You don't have permissions to browse server

I’ve been struggling with this one for a couple hours:

Installed through Installatron on a linux hosted server with PHP Version 5.4.45, phpList 3.2.4, using CKEditor.

Image directory created:



define(‘UPLOADIMAGES_DIR’, ‘uploadimages’);

ckeditor settings:

File system path to the upload image directory. Usually leave this empty.


But every time I go to upload or browse I get a “You don’t have permissions to browse server” popup error.

I’ve tried editing the path in config to be the full path, but then I get the message at the bottom of the editor about the folder not existing etc. Also altered ckeditor system path to “/home/jdydb/public_html/uploadimages”, I then get back to the popup error.

I’ve read through a few posts on here and from everything I’ve seen this should be working and I’m now a bit stuck, could it be something on my server permissions (folders are 755, tried 777, no joy)

Any help much appreciated!

Hello! Here is what works on my system:
in the config.php file:

# If you want to upload images in the editor, you need to specify the location
# of the directory where the images go. This needs to be writable by the webserver,
# and it needs to be in your public document (website) area
# the directory is relative to the webserver root directory
#   eg if your webserver root is /home/user/public_html
#   then the images directory is /home/user/public_html/uploadimages
# This is a potential security risk, so read for more information

and in the file system on the server:


the permissions on the uploadimages directory need allow the web server to read and write:

ls -l uploadimages
drwxrwxr-x 4 username groupname     4096 May 10 03:32 uploadimages

In the example above, your web server (apache, www-data, etc) would be the user, or in the group specified by ‘groupname’)

Perhaps @duncanc can provide ‘more secure’ settings for the uploadimages directory.

@jjb72 Possibly a problem with session handling. Something like this arose in the past, I think it was caused by phplist having a separate session to ckeditor/kcfinder.

Hmm, ok, given me something to look into, thanks for the replies!

@jjb72 Try to find out whether you have a custom session handler, or have specified some local settings in a local php.ini.

See but I have never tried to make kcfinder work in the non-default way so cannot provide any great insight.

@duncanc Local and Master values all match and there’s no local settings that I can see.

I’ll contact the host and see if they can shed any light on it, might be something they’ve done, will post back if / when I find the issue.

Thanks for your help.

@duncanc @danwaterloo My incredibly awesome hosting company (nethosted in the UK) tracked it down last night, if anyone else has a similar problem the fix was:


‘disabled’ => true,


‘disabled’ => false,

Is this something that may cause problems?

Thanks for your help both.

@jjb72 That change is just working around the problem, rather than solving it.
It is not recommended because it makes the file browser/uploader available to anyone, not just someone who is logged-in as a phplist admin.

The plugin sets ‘disabled’ to false in a session variable, but it appears that phplist has a separate session to kcfinder, so there is no sharing of those variables.

1 Like

Ah, ok, I thought that might be the case, I will revert the setting.

It’s a bit odd, can’t see anything in any settings that would be causing it to have a separate session and neither can the host.

Will have to live without the feature I think, if I get more time I’ll try and fix properly and post back.

@jjb72 I don’t think that it is so much of a security issue to stop you using image browsing and uploading. Potentially someone can upload images to your site.

You can reduce its visibility by renaming the kcfinder directory, and entering the new name on the Settings page in Path to “kcfinder”. That will reduce or remove the chance of someone guessing a valid url.

If you have the time to try to debug this, you can add extra information to the pop-up message. In file kcfinder/core/class/browser.php line 89 is

           $message = $this->label("You don't have permissions to browse server.");

You can include a dump of the session by adding this line immediately after:

            $message .= print_r($_SESSION, true);

If that doesn’t show anything then it indicates that a new session is being created. Possibly try dumping some php settings as well

$message .= print_r(ini_get('session.save_path'), true);


I have similar or same problem like @jjb72, I can not browse or upload images. Version of phplist 3.2.5, CKEditor 2.1.2

Print screen:

Files and folder permissions:
[user@openFHO public_html]# ls -ld /var/www/public_html/uploadimages
drwxrwxr-x 4 apache apache 4096 May 27 13:40 /var/www/public_html/uploadimages
[user@openFHO public_html]# ls -l /var/www/public_html/uploadimages
total 4
drwxr-xr-x 2 apache apache 4096 May 27 13:40 image

config.php file
define(‘UPLOADIMAGES_DIR’, ‘uploadimages’);

I realy hope anyone can help me. For more info I am available.

p.s. On same server, under another Virtual Server and DocumentRoot, with phplist 3.2.1 and CKeditor 2.0.0 I dont have any problem.

@matjazp The problem is not to do with file permissions but the permission to use kcfinder, the file manager. This should work so long as phplist and kcfinder both use the same php session, but the message “you don’t have permissions …” indicates that they are using different php sessions.


If you are not able to find and change the php session problem then you will have to make the change to the kcfinder config file.

1 Like

Hi @duncanc. Thanks for your fast response and sorry for my delay reply.
In this time I am study your words and tried to resolve problem, but without sucess.
*First I tried to manage php sessions, file /kcfinder/conf/config.php
‘_sessionVar’ => “KCFINDER”,
‘_sessionLifetime’ => 30,
‘_sessionDir’ => “/tmp”,
‘_sessionDomain’ => “”,
‘_sessionPath’ => “/tmp”,
In folder /tmp i can find sessions files (sess_go7hf27jnfced65t5ggn79mfm2)
After that problem still exist

For test I put wrong path in sessionPath’ => “/tmp1234”, when I tried to upload images get error “you don’t have permissions …” After change back, no longer message.

*Second, I changed settings from true to false, file /kcfinder/conf/config.php
‘disabled’ => flase,
‘uploadURL’ => “upload”,
‘uploadDir’ => “”,
‘theme’ => “default”,
Still problem exist.

*Third I disabled plugin CKeditor and enabled FCKeditor and try to upload.
Again I can not upload images with FKCeditor.
Log: PHP Notice: Undefined index: UserFilesPath in /var/www/public_html/lists/admin/plugins/fckphplist/fckeditor/editor/filemanager/connectors/phplist/config.php on line 144

Popup message

This means, regardless on plugin which I use, I can not upload image.

Again my problem:

When I try to upload image in campaign, press Image button,
I get popup window without file filders and image list. Only toolbar butons.
And I can not upload, regardless browser. On same server in diferent
DocumentRoot, a sucsessfully use another phplist for another company.

@matjazp Originally I thought you said you were also getting the "you do not have permissions … " message but you are now describing a different problem.

Possibly KCFinder is not deriving the path to the image directory correctly. You can try entering the file system path to the UPLOADIMAGES_DIR directory on the Settings page, see

and revert to the original plugin code without any of your changes.

Path is ok, because if I delete sub-directories image and flash, then KCfinder create sub-directories back.
All plugin files with default settings I am reverted two times.
This problem exist immediately after instalation (phplist 3.2.5 with included CKeditor), without any changes in configuration files.

@matjazp Can you try using firefox web console to see the network requests.

Open the KCfinder popup window, the one where you have the problem, then open the web console using ctrl+shift+k and refresh the popup window with F5. That should show the requests and possibly what is not working.

Ahh… The power of a good search in the forum is amazing. Thanks for fixing an issue I encountered today. :grin: