Drupal 7 newbie question: Node Access Permissions = disabled? - drupal

I've worked in D6 for quite a while, and am just now dipping my toe into D7. I've got the basic installation working on my server and all's well; the only thing I don't understand is whether I should be bothered that admin/reports/status is telling me that Node Access Permissions are disabled. I understand that NAPs are nothing new to D7, and I've had occasion to rebuild the permissions once or twice in the past. But the new admin page calls out the disabled status explicitly, so I'm now wondering about stuff I hadn't wondered about before:
What does it mean for these to be disabled (I'm logged in as user 1, if that matters)?
Should I try to reconfigure the system or my server to get them enabled? What would I gain by having them enabled?
Thanks!

Everything should be perfectly fine.
That only means that you are not using any module that is declaring node permissions so all nodes are visible for users with the view content permission.

Don't know if it's perfectly fine, but on my drupal site, since I upgraded to 7.2 (a security update it said) spammers are able to create new users (even though it's reserved to administrators now and the 2 only administrators did not login in between), create post with spam HTML links every day by the dozen!
Here is what it says on the status report:
Node Access Permissions Disabled
If the site is experiencing problems with permissions to content, you may have to rebuild the permissions cache. Rebuilding will remove all privileges to content and replace them with permissions based on the current modules and settings. Rebuilding may take some time if there is a lot of content or complex permission settings. After rebuilding has completed, content will automatically use the new permissions. Rebuild permissions
When I rebuild permission, it takes a few seconds only and the same message appears.

Related

HttpContext.Current.User.Identity.Name is incorrect but only for me

We have a number of webpages that employees can access. I have a table, in a database, which determines who can access the individual pieces.
I use HttpContext.Current.User.Identity.Name, to get the current username, and then determine whether they are allowed to access the page they are requesting. If not, they are redirected to an access denied page, which has contact details where they can request access.
This is been working for months and is still working for everybody, except me! As well as my usual active directory account, I have what we call a developer account to login to servers et cetera. When I run the webpages on my PC, either through visual studio or IIS, I have determined that it is working because it is using my standard active directory account.
I am not aware of making any changes. I was actually just going through the pages as part of a documentation exercise.
However, as soon as I try to browse the pages on the server, it appears to be using my developer account! How do I know this? Firstly, I have built a test page that displays the current username. Secondly, I have an audit table, which records who try to access what page, when and whether they were allowed access.
Yes I could add my developer account to the users table but that would obviously not be my preferred solution. I have been working on something else for the past few days (nothing to do with this) and based on the audit table, I think this problem started today.
Any ideas?

Drupal 7 admin/config/people/accounts not displaying correctly. Cannot restrict User Account Creation

I'm trying to limit the ability for user accounts to be created. My host has noticed spam activity on my account and has suggested that it is being generated by accessing the user account creation script directly.
When I try to access that feature in Drupal 7, the Setting tab doesn't render correctly. Fields and Display tabs function correctly.
Screen Snap
If your host is right about the script being accessed directly, then your site might be hacked.
Since you also have problems with rendering of the settings tab, I would execute these steps in this order:
Follow the instructions for updating Drupal, starting with backup of
the database and the files:
https://www.drupal.org/docs/7/updating-your-drupal-site/update-procedure-minor-version-change
Set secure permissions for files and folders: https://www.drupal.org/node/244924
The second step alone might help stopping the user creation by direct access to the script, but it will not get back the original settings tab.
In back-end go to Configuration -> People -> Account settings. There is a section Registration and cancellation and Who can register radio buttons group where you can forbid anonymous user create account. If that's already set well and people are still registering then it really is possible that your site has been hacked.

Orchard can't access file due to permissions

I recently started an Orchard-CMS website. That's a new CMS which uses ASP.NET MVC 3. http://www.orchardproject.net you can find more info.
It has to be really easy to install a theme. But everytime i try that, i get the error that the dependencies.xml file is not accessable. (Orchard needs the dependencies.xml file, to write the links to new theme's and modules)
My site is running on an IIS7 local machine and i granted all permissions to the ASP.NET user and the NETWORK USER. But i still have permission-problems, any ideas?
By default the IIS 7 application pools run under IUSR account, so you should grant this user the appropriate permissions. From security perspective it's good to create a new, separate account for each application pool and I'd advise you to do so. It'll also give you more fine-grained control.
Also, check whether the permission changes were correctly propagated to App_Data and App_Data/Dependencies folder and their content. If not, change permissions for Dependencies folder explicitly. I've noticed that sometimes they don't get propagated correctly if you change permission at the root level.

cannot access drupal admin site

I am in the process of moving my drupal site to a new IIS server. I had it running perfectly on one server. I disabled all non-core modules, turned off clean urls, put the site in maintenance mode and moved the files and database to my new server. I am able to bring the new site up fine. I can view the main page as well as other content. I can even create new content.
However, whenever I try to access the admin page, I am getting a 500 error on the server. I am not getting anything in the server logs to indicate what the problem might be. Does anyone have any idea what might be going on?
Thanks for any thoughts.
Is the menu router menu system not rebuilt correctly?
Try getting to the Modules page, Menu page, or run cron.
There could be many reasons why you cannot access the administrative pages, including the fact the database tables have not been correctly moved.
Check the content of the table users, and verify the user account for the "super user" (the one with user ID equal to 1) has still the user ID equal to 1. That is a particular user that has automatically any permission; if the user ID is not 1 anymore, then the account becomes a normal user account, and it needs to be expressly allowed to do anything.
you don't need to disable clean urls, this is how your enable them in IIS:
http://learn.iis.net/page.aspx/505/install-drupal-on-iis/
could be something to do with clean urls, i also had this problem when recently removing my website to IIS, clean url's fixed this issue!

FTP Error 530 User cannot login

I am trying to FTP to a new FTP site I setup with IIS 7.0 for the Windows Server Web (64-bit) edition. But I get the above error when I try to login to this site. But I can login to my other FTP sites.
Also, when I select this website from IIS Manager, the FTP section does not display in the middle section although it does display in Action panel. And I cannot successfully login to this FTP site either.
I have checked and I have Log on locally selected. I do not have allow only anonymous connections. I have Access this computer from the network selected.
I restarted my IIS and FTP services also.
The one different thing I noticed about this website in IIS different from the other site that has FTP working is that this one there are 3 virtual directories beneath the site. And that when I click on any one of these 3, then the FTP strip does appear in the center pane. Make sense?
How can I debug cause of this error? Any SW tools I can use?
Have you tried logging in from the FTP server? If you do this, and have "Show detailed messages from local requests" enabled under FTP Messages, then you'll get a clearer idea as to why the login if failing. In my case I got the following message (I am using IIS Manager Users, and Passthrough authentication)
530-User cannot log in.
Win32 error: Access is denied.
Error details: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
Error: Cannot read configuration file due to insufficient permissions
To solve this I gave the NETWORK SERVICES user read only access to the config directory specified in the error message. I'm not 100% sure this is the right thing to do, but it certainly fixed this issue for me.
in my situation, I was missing Role Service FTP extensibility, which is actually allows IIS Manager Auth.
This is pretty tricky, as you could allow IIS Manager auth, but still it would not work until you have not installed FTP Extensibility
In my case I forgot to enable the Basic authentication
There seem to be many different possible causes. In my case, I was unable to login with the plain "username" with the same error as mentioned.
It was solved when I logged in with ".\username" instead.
For some reason the FTP client was trying to login with a domain account, while I just wanted to login with a local computer account.
Hope this helps someone.
Try submitting your credentials in this format:
UserName: Domain|Username
Password: secretSquirrel
I had the same problem, I removed the FTP site and followed this:
http://www.iis.net/learn/publish/using-the-ftp-service/configure-ftp-with-iis-manager-authentication-in-iis-7
Prerequisites - I set the permissions on the folders using the 4 command samples but this did not alone fix the issue, so I cannot in good faith say this step is needed, but it is what I did and it now works.
CONFIGURE THE IIS MANAGEMENT SERVICE AND ADD AN IIS 7 MANAGER -
Just do step 4, removing the existing user first and then re-adding them.
Creating a New FTP Site and Configuring an IIS 7 Manager Account -
All the steps here
CONFIGURE THE FTP SITE TO USE IIS 7 MANAGER AUTHENTICATION
All 12 steps here, including the "administrator" setting in step 5.
Then it started working for me, I am guessing when I did this without a guide I skipped something simple.
In My case I have made that user a member of IIS_IUSERS.
Using IIS Users.
Do not isolate users -> User name directory was working fine. Users started in the right folder.
When I was switching to Isolate Users -> User name Directory I had the following error:
Response: 530 User cannot log in, home directory inaccessible.
Win32 error: The system cannot find the path specified.
For some reason, you need to add the LocalUser virtual directory that points to your root.
It has to be that exact name and it's case sensitive.
That worked for me.
Per this knowledgebase article, you would need the log on locally privilege enabled.
http://support.microsoft.com/kb/200475
I had the exact same error. In my case, I was using a local user defined on the server running FTP. The username was very short (3 characters). I could "run as" this user on the server, confirming that Windows was Ok with it, and allowed it to authenticate. But when testing FTP, it would return User cannot log in.
Solution? I renamed the user to be longer (4 characters). Of course, updated its name under Authorization as well. Then FTP worked. Hope it helps someone!
For me, I've configured the IIS as per usual procedure properly. The anonymous authentication was working but specific user are not.
because, the user accounts were created in IIS. Actually it was also supposed to be created Windows local accounts.
Then it worked.
Please Check the security of folder which is use that ftp .
see if the user or group you select for that ftp is associate with security of that folder .
In my case I had to remove domain from user.
So, your user should be like username, not like domain\username.
Hope it helps to somebody.
For some reason my user was "locked". So I could "unlock" it at local user manager (computer management). Now it works fine. I hope it helps.
I would recommend checking FTP logs first. The status code will give you more information about the issue. Here is the explanation of the status codes: The FTP status codes in IIS 7.0 and later versions
I had this issue because my IIS didn't support passive mode. After entering data in FTP Firewall Support module, the issue was solved.
More scenarios from this post 530 User cannot log in, home directory inaccessible
Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
I spent long time looking for a solution, I've tried every shared answer on the internet and nothing could solve the issue. It is an issue I was ignoring for years and I never could fix.
Ok, I've Plesk installed and I'm not sure if it has some effect on IIS FTP to do the following behavior ...
Using Process Monitor tool, and making ftp login request and watching the tool and doing your investigation using this tool, you can get a hint about the REAL reason of the problem.
For me, I found out that IIS FTP was trying to access the ftp folder from a path DIFFERENT than the actual ftp path I've set, I do not know why, but maybe Plesk has some effect on this.
The actual ftp path is
C:\inetpub\vhosts\zidapp
The path that IIS FTP was trying to access DURING the login process is
C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user
I fixed the issue by creating a folder link from 'actual' folder path to the path IIS was trying to access - using the tool mklink tool
CMD command
mklink /d C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user "C:\inetpub\vhosts\zidapp"
I've fixed the issue that way, so wen FTP is trying to access the folder from the wrong path, it is now goes to the correct one.
Please note doing folder shortcut wont work for this, you need a link like linux, not a shortcut ...
I hope it will help you :)
You can check the reference account you are using to log in.
Mine happened to be locked out causing the 530 error.

Resources