Admin interface assets forbidden by nginx

Pete · July 31, 2024, 4:07pm

I’ve just completed a fresh install and am trying to visit the admin panel. As expected I get the SSL warning which I accept. The html page loads, but when the page tries to load javascript and css files the nginx server returns 403, for example:

curl -k https://<REDACTED>/admin/assets/bootstrap/js/bootstrap.min.js
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

Looking at the nginx error log:

[error] 619710#619710: *30 open() "/usr/local/lib/mailinabox/vendor/assets/bootstrap/js/bootstrap.min.js" failed (13: Permission denied), client: REDACTED, server: box.REDACTED.com, request: "GET /admin/assets/bootstrap/js/bootstrap.min.js HTTP/2.0", host: "REDACTED"

And on the file system at the permissions of that file:

 ls -lah /usr/local/lib/mailinabox/vendor/assets/bootstrap/js/
total 128K
drwxr-xr-x 2 root root 4.0K Feb 13  2019 .
drwxr-xr-x 5 root root 4.0K Feb 13  2019 ..
-rw-r--r-- 1 root root  74K Feb 13  2019 bootstrap.js
-rw-r--r-- 1 root root  39K Feb 13  2019 bootstrap.min.js
-rw-r--r-- 1 root root  484 Feb 13  2019 npm.js

Do those file permissions look as expected? any other ideas what’s going on?

Thanks in advance!

andrew · August 1, 2024, 12:30am

Same permissions as what I see, so that doesn’t help

Pete · August 1, 2024, 2:06pm

Ok solved this one…
re-ran the installer to ensure things were “fresh”.

Used namei to trace the permissions problem

sudo -u www-data namei /usr/local/lib/mailinabox/vendor/assets/bootstrap/js/bootstrap.min.js
f: /usr/local/lib/mailinabox/vendor/assets/bootstrap/js/bootstrap.min.js
 d /
 d usr
 d local
 d lib
 d mailinabox
 d vendor
 d assets
   bootstrap - Permission denied

then a check on the folder permissions using tree

└── [drwxr-xr-x]  vendor
    └── [drwxr-x---]  assets
        ├── [drwxr-xr-x]  bootstrap
        │   ├── [drwxr-xr-x]  css
        │   │   ├── [-rw-r--r--]  bootstrap.css
        │   │   ├── [-rw-r--r--]  bootstrap.css.map
        │   │   ├── [-rw-r--r--]  bootstrap.min.css
        │   │   ├── [-rw-r--r--]  bootstrap.min.css.map
        │   │   ├── [-rw-r--r--]  bootstrap-theme.css
        │   │   ├── [-rw-r--r--]  bootstrap-theme.css.map
        │   │   ├── [-rw-r--r--]  bootstrap-theme.min.css
        │   │   └── [-rw-r--r--]  bootstrap-theme.min.css.map
        │   ├── [drwxr-xr-x]  fonts
        │   │   ├── [-rw-r--r--]  glyphicons-halflings-regular.eot
        │   │   ├── [-rw-r--r--]  glyphicons-halflings-regular.svg
        │   │   ├── [-rw-r--r--]  glyphicons-halflings-regular.ttf
        │   │   ├── [-rw-r--r--]  glyphicons-halflings-regular.woff
        │   │   └── [-rw-r--r--]  glyphicons-halflings-regular.woff2
        │   └── [drwxr-xr-x]  js
        │       ├── [-rw-r--r--]  bootstrap.js
        │       ├── [-rw-r--r--]  bootstrap.min.js
        │       └── [-rw-r--r--]  npm.js
        └── [-rw-r-----]  jquery.min.js

noted that the assets folder permissions are different, fix with:

chmod -R 755 /usr/local/lib/mailinabox/vendor/assets/

problem solved!

system · August 8, 2024, 2:06pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.