rejetto forum

uploading problems

Guest · 4 · 744

0 Members and 1 Guest are viewing this topic.

HFSamatuer

  • Guest
Hi,
I'm having trouble consistently uploading to HFS.  When the home page is loaded, you have to login with user ROOT.  If you browse to the upload folder, you have to login with user UPLOAD.

This weekend I uploaded two small .txt files (on separate browser sessions) with no problem from my sister's house.

Today from work I tried to upload some files and the upload would start and go but then would stop and never finish.  When I got home I saw in HFS:
  <date> UPLOAD@<IP>  Requested GET /<uploadfolder>/
  . . .
  <date> ROOT@<IP>  Upload failed, Not allowed: <filename>

I tried again from within my home LAN and got the same failure.  (Except one time it worked when I used the browser's URL history to get straight to the upload folder, logged in as UPLOAD and it worked.)  I don't understand how it worked from my sisters house!

I created the account UPLOAD and it is listed in the user account dialog.
I set the ROOT account by just right-click on the home folder in HSF -> Set user/pass (that is, user ROOT is not in the user accounts dialog).

So, it seems that user ROOT is actually making the upload request after logging in to the upload folder as UPLOAD, and ROOT doesn't have upload/write rights.

How do I give general restricted access to the site, but restrict upload access to the upload folder to only a super set of users?  Or, should this work and there another problem altogether?

Thanks,
Justin


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13304
    • View Profile
if you suspect a bug in upload permissions, i ask you to experiment a little until you can see the problem once again.

your settings of root+upload should be ok.
anyway, another useful configuration is:
2 accounts:
account1: simple access
account2: access+upload

you restrict access to the root to both account1+account2
and the restrict upload to only account2


HFSamatuer

  • Guest
Rejetto,
I appreciate the help.  First, can you please further explain this:
"2 accounts:
account1: simple access
account2: access+upload"

It sounds like you are assigning privileges to the accounts, but I don't see where I can do that.  So, I what I did do was give root access to both accounts, and I gave upload folder access to account2 only.

However, this did not fix the problem.  I still believe there is a random problem with this scenario (two accounts being used for the same session).  I can get the upload to work sometimes.  I see the problem in the output/log.  The root account is sometimes getting the various transaction calls, instead of only the upload account.  When using the SeaMonkey browser, it seems that it is highly probable for this to happen if I force the progress pane or secondary progress window (and less probable with IE).  See this log snippet where the account that is used for the transactions changes back and forth:
* * * *
1/18/2009 9:13:37 PM UPLOAD@<IP>:51515 Requested GET /UL/~upload+progress
11/18/2009 9:13:37 PM UPLOAD@<IP>:51515 Served 149 B
11/18/2009 9:13:37 PM <IP>:51516 Connected
11/18/2009 9:13:37 PM <IP>:51517 Connected
11/18/2009 9:13:37 PM ROOT@<IP>:51516 Requested GET /~progress
11/18/2009 9:13:37 PM ROOT@<IP>:51517 Requested GET /UL/~upload-no-progress
11/18/2009 9:13:37 PM ROOT@<IP>:51517 Not served: 401 - Unauthorized
11/18/2009 9:13:37 PM ROOT@<IP>:51516 Served 1004 B
11/18/2009 9:13:37 PM <IP>:51518 Connected
11/18/2009 9:13:37 PM UPLOAD@<IP>:51518 Requested GET /UL/~upload-no-progress
11/18/2009 9:13:37 PM UPLOAD@<IP>:51518 Served 1.30 KB
11/18/2009 9:13:53 PM ROOT@<IP>:51516 Requested GET /~progress
11/18/2009 9:13:53 PM ROOT@<IP>:51516 Served 1004 B
11/18/2009 9:13:57 PM ROOT@<IP>:51516 Upload failed, Not allowed: file.txt
11/18/2009 9:13:57 PM ROOT@<IP>:51516 Uploading file.txt
11/18/2009 9:14:48 PM ROOT@<IP>:51518 Requested GET /UL/
11/18/2009 9:14:48 PM ROOT@<IP>:51518 Not served: 401 - Unauthorized
* * * *
OR - here is what happened one time during login at root and upload:
* * * *
1/18/2009 9:29:16 PM ROOT@<IP>:1471 Requested GET /UL/
11/18/2009 9:29:16 PM ROOT@<IP>:1471 Not served: 401 - Unauthorized  <-- expected
11/18/2009 9:29:20 PM UPLOAD@<IP>:1472 Requested GET /UL/
11/18/2009 9:29:20 PM UPLOAD@<IP>:1472 Served 1.30 KB                     <-- upload login
11/18/2009 9:29:20 PM <IP>:1473 Connected
11/18/2009 9:29:20 PM <IP>:1474 Connected
11/18/2009 9:29:22 PM ROOT@<IP>:1474 Requested GET /UL/~upload    <-- user changed
11/18/2009 9:29:22 PM ROOT@<IP>:1474 Not served: 401 - Unauthorized
11/18/2009 9:29:22 PM UPLOAD@<IP>:1472 Requested GET /UL/~upload <-- user changed
* * * *

If I login to root and upload with the same UPLOAD account then there is no problem because all transactions get the higher privileges.

When the root account gets the call, the file uploads but not to the upload folder.  (So, where is it going??)  Then after the upload is finished HSF reports a 'not allowed' failure.

Justin
« Last Edit: November 19, 2009, 10:08:45 AM by Mars »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13304
    • View Profile
sorry for the late reply.
what i meant was to use the upload account since the beginning.
people should not use the root account if they also know the upload password, or at least i don't see a good reason.
this should workaround the "switching" problem.