in Dokkeos, English, security, Techie

Chamilo, new course, error about group permissions

There is a common problem appearing when installing a new Chamilo portal that I have seen a lot recently, so I thought I’d share the details here.

The problem

When installing Chamilo on a cPanel-kind-of-hosting, it might happen that you complete the installation, but when you want to enter a newly-created course, an ugly error appears. Something of the likes of:

Internal Server Error

or, if you are lucky

/…/courses/COURSECODE/index.php cannot be displayed because it is writable by the group.

Either way, those two error message precisely when the URL of your browser shows http://your-domain-name/courses/YOURCOURSECODE/index.php mean that you have a “secured” version of Linux.

This implies that for any PHP script that you want to execute, this message will appear if the script is writable by any other user than the owner of the file.

In a cPanel system, you will see that this file (and possibly the directory it’s in) have write permissions for the group.

The permissions syntax

I’m reviewing basic stuff here, so if you know about UNIX permissions or just don’t want to know, just skip to the next section.

This is represented by the permissions indicator

-rwxrwxr–

which can be translated as: the owner can read, write and execute this script, the owner *group* can read, write and execute this script, and all other users can read the script, but not write or execute it.

The write permission gives you the right to edit the file, but you need a write permission on the containing *folder* to actually create or remove this file.

Anyway, so the risk is that, by letting too many people access this script, it could be used (and modified) by a cracker (an evil hacker) to execute his code instead of yours on your server.

Fixing the problem now on the server

Now the quick fix is to read carefully the error message and change the permissions accordingly. The server tells us that this script cannot be opened because it is writable by the group. So all we need to do is remove the write permission on this file. Just click on whatever option allows you to change the permissions on that cPanel and remove the write permission for the group.

This should result in your file’s new permissions to look like this:

-rwxr–r–

If the server bothers you with write permissions about the directory, you need to set the directory’s permissions to

– rwxr-xr-x

Execution permissions are needed to read inside this directory (and get to index.php).

This should solve your problem for this course. Now you want to avoid doing that for all courses to come, don’t you? Read on…

Fixing the problem for the future from inside Chamilo

Since Dokeos 1.8.4 (or a little before that), we added a few settings inside the database that lets you mention what type of permissions you want new files and directories to use. Well, this is precisely one case for which we did that.

You want to head towards your “Portal Administration” tab, “Platform” section, “Configuration settings” link, then “Security”, then the “Permissions for new directories” and “Permissions for new files” settings. By default, these are set to 0777 and 0666. Considering you want the groups not to have write permissions, and considering 0777 is representing rwxrwxrwx and 0666 is representing rw-rw-rw-, you just want to change these to 0555 and 0444 respectively.

That’s it, you can now create a new course without having to worry about files permissions!

Related Posts

 in Chamilo, Documentation, English, OSS Solutions

Howto upgrade from Chamilo 1.8.7 to Chamilo 1.8.7.1

It’s *very* easy, doesn’t generate any data loss whatsoever, and doesn’t imply any...

 in Chamilo, e-learning, English, Good news, News, open-source, OSS Solutions

BeezNest announces the release of Chamilo LMS 1.9.10

BeezNest announces the immediate release of the e-learning system Chamilo LMS v1.9.10 Open...

27 Comments

  • Luis Rivera
    20 September, 2008 at 1:59 am  - 

    Thanks for your solution, it worked, as I had the same problem, I´m working with Dokeos V 1.6.5, and doesn´t have the security option than allow to set the kind of permissions desired for files, but by mean of the CPANEL I did it.
    Regards.

  • jruz
    7 October, 2008 at 3:51 pm  - 

    thanks, it solved my problem

  • Jesus Mendez
    20 July, 2009 at 10:19 pm  - 

    We really appreciate your help. Thank you very much.

  • Wfirefox
    23 October, 2009 at 7:41 am  - 

    i’m sory but this no functionning…
    I have always :
    Forbidden
    You don’t have permission to access /courses/BOB/ on this server.

    ——————————————————————————–

    Apache/2.2.3 (Red Hat) Server at mysite Port 80

    • ywarnier
      23 October, 2009 at 9:53 am  - 

      Hi Wfirefox,

      I’m probably even more sorry. I’m trying the best I can to help you all but there are loads of hidden reasons why this could not work, depending on your specific configuration. This being said, there are about 7000 reported installations of Dokeos which work, so I can’t imagine we’re doing it completely wrong.
      Please consider having a professional look up at your server configuration and give you a hand.

  • Pedro
    26 January, 2010 at 4:01 pm  - 

    Hi !

    Thanks for your post.

    I had that 500 error problem, and when I changed that, it was ok.

    But now I have the folloing message:
    “Not Found
    The requested URL /courses/PESD/index.php was not found on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.”

    Can you help me now ?

    • ywarnier
      26 January, 2010 at 4:46 pm  - 

      Hi Pedro,
      Maybe that comes from the first time you created the course and the error happened. Does it happen when you create a *new* course now? If not, then you have fixed the problem and should just remove the PESD course from the courses list in the admin section.

  • Pedro
    26 January, 2010 at 4:51 pm  - 

    Hi !

    I’ve just tryed to create a new course, and the problem presists…. 🙁

    Any hints ?

    Thnaks !

  • Pedro
    26 January, 2010 at 4:53 pm  - 

    PS:

    The error is slightly different….

    It just says:

    “Index of /courses/TESTE05

    Parent Directory”

    It’s not an error… but it did not create any new index.php file in thge new directory…

    Any hint ?

    Thnaks !

    PFS.

  • ywarnier
    26 January, 2010 at 5:12 pm  - 

    Seems to me that it is possible to create the directory but not the file… Try to manually create an index.php file in there that contains this:

    <?php
    $cidReq = “TESTE05”;
    $dbname = “TESTE05”;
    include(“../../main/course_home/course_home.php”);
    ?>

    And then try to enter the course again. It is very likely that the permissions on the courses/ directory were first wrong and then you changed that, but in the meantime you changed the permissions in the security settings of Dokeos/Chamilo to something else than 0777 and now you can create the directory but you cannot create anything inside it 🙂

  • Pedro
    26 January, 2010 at 5:25 pm  - 

    Sorry..

    What should it be in the .phgp file ?

    Thanks a million !

  • Cedric Gerard
    5 April, 2011 at 6:20 pm  - 

    changing “Permissions for new directories” to 0755 worked for me, 0555 did not, I guess it really depends on the hosting provider…

  • Luca
    12 November, 2011 at 10:30 am  - 

    hi to you, all Chamilo fans,

    I had a similar problem, but solved it in another way. after reading your post, I tried to change, by trial and error, the file and directories permissions, with many combinations, with no success.
    but first a little info: Chamilo 1.8.8.2 installed on Bluehost with SimpleScrips, on a directory of lucadezmir.com (initial address: lucadezmir.com/cursuri).
    on lucadezmir.com is a WordPress instalation. when I tried to open a new course (after making it), it gave me 404 error FROM THE WORDPRESS instalation.
    the fix: made another subdomain: cursuri.lucadezmir.com, installed Chamilo, made a course, tried to open it, got a 500 type error but, interesting, at the end of the error was a nice word: “FIXED.” reloaded the page and…bang…I had access to the course.
    I tried to fix the problem for two days, got help from a friend. kudos for the fix goes to Razvan
    now I am going to start the long and nice process of building the campus 🙂

    all best to you,
    Luca

  • Luis
    8 December, 2011 at 3:10 am  - 

    Thank you very much, but for my system I need have to set 0755 and 0644 to dir and files respectively and it works for me, but… when I delete any Course from admin, the permissions return to the original configuration 🙁

  • Thor Kristjansson
    18 April, 2013 at 3:08 pm  - 

    Fixing the problem for the future from inside Chamilo,
    this was it, works great now, thanks alot

  • Elisha Ray
    19 January, 2014 at 6:30 am  - 

    Hi, Just installed chamillo 1.9.6 and am getting the same errors. Tried changing the permissions nothing is going through. Who can assist please

  • BigAll
    26 April, 2016 at 4:38 pm  - 

    I have a problem with chamilo.

    I generated the course well.
    I keep it in app / courses

    But when I click on Course “TEST” for example, suggests me http://www.test.com/courses/TEST/index.php and displays the error: “The requested URL was not found /courses2/TEST/index.php on this server.

    Summary:
    – I believe the course apparently well.
    – Do not believe index.php
    – Aim to another directory. the course is created in app / courses but to click points to / courses

    No solution has been me permission useful.

    Any ideas?

    • Yannick Warnier
      27 April, 2016 at 9:58 pm  - 

      Hi. Please read the installation guide more carefully. Your web server is not interpreting the .htaccess file with redirect rules (I’m guessing you’re using Chamilo 1.10 as you mention the app/ folder). Make sure your Apache’s Rewrite module is enabled (sudo a2enmod rewrite) and that you have the “AllowOverride All” setting present somewhere in a Directory tag for your virtualhost.

  • nanang
    16 May, 2016 at 3:55 pm  - 

    i don’t know with this
    The requested URL /app/course_home/course_home.php was not found on this server.

    What can i do ??
    Please help me.

  • Lokoto
    1 June, 2016 at 10:56 pm  - 

    la solucion es a2enmod rewrite y luego cambiar en e directory “AllowOverride None ” por
    AllosOverride All

  • Jhon Mosquera
    7 February, 2017 at 8:58 pm  - 

    Muchas gracias
    En este link encontré la solución del error 404, el porque no creaba los cursos completamente

Comments are closed.