binh Posted June 17, 2007 Posted June 17, 2007 Did a clean install of 2.2 onto a shared server environment following the instructions at oscdox. All went well but when I open the catalog, i get the following warning: Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. where <path> is obviously the full path to /catalog. Now, the installation told me to use chmod 706 on configure.php and if that didn't work, chmod 755. Have done both and still getting this message. What should I set the permissions to on this file? what can i do to get ride of this warning please help thank Q
edgy Posted June 17, 2007 Posted June 17, 2007 Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. what can i do to get ride of this warning please help I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue.
binh Posted June 17, 2007 Author Posted June 17, 2007 I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue. hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange thank Q
ChrisW123 Posted June 28, 2007 Posted June 28, 2007 hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange Same here, I've tried both of these but I keep getting the Warning message also. One thing to note is, I have run this exact same website on other webhost's servers with no problems using 644, so there must be some difference between the host setups in my case. Anyone else have ideas on what could be wrong?
germ Posted June 28, 2007 Posted June 28, 2007 I read some lengthy thread around here on this subject.... One person's solution was this: They had been trying to change the permissions via their FTP program, and it never worked. They logged on and used the control panel provided by the Host, and the changes worked. I don't know if this applies in your case. As always, your mileage may vary... :huh: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ChrisW123 Posted June 28, 2007 Posted June 28, 2007 Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem. :thumbsup:
ppccJohn Posted April 14, 2008 Posted April 14, 2008 Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2. Receiving this error as stated above (and I'll repeat here): Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Permissions on file currently are: Full Modify ReadExe Read Write Special Administrators: Allow Allow Allow Allow Allow None System: Allow Allow Allow Allow Allow None Users: None None Allow Allow None None I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?
robrobinson Posted April 16, 2008 Posted April 16, 2008 I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message. Has anybody successfully avoided this error message? Thank you, Rob Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2. Receiving this error as stated above (and I'll repeat here): Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Permissions on file currently are: Full Modify ReadExe Read Write Special Administrators: Allow Allow Allow Allow Allow None System: Allow Allow Allow Allow Allow None Users: None None Allow Allow None None I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?
Guest Posted April 16, 2008 Posted April 16, 2008 some hosts are absurdly disallowing ftp file permission changes whereas allowing php (or other script languages) to change file permissions. generally for the sake of their control panel to be able to change the permissions. which is in fact a more precarious situation in regard to security, it should be vice versa. if your host's panel doesnt set the perm right still, you can do a trick to change file perm through php. you need to use chmod in php. but then again, if you are not able to change file perm through ftp or your host's control panel, you should give them a call to ask whats going on with that.
Guest Posted April 16, 2008 Posted April 16, 2008 I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message. Has anybody successfully avoided this error message? Thank you, Rob if you are sure that you set perms right, and php cant recognize the perms correctly, just go to application_top.php under includes, and set WARN_CONFIG_WRITABLE define to FALSE. that should suppress false error messages.
alexander85 Posted July 4, 2009 Posted July 4, 2009 Hi, has anyone found a solution to this known problem? I am having this problem and it is becoming very annoying and hard to find a solution. Honestly a while back I solved it somehow, and installed new installation of osCommerce and have this same problem, yet can't remember what I did last time. I compared the permission settings for both stores and they look exactly same, so I am stuck. And I don't think I removed the warning code last time either. I am using IIS and the Internet Guest is set to read only. As a matter of fact once I installed the osC. store, I had 2 warnings about two configuration files, I have set same permissions for both and one warning disappeard, yet the other one still her. It is obviously some problem with osCommerce not reading permissions correctly. I hope the osCommerce support/troubleshooting team is seeing posts about this problem and can provide a fix, because this is a problem. Please reply anyone if you have a solution for this, I am stuck on a project because of this and short on time. Thanks in advance!
♥ecartz Posted July 5, 2009 Posted July 5, 2009 In Windows, right click on the file; select Properties from the menu; click the Read-only checkbox to checked; click Apply; click OK. This is a Won't Fix bug with PHP: http://bugs.php.net/bug.php?id=27609 Always back up before making changes.
msafiri85 Posted March 9, 2010 Posted March 9, 2010 Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem. :thumbsup: Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway? Thanks
spooks Posted March 9, 2010 Posted March 9, 2010 Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway? Thanks He's not talking of filemanager within osC admin, that must not be used but deleted, an open door to hackers. Its filemanager within your hosting cPanel, select the file then change permissions Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
allgamer Posted May 5, 2010 Posted May 5, 2010 That is exactly what i did, and it solved the problem. I had to use the set permissions in Cpanel from my host provider and set it to 444, then the warning message went away. I read some lengthy thread around here on this subject.... One person's solution was this: They had been trying to change the permissions via their FTP program, and it never worked. They logged on and used the control panel provided by the Host, and the changes worked. I don't know if this applies in your case. As always, your mileage may vary... :huh:
[email protected] Posted August 16, 2010 Posted August 16, 2010 Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem. :thumbsup: Yes, it worked!! vs_indr
Acknowledeged74 Posted September 2, 2011 Posted September 2, 2011 Yep same with me, kept trying it in the ftp, but as soon as I change permission to 444 in host c/panel, and refreshed admin, got message; 'This is a properly configured installation of osCommerce Online Merchant!' Perfect Tankya
stah Posted October 8, 2011 Posted October 8, 2011 Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway? Thanks Hi, try so: -------------------- Chmod What is chmod Chmod is essentially what rights a specific file or folder have. These rights decide whether a file can be read and executed and where. You can for example assign rights to a file, which means that it cannot be viewed in a browser, but can still be viewed, when accessing your web space via FTP. You should not change chmod for files or folders, except if you are told to do so or if you are aware of the consequences changing chmod can have. How to change chmod? To change chmod on a file or folder, you should log on to your web space, using an FTP-program like FileZilla. Right-click the file you wish to change chmod for and choose chmod/attributes/rights. From here you should be able to set the rights. Standard chmod rights For files the standard chmod is 644 and for folders it is 755. Changing chmod to 444 Some scripts (mainly OsCommerce) have files that needs to have chmod 444. This is not possible to do via FTP, but should in stead be done via PHP. Please copy/paste the following code to a blank text document: <?php $filename = "file.php"; chmod("/customers/mydomain.dk/mydomain.dk/httpd.www/$filename", 0444); echo "chmod for $filename was changed"; ?> file.php should be changed to the file that you wish to change chmod for. If the file is located in a subfolder, you should enter this here as well, i.e. subfolder/file.php. Save the file and upload it to your web space and access the file via a browser. The file's chmod will now be changed. ------------------
Redlady2 Posted October 26, 2011 Posted October 26, 2011 Would someone be able to give me the "find the file" for dummies version? I cannot see this file at all. Where is it exactly? Your help is greatly appreciated as I am very much a newby to this program. Debra
♥geoffreywalton Posted October 26, 2011 Posted October 26, 2011 /catalog/includes/configure.php HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
kate-mac-key Posted June 25, 2012 Posted June 25, 2012 Replying to Warning: I Am Able To Write To The Configuration File: <path>/catalog/includes/configure.php it works in this way )
Guest Posted June 25, 2012 Posted June 25, 2012 @@kate-mac-key The proper permissions are 444. You don't want 446 (World writable) Chris
Recommended Posts
Archived
This topic is now archived and is closed to further replies.