After upgrading, got "403 Forbidden"

Guys, after updating on the remote server to the latest version, using “bin/gpm selfupgrade”, I got a “403 Forbidden” Grav page (and I refreshed, etc, and it was still happening).

I had to reinstall Grav (wget, unzip), and then sync the “user” folder through rsync to get my site up again.

I’m at WireNine hosting, like you suggested. Why did this happen? There must be some bug in the upgrade process…

Hmm. that’s strange. The selfupgrade uses the same upgrade package, but it could be permissions, or perhaps the .htaccess. Did you make any modifications to the .htaccess file?

if not i will test on my WireNine hosting setup and see if I can reproduce your issue.

No, no modifications to the .htaccess file. Thank you for investigating this…

Ok it’s a permission issue that caused it. Files that were created with the regular unzip, are created with 755 (for directories) and 644 (for files). However, after the selfupgrade those files are 775 and 664. These cause the forbidden errors as its a security setting.

The quick fix is to change the permissions back:

find . -type d | xargs chmod 755
find . -type f | xargs chmod 644
chmod 755 bin/*

That will resolve it. However, the better fix is to ensure that WireNine has the configuration setting so that files are automatically created with 755 and 644 permissions.

I’m currently in communication with their support folks to find the best solution. I will get back to you!

Thank you!

Ok, so still waiting to here back from WireNine, but I found that if I add:

umask 022

in my .bash_profile file, then relogin (or source it) to take effect, everything works fine and as expected, self_upgrade and all.

I have communicated with WireNine that this looks to be a potential issue on their side as this umask should be set by default for their hosting accounts. Hopefully they will fix it automatically in the future, but for now this is the solution :slight_smile:

Still no word from WireNine? Thanks for the solution!

No word. However this is the solution. It’s just a matter of them adding to to their base install. I have communicated his with them.

OK. Thank you!

Reply from WireNine:

Hi Andy,

After doing further research into the matter, it appears Linux distro’s set default umask 002 for normal users. With this mask default directory permissions are 775 and default file permissions are 664. Since Suphp/suexec require a different permission setup, these permissions are not valid and apparently cPanel does not have a default function to fix this issue for ssh access enabled accounts. The only solution is to set "umask 022” in your .bash_profile if you’re working with Shell command. File manager/FTP by default should not have this permission issue.

Hopefully they will set it for all the new accounts (there’s a default file that gets copied to user folder when it is created).

The only solution is to set "umask 022” in your .bash_profile if you’re working with Shell command.

It’s important to add this to the guide at Learn Grav.

It’s important to add this to the guide at Learn Grav.

I added it several days ago :slight_smile:

You guys are great. Thank you!