"No permission to access updater."


When I try to update PHPList via the automatic updater, I get this message:

No permission to access updater.

How do I get the right permissions? I am “super admin”, so I guess I can’t get any more permissions, right?

Best regards,

HI @bkummel, How did you try it? By clicking on the update menu, “try automatic updater beta” notification or something else?

1 Like

Hi @xheni,

I tried both the link in the “try the updater” banner and the “update” menu item. Both give the same result.


I tried the automatic updater for the first time. I always get “No permission to access updater.”

This happens in all my environments.

PHP 5.6.40 (current production) phpList 3.4.3
PHP 7.2.10 (dev) phpList 3.4.3
PHP 7.2.20 (dev test) phpList 3.4.3

I debugged the code in my dev environment and noticed that the $_SESSION variable does not exist any more in isAuthenticated function in updater/index.php after header(‘Location: …/updater’); in redirecttoupdater.php. Before the header command the variable exists and the value of $_SESSION[‘phplist_updater_eligible’] = true;
So, these are true: isSuperUser() && ALLOW_UPDATER.

I tried to add an exit command after the header command in redirecttoupdater.php. That did not help.

Any ideas?

Anyone other having this problem?

i currently am. i’ve installed several versions of phplist over the years, so i’m finding this a bit odd… because I HAVE previously used the updater successfully.

One suggestion is to make your phpList installation directories and files owned by your webserver user… on centos it’s apache… i.e.

chown -R apache:apache lists

The document root and the folder (including subfolders and files) containing phplist are owned by the webserver user.

I had the following line in my config.php:
@ini_set(‘upload_tmp_dir’,dirname(dirname(FILE)).’/tmp’); if ( @ini_get(‘session.save_handler’) === ‘files’ ) @ini_set(‘session.save_path’,dirname(dirname(FILE)).’/tmp’);
The tmp file referred was owned by the webserver use, so that shouldn’t have been a problem.

BTW. phpList still does not check permissions of the tmp folder. If it’s not writable, admin login is interrupted with no error message.

I remember having some problems in the past in viewing session file contents in my hosting environment. That’s why I added this line.

I removed the the line above and automatic update was successfull. I was on 3.4.3 and the only update option offered was 3.4.7-RC1, though.

Hopefully some of the developers see this and manage to figure out why the above line tin the config.php stops the automatic update.

You don’t have permission because the session creation fails.
You have set a custom session.save_path which is dirname(dirname( FILE )).’/tmp. I would suggest using the default settings of PHP.

1 Like

The setting has worked very well for me. I remember having problems, something like 'Cannot browse server".

The directory is writeable and session files are saved there.

The automatic updater seems to be the only problem:).

For the first time, after many times successfully using the update functionality, I am receiving this error. “No permission to access updater.”
I’m trying to click the “update” link in the System area and I get the error.
I don’t see the “session.save_path” or anything like that in my config.php, which are mentioned above.
Any other hints of what I can check?
Currently v3.6.0 – want to apply the update to v3.6.1

Hi veltsu

The same line was in my config.php file as well. I don’t remember adding it. Anyway, removing it fixed the “no permission to access updater” issue.

Many thanks