CFFILE - uploaded images giving 403 error on Ubuntu


i have a development server running most recent lucee on windows and my production server is Ubuntu 22, fresh install of everything.

i’m uploading images to link to a user profile and it’s working fine on the windows machine but the profile images are giving a 403 error on the production server.

i’ve checked that the owner of the files is the same as the user running lucee, permissions after upload are 0640 on the files.

any thoughts?!

Is the 403 on the cffile upload action? Or when a user views the image in a browser? Either way, is the destination in the cffile upload a web-accessible folder?

And if the problem is on the upload itself, as a sanity check can you confirm that if you do a cfabort/abort before the upload action, the 403 no longer happens?

the 403 happens when trying to view it, the upload happens just fine as desired.

it’s looking like i need to change the permissions to 755 when i do the upload, i’ll try that quick and verify that’s the case.

yes that was the case, just needed to add mode=“755” to the cffile tags!

thanks so much!

The problem was likely that your web server (eg apache) didn’t have permission to read the file, so when you changed it to 755 you gave read permission (and execute) to everyone on the file. You can probably use 744 instead if you don’t want to give the execute permission bit. You could also solve the problem with groups by having a group with both lucee and apache’s user.

1 Like

thanks for the tip! it’s only accepting image files so it shouldn’t be an issue but no harm in doing it right.

1 Like

issue has cropped up again but with a new tag, i’m trying to use cfimage to make a thumbnail of the aforementioned images.

it’s working just fine, however i’m once again getting bad permissions, on the thumbnail file once it’s created (640)

is there anything perhaps more “global” i can do to avoid this happening…?

also, i’ve tried using cffile to rename the thumbnail with a new mode but that’s not working for some reason? ownership looks correct, just the permissions are 640 instead of 744

also just to add, once again it’s creating/dispaying the thumbnail just fine on the windows dev server, but breaking on linux production server.