/username/Si...') #2 {main} thrown in /Users/username/Sites/drupalsites/vendor/simplesamlphp/lib/_autoload.php on line 18
- HTTP requests and responses captured with the SAML tracer Firefox plugin or other equivalent software
- GET http://staging.ce.mainsite.com/simplesaml HTTP/1.1
- Host: staging.ce.mainsite.com
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- DNT: 1
- HTTP/?.? 403 Forbidden
- Server: nginx
- Date: Tue, 31 Oct 2017 16:06:56 GMT
- Content-Type: text/html; charset=iso-8859-1
- Content-Length: 17
- X-Request-ID: v-848b47ec-be55-11e7-9750-22000ada0878
- X-Varnish: 70631705
- Age: 0
- Via: 1.1 varnish-v4
- X-Cache: MISS
- Connection: keep-alive
- etc
Is there anything you don't understand?
What I do not understand is that I copied the same exact files from cert, metadata, and config folders to this new branch and I got this error. The permission seem to be the same...perhaps I've overlooked.
Peter Schober
Oct 31, 2017, 12:59:13 PM10/31/17
to SimpleSAMLphp
* ljt...@gmail.com <ljt...@gmail.com> [2017-10-31 17:16]:
> - Permissions of docroot/simplesaml, vendor/simplesamlphp/cert,
doesn't mean the files the link references are readable.
> - The Acquia log shows this error: *Symbolic link not allowed or link
> target not accessible: /var/www/stagingserver/docroot/simplesaml*
Well, then I guess you'd need to fix that, with the two possible
reasons given in the error message itself.
(If symlinks are not allowed there the third-party documentation you
referenced is incorrect in this regard, though that seems to be the
less likely reason of those two.)
> - On local machine shows:
> - *Fatal error: Uncaught Exception: Unable to load Composer autoloader in
> /Users/username/Sites/drupalsites/vendor/simplesamlphp/lib/_autoload.php:18
That's a different error, in a different environment, with a different
reason (composer problem). Let stick with your server issue for now,
not with your use of composer on your own machine.
> What I do not understand is that I copied the same exact files from
> cert, metadata, and config folders to this new branch and I got this
> error. The permission seem to be the same...perhaps I've overlooked.
What new branch? A git branch? Git doesn't care about filesystem
permissions, AFAIR.
-peter
> - Permissions of docroot/simplesaml, vendor/simplesamlphp/cert,
> vendor/simplesamlphp/config, and vendor/simplesamlphp/metadata is lrwxr-xr-x
Well, the first letter 'l' means this is a symbolic link, so that
doesn't mean the files the link references are readable.
> - The Acquia log shows this error: *Symbolic link not allowed or link
> target not accessible: /var/www/stagingserver/docroot/simplesaml*
Well, then I guess you'd need to fix that, with the two possible
reasons given in the error message itself.
(If symlinks are not allowed there the third-party documentation you
referenced is incorrect in this regard, though that seems to be the
less likely reason of those two.)
> - On local machine shows:
> - *Fatal error: Uncaught Exception: Unable to load Composer autoloader in
> /Users/username/Sites/drupalsites/vendor/simplesamlphp/lib/_autoload.php:18
That's a different error, in a different environment, with a different
reason (composer problem). Let stick with your server issue for now,
not with your use of composer on your own machine.
> What I do not understand is that I copied the same exact files from
> cert, metadata, and config folders to this new branch and I got this
> error. The permission seem to be the same...perhaps I've overlooked.
permissions, AFAIR.
-peter
Chong Lor
Oct 31, 2017, 1:52:58 PM10/31/17
to SimpleSAMLphp
If I double click any of the symlink folder, it does go to the actual folder of those files.
I'm not sure how to troubleshoot the error "Symbolic link not allowed or link target not accessible: /var/www/stagingserver/docroot/simplesaml" since I have the same exact symlinks in our production environment and it works fine. When SSH into Acquia's environment, there is no way to look to at those permissions. The file structure are hidden.
Yes, I am referring to git branch. In another of my git branch (which is now Production environment) works fine. I've switched to this branch and looked at the permission and it's the same. The folders of cert, config, and metadata of my current git branch all have drwxr-xr-x and their files are -rwxr-xr-x. The vendor/simplesamlphp/ show permission for www as drwx-xr-x and all of its sub folder.
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/Chg5z88Fsec/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlphp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Peter Schober
Oct 31, 2017, 2:15:11 PM10/31/17
to SimpleSAMLphp
* Chong Lor <ljt...@gmail.com> [2017-10-31 18:53]:
$ ls -la /var/www/stagingserver/docroot/
Either way it's a local deployment/permission problem of your setup in
this environment. Not much anyone else can do.
-peter
> I'm not sure how to troubleshoot the error "Symbolic link not allowed or
> link target not accessible: /var/www/stagingserver/docroot/simplesaml"
> since I have the same exact symlinks in our production environment and it
> works fine. When SSH into Acquia's environment, there is no way to look to
> at those permissions. The file structure are hidden.
If you have SSH access that's unlikely. Try:
> link target not accessible: /var/www/stagingserver/docroot/simplesaml"
> since I have the same exact symlinks in our production environment and it
> works fine. When SSH into Acquia's environment, there is no way to look to
> at those permissions. The file structure are hidden.
$ ls -la /var/www/stagingserver/docroot/
Either way it's a local deployment/permission problem of your setup in
this environment. Not much anyone else can do.
-peter
Alejandro Moreno
Jun 23, 2021, 6:54:56 AM6/23/21
to SimpleSAMLphp
for the sake of documenting, this could be related to this: https://support.acquia.com/hc/en-us/articles/360005849373-File-permissions-while-using-Acquia-Cloud
In particular:
Known problem modules
With the Acquia Cloud setup, several modules are known to have problems because they require the ability to write to their own module folder. You will need to link modules to the files area.
Simplesaml is listed as one of the problematic modules that will need to follow that
Peter Schober
Jun 23, 2021, 7:26:38 AM6/23/21
to SimpleSAMLphp
Thanks for sharing, Alejandro. Comment below.
* Alejandro Moreno <alejandr...@acquia.com> [2021-06-23 12:55]:
up on this list from time to time) but where SimpleSAMLphp needs write
access can be configured in the software.
I.e., if you configured SimpleSAMLphp to put the parts that need
writing (e.g. 'loggingdir', 'datadir', 'tempdir', 'statistics.out',
'metadata.sources' for any metarefresh-managed metadata) elsewhere
(wheverever it doesn't cause Acquia to complain/fail) I would expect
this to work around any Acquia limitations in this regard.
-peter
* Alejandro Moreno <alejandr...@acquia.com> [2021-06-23 12:55]:
> > With the Acquia Cloud setup, several modules are known to have
> > problems because they require the ability to write to their own
> > module folder. You will need to link modules to the files area.
>
> Simplesaml is listed as one of the problematic modules that will
> need to follow that
No idea what Acquia is (other than confused questions about it coming
> > problems because they require the ability to write to their own
> > module folder. You will need to link modules to the files area.
>
> Simplesaml is listed as one of the problematic modules that will
> need to follow that
up on this list from time to time) but where SimpleSAMLphp needs write
access can be configured in the software.
I.e., if you configured SimpleSAMLphp to put the parts that need
writing (e.g. 'loggingdir', 'datadir', 'tempdir', 'statistics.out',
'metadata.sources' for any metarefresh-managed metadata) elsewhere
(wheverever it doesn't cause Acquia to complain/fail) I would expect
this to work around any Acquia limitations in this regard.
-peter
Reply all
Reply to author
Forward
0 new messages