Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CHMOD help - I need this broken down for me.


Guest

Recommended Posts

Can someone please break down the CHMOD for me.

 

Meaning, who exactly are "user" "group" etc?

 

When I change the permissions so that I do not get the error message along the top of my store ("I can write ot the configure.php file....), then I can not do any admin stuff to the store (add products, etc).

 

What is the permission 'code' that allows me to do all the admin stuff, allows customers to create an account and such, but keeps anyone from writing to the configure.php file etc.?

 

I've done a google search on this subject, but no one really breaks it down for the chmod newbie such as myself.

 

Thank you in advance.

Barb

Link to comment
Share on other sites

Can someone please break down the CHMOD for me.

 

Meaning, who exactly are "user" "group" etc?

 

When I change the permissions so that I do not get the error message along the top of my store ("I can write ot the configure.php file....), then I can not do any admin stuff to the store (add products, etc).

 

What is the permission 'code' that allows me to do all the admin stuff, allows customers to create an account and such, but keeps anyone from writing to the configure.php file etc.?

 

I've done a google search on this subject, but no one really breaks it down for the chmod newbie such as myself.

 

Thank you in advance.

Barb

 

The permissions on the file are called it's mode. chmod or "change mode" lets anyone with write permission on a file change it's permissions. A simple explanation of the numbers is, the number 4=read, the number 2=write, and the number 1=execute. Assume you want a file (file1) to be readable, writable, and executable by the owner (4+2+1), and readable and executable by the group (4+1), and readable only to others (4). Your persmissions would look like rwxr-xr--. To set this you would enter #chmod 754 file1.

 

chown or "change owner" determines who owns a file, and chgrp "change group" to change the group. A file such as:

-rwxrwxr-- 1 sdlasiter wheel 118 Sep 4 08:43 file1

This file is owned by sdlasiter who is in the group wheel. This corresponds with the above owner and group.

 

Hope this helped

 

Steve L

Link to comment
Share on other sites

This might be a little easier for you if you saw how things were put into CHMOD. I highly recommend d/loading the free WS_FTP client. It is wonderful for having to CHMOD files/folders. After you install it, go into your ftp directory and right click any file or folder and then select properties. You're going to have a window pop up and that is where to CHMOD from. What is beautiful about it though is that you can graphically see what you are doing there. Has 9 check boxes in it, you can check and uncheck and it will tell you ALL the CHMOD codes right above it.

 

So you can what a file put into 777 looks like as compared to file that is 755. It's very user friendly and very explantory when you are in there and should be much easier to chmod your files.

 

 

Now you can't add files from your admin area or you can't add images? THe first thing I'd do after d/loading the WS_FTP is go in and chmod your images folder to 777. That should allow you to upload pics from the admin area. Or you can't do anything at all from the admin area? I was a little unclear on that.

Link to comment
Share on other sites

...go in and chmod your images folder to 777. That should allow you to upload pics from the admin area...

 

You didn't read the thread I posted did you?

 

I really can't stress this enough - setting permissions to '777' (or '755' or whatever) because it works is NOT a solution. It **IS** a very very good way of throwing your security away, but it is **NOT** an answer.

 

There are COUNTLESS instances on this forum where people have posted up advice such as "...set the permissions to 777 and...".

 

This is VERY VERY VERY VERY **BAD** ADVICE. It is downright reckless in terms of security and usually shows either a complete lack of understanding or a complete lack of care (or maybe both).

 

You simply CAN NOT state that setting permissions of a file to whatever number you care to mention is correct for any situation without also understanding the configuration of the server and the users / groups involved. This is all very server specific, and if anyone tries to tell you otherwise then they are being very simplistic at the cost of security. A 'general' solution simply does not exist - you need to UNDERSTAND the server config.

 

Rich.

Link to comment
Share on other sites

You didn't read the thread I posted did you?

 

I really can't stress this enough - setting permissions to '777' (or '755' or whatever) because it works is NOT a solution. It **IS** a very very good way of throwing your security away, but it is **NOT** an answer.

 

There are COUNTLESS instances on this forum where people have posted up advice such as "...set the permissions to 777 and...".

 

This is VERY VERY VERY VERY **BAD** ADVICE. It is downright reckless in terms of security and usually shows either a complete lack of understanding or a complete lack of care (or maybe both).

 

You simply CAN NOT state that setting permissions of a file to whatever number you care to mention is correct for any situation without also understanding the configuration of the server and the users / groups involved. This is all very server specific, and if anyone tries to tell you otherwise then they are being very simplistic at the cost of security. A 'general' solution simply does not exist - you need to UNDERSTAND the server config.

 

Rich.

 

Well excuse me Rich. That is what I was told to do when I hd the problem and it worked just fine. While I appreciate you telling me how the risks aren't worth it, you can save your judgements and snarky attitude. No I didn't read the thread you posted nor did you OFFER much insight other than a link. Maybe next time you can exlpain yourself clearer? Just a suggestion before you get rude with people.

Link to comment
Share on other sites

Well excuse me Rich....

 

...Maybe next time you can exlpain yourself clearer? Just a suggestion before you get rude with people.

I wasn't being rude. I was being helpful!

 

The post WAS the insight I was trying to pass on to you, and the follow-up post was trying to warn you of doing something horrible to save you from grief in the future - clearly you're not interested.

 

If someone goes to the trouble of pointing you in the right direction at something; something that may actually be of interest and use to you, and if you then can't even be bothered to click on a link and read what you find there then don't be surprised if you then get a comment like "you didn't read the post, did you?"

 

No - MUCH easier to completely ignore the helpful advice you are being given and then call the poor sod who's trying to help you "snarky".

 

..and people then go on to speculate (incorrectly) [ http://www.oscommerce.com/forums/index.php?showtopic=184772 ] on why the poor sod in question doesn't bother to support his contributions any more!! I wonder why????

 

Rich.

Link to comment
Share on other sites

You didn't read the thread I posted did you?

 

I really can't stress this enough - setting permissions to '777' (or '755' or whatever) because it works is NOT a solution. It **IS** a very very good way of throwing your security away, but it is **NOT** an answer.

 

There are COUNTLESS instances on this forum where people have posted up advice such as "...set the permissions to 777 and...".

 

This is VERY VERY VERY VERY **BAD** ADVICE. It is downright reckless in terms of security and usually shows either a complete lack of understanding or a complete lack of care (or maybe both).

I strongly agree and share your annoyance at the constant blind recommendations to set the images folder to 777 as the panacea for all problems reading images.

 

There have been posts here just recently by people (more than one) who've found that malicious code was injected into their images directory.

 

Geez, I wonder how that could have happened?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

...There have been posts here just recently by people (more than one) who've found that malicious code was injected into their images directory.

 

Geez, I wonder how that could have happened?

Surely you can work that out! - Clearly it's SOMEONE ELSE'S fault !!!! Obviously!!!!

 

Nothing at all to do with whichever moronic idiot suggested / implemented leaving the door wide open and inviting the bad guys in for tea. They probably passed round free swag bags while they were at it too.

 

Oh well, at least they can then add yet another "PANIC" post to this forum describing how SHOCKED and HORRIFIED and **SURPRISED** they are at how anyone managed to break into their oh-so-secure web site!

 

...but its pissing into wind trying and get anyone to listen, I'm afraid.

 

Rich.

Link to comment
Share on other sites

Surely you can work that out! - Clearly it's SOMEONE ELSE'S fault !!!! Obviously!!!!

 

Nothing at all to do with whichever moronic idiot suggested / implemented leaving the door wide open and inviting the bad guys in for tea. They probably passed round free swag bags while they were at it too.

 

Oh well, at least they can then add yet another "PANIC" post to this forum describing how SHOCKED and HORRIFIED and **SURPRISED** they are at how anyone managed to break into their oh-so-secure web site!

 

...but its pissing into wind trying and get anyone to listen, I'm afraid.

 

Rich.

 

 

Helpful huh? Well first off, for someone so helpful, you sure can't read well. Or you'd realized I never ASKED you a question and after your nasty attitude, you can guarantee I NEVER would. Maybe next time somene answers like I did, you can point out why that's a BAD idea without having to resort to calling them a moronic hacker or saying they are doing it on purpose to hack someones site. That would be HELPFUL. You? Just rude.

ANd it frankly, it makes all of your message get lost in the nastiness and rudeness you delivered your so called "helpful advice". This moronic hacker idiot has some "Helpful advice" though on what you can do with yours.

Link to comment
Share on other sites

Helpful huh?...

 

etc etc etc...

A well constructed and reasonable argument. I am honoured to receive such eloquent diatribe.

 

Just a couple of minor points -

 

- I was not rude to you.

- I was not being nasty.

- I did not call you a moronic hacker (or a moronic anything come to that).

- I was not implying that you or anyone else was deliberately giving bad advice with a view to hacking someone else's web site.

 

- I WAS saying that the advice was very very bad, which it is

 

...oh...

 

- And you HAVE been rude to me.

 

Apart from that - spot on!

 

By the way - you need to calm down. You know, chill out. Take it easy. Can't be good for you to get so agitated. Smile a little...

 

Rich.

Link to comment
Share on other sites

I'm surprised, and actually shocked, at the tone this thread has taken. I'm particularly surprised at Richard's comments. What does this thread have to do with your decision not to support the Register Globals Patch you created? Nothing at all as far as I can see.

 

Expecting newcomers to osCommerce (and often to ftp and php etc.) to know about their server configuration and how it works is also not entirely realistic.

 

Yes, I have advised people to set permissions on the images folder to 755 or 777 - after they have failed to be able to access it using other settings. The failure to access it at other settings is usually a good indication that they need to employ either 755 or 777 on the server they are hosted with.

 

Setting permissions on a folder to 777 (full permissions) does not give hackers access to inject malicious code - unless there are other inadequacies on the server, or unless files inside that folder also have full or near full permissions.

 

I'd suggest that the more experienced posters to this thread take a step backwards, take a deep breath, and relax. Flaming others is against forum rules and at least one of these posts could be construed that way.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...