Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to set User permissions.


Zhemoira

Recommended Posts

Posted

After installing I get this message:

 

Warning: I am able to write to the configuration file: /kunden/homepages/0/d105800290/htdocs/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Not sure how to go about setting the user permission.

 

Thanks for your help in advance!

Z

Posted

FTP to your site, right click on includes/configure.php, select Permissions or CHMOD and set to 644. If that doesn't remove the warning, set permissions to 444. Do the same for admin/includes/configure.php

Posted
FTP to your site, right click on includes/configure.php, select Permissions or CHMOD and set to 644. If that doesn't remove the warning, set permissions to 444. Do the same for admin/includes/configure.php

 

 

Thanks... take took care of it! :D

 

Z

Posted

I did that and the warning is still there. My host recently updated to version 5 of PHP, would that have anything to do with it?

 

Every time I've done a search on php 5 or version 5 php the forum search says I am searching for words that are not allowed like html or 'img'... I don't know how else to search for this answer without using php or 5, LOL

 

Thanks!

Posted

Nothing to do with PHP5. Some server set ups won't allow you to change permissions via FTP. Just ask your host to do it for you.

 

You can search using Google: Try This

Posted

Wow,

I never had that happen before. I change my file permissions all the time with ftp. I went into my WHM and changed them manually there and viola, I didn't realize that the ftp client wasn't making the change... it showed that it had been changed, but on the server itself, it wasn't changing. Go figure.

 

Thanks for your help. :)

Posted

I am having the same issue, but the suggested resolution does not work. I have changed the permissions to 400 though all of the following (in order of application): FTP client, Webhost File Manager, SSH. I still receive the permissions warning.

 

Any suggestions?

Posted

Well you could do what I did and edit the bottom of the includes/application_top.php file. Where it says

define('WARN_CONFIG_WRITEABLE', 'true');
you can change it to "false" and it will disable that check. The way I see it, if the file is unwritable like it wants it to be, then there's no harm in just disabling the check if it's getting in my way, lol. Though I'm certain this will come back to bite me in the ass, lol.
Posted

IF that were the case then it would suggest that the check is faulty. I'm in the same position as TheAsylm. But I'd rather ensure that the site is ensure before disabling the check. If it indeed can't write to the file then great but if it can then its certainly a problem.

Posted

You could run a test to see if you can write to it. Save this as write.php or whatever you want and upload to your osC root.

 

<?php
$filename = 'includes/configure.php';
$somecontent = "Remove this text!!!";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

  // In our example we're opening $filename in append mode.
  // The file pointer is at the bottom of the file hence
  // that's where $somecontent will go when we fwrite() it.
  if (!$handle = fopen($filename, 'a')) {
	 echo "Cannot open file ($filename)";
	 exit;
  }

  // Write $somecontent to our opened file.
  if (fwrite($handle, $somecontent) === FALSE) {
   echo "Cannot write to file ($filename)";
   exit;
  }

  echo "<font face='Verdana' color='red'><b>Warning! Warning! Warning!</b></font><br><br><font face='Verdana'>\"<font face='Verdana' color='green'>$somecontent</font>\"<br><br>was added to the bottom of $filename<br><br>This file is writable, please set correct permissions.</font>";

  fclose($handle);

} else {
  echo "<font face='Verdana'>No sweat, the file <b>$filename</b> is not writable.</font>";
}
?>

 

Now run it from your browser - www.your_domain.com/write.php

 

You'll either get a message telling you configure.php has been written to or not. If it has, you need to remove the text written to it at the bottom of the file and you'll need to change permissions.

 

Scipt from php.net :thumbsup:

Posted

index still gives the warning on 444. I understand that its more strict but a readonly file should still be capable of opening isn't it?

 

 

But not opening for append right. That's why.

 

So it wasn't exactly definitive. I still get the error on index.php, but should I be confident in the fact that it can't be written to?

Posted

The whole point of the script was to see if your configure file could be written to. At 644 it tells you it can be but at 444 it is safe. Mission accomplished - don't over analyse!

Posted

Yeah I suppose. Anyone know offhand where the code it that performs the check? It'd be nice to see what is happening, or what its doing differently but in the meantime I can comment out the code that makes the call.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...