[solved] 4.1.1 admin login : Error 403 Forbidden

#1
Hello,

upgraded from 4.1 to 4.1.1 and blocked to login to the admin console.
After looking into the lsws error.log, it turned out that lsws blocked the admin pages caused by symbolic links disallowed to follow in Server->Security->File Access.
The update to 4.1.1 creates a symbolic link for the admin area. This should be white-listed.
Workaround: remove the symbolic link
 

mistwang

LiteSpeed Staff
#2
We will address this in next build of 4.1.1, we use symbolic links to easily switch between different versions. As long as the link and the target directory is owned by root, it should be fine.
 
#3
where?

where is this link?? i'm looking at /usr/local/lsws

/usr/local/lsws/admin is owned by root.

please send the path, or workaround.

by the way, i had 4.0.1 installed on my server and upgraded my support license for a year. the web interface wouldn't offer the upgrade, so i had to upgrade via the cli.
 
Last edited:
#5
did that

I've downloaded it again (4.1.1), upgraded it again, and still have the same problem (4.0.1 worked fine). Please advise.

Update the error log shows:

Found symbolic link, or owner of symbolic link and link target does not match for path [/usr/local/lsws/admin/html/index.php], access denied.
root:root owns that file, shouldn't root:nobody own it?
 
Last edited:
#7
ls

Code:
root@server ~ # ls -l /usr/local/lsws/admin
total 56K
drwx--x--- 3 root  nobody 4.0K Jun  7 02:01 cgid
drwx------ 2 lsadm lsadm  4.0K Jun  7  2010 conf
drwxr-xr-x 2 root  root   4.0K Jun  6 14:01 fcgi-bin
lrwxrwxrwx 1 root  root     10 Jun  7 00:45 html -> html.4.1.1
drwxr-xr-x 8 root  root   4.0K Apr  7  2010 html.4.0.13
drwxr-xr-x 8 root  root   4.0K May 25  2010 html.4.0.14
drwxr-xr-x 8 root  root   4.0K Aug 19  2010 html.4.0.16
drwxr-xr-x 8 root  root   4.0K Nov  1  2010 html.4.0.17
drwxr-xr-x 8 root  root   4.0K Jan 25 02:27 html.4.0.18
drwxr-xr-x 8 root  root   4.0K Jan 28 14:46 html.4.0.19
drwxr-xr-x 8 root  root   4.0K Mar 31 15:17 html.4.0.20
drwxr-xr-x 8 root  root   4.0K Jun  7 00:34 html.4.1.1
drwxr-xr-x 2 root  root   4.0K Apr  7  2010 logs
drwxr-xr-x 3 root  root   4.0K Aug 19  2010 misc
drwx--x--- 2 lsadm nobody 4.0K Jun  7 02:01 tmp
Code:
root@server /usr/local/lsws/admin/html.4.1.1 # l
total 36K
drwxr-xr-x 3 root root 4.0K Jun  7 00:34 classes
drwxr-xr-x 2 root root 4.0K Jun  7 00:34 config
drwxr-xr-x 2 root root 4.0K Jun  7 00:34 includes
-rw-r--r-- 1 root root 2.6K Jun  7 00:34 index.php
-rw-r--r-- 1 root root 4.1K Jun  7 00:34 login.php
drwxr-xr-x 2 root root 4.0K Jun  7 00:34 service
drwxr-xr-x 6 root root 4.0K Jun  7 00:34 static
drwxr-xr-x 3 root root 4.0K Jun  7 00:34 utility
 
#9
?

Why would installing and upgrading the same release fix anything? I've already upgraded twice and it's the same regression.
 
Top