yazawa Posted July 3, 2008 Posted July 3, 2008 Hi. I'm new to osCommerce and am having problems with putting up images for my products. Every time I select a photo when editing the product, I get the error Catalog images directory is not writeable. I've tried changing the image directory file attributes, but it doesn't make any difference. I've even uploaded the image separately, then tried direct linking but it still didn't work. What am I missing? Thanks.
satish Posted July 3, 2008 Posted July 3, 2008 Thru website cpanel(provided by hosting company) go to the image folder theu some file manager code. Then sett the permission to 777. If still there is a problem then You need to chek Your configure.php file. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does.
yazawa Posted July 3, 2008 Author Posted July 3, 2008 Thru website cpanel(provided by hosting company) go to the image folder theu some file manager code.Then sett the permission to 777. If still there is a problem then You need to chek Your configure.php file. Satish Thanks. That worked. I originally only gave full authorization to Owner. Strange it had to be completely open.
germ Posted July 3, 2008 Posted July 3, 2008 Setting any web accessible folder to 777 permissions is a huge mistake, IMHO. If you do that, it's not a question of IF you get hacked, it's only a question of WHEN. :o Folder permissions should be no higher than 755. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
satish Posted July 3, 2008 Posted July 3, 2008 Yes do make the permission 755 as stated in above comment. Thanks Germ for correcting Me. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does.
yazawa Posted July 3, 2008 Author Posted July 3, 2008 That's what I had it set to originally. Thought it strange to give full access. I've changed it back now. Hope it still works when I add a new product.
germ Posted July 3, 2008 Posted July 3, 2008 If you Admin gives you an error about the images folder not being writable, read this thread: Click Me If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
yazawa Posted July 3, 2008 Author Posted July 3, 2008 Set my attributes to 755, and the error is back. Seems a royal pain in the butt to have to change it back and forth as I add new products.
germ Posted July 3, 2008 Posted July 3, 2008 You didn't read the post I linked to? :unsure: The real root of the problem (I'm told) is the way the server is setup and running PHP. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
yazawa Posted July 3, 2008 Author Posted July 3, 2008 You didn't read the post I linked to?:unsure: The real root of the problem (I'm told) is the way the server is setup and running PHP. Did read it. It only talked about hacked sites. If you are right about the real root, I'd don't have a clue as changing the server setup for running PHP. If you could link to a source on that topic, it would be a great help. Thanks.
germ Posted July 3, 2008 Posted July 3, 2008 The post also mentioned a contribution you can install to help out (called osCFileBrowser). This is what I've been told why this happens: Your server is running PHP as a module as opposed to as a CGI with phpSuExec. Your set up requires permissions of 777 whereas the CGI/phpSuExec set up doesn't allow 777 at all but has a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else). In short to have working 755 folders you would need the host to change the set up. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
yazawa Posted July 3, 2008 Author Posted July 3, 2008 The post also mentioned a contribution you can install to help out (called osCFileBrowser). This is what I've been told why this happens: Not sure if this is the issue or not. I'll have to research it through my hosting site and see if that's the case. Thanks.
Guest Posted July 4, 2008 Posted July 4, 2008 ask your host to install suexec, then run php with cgi handler. this will clear the errors and allow you to write to your folders with php and also add an extra layer of security to your site, your scripts will not operate outside of your assigned directories and vice versa (especially nice feature for shared servers) if they won't let you run suexec, leave as fast as you can. there's no reason anybody should be forced to use 777 - this is a php issue, not oscommerce.
nonickch Posted July 6, 2008 Posted July 6, 2008 what I haven't understood about the 777 perms on the images folder is on how someone can manage to upload a file of his there.
germ Posted July 6, 2008 Posted July 6, 2008 I don't know the mechanics of "how" either. But being a recent victim, I'm here to say it can and will happen. Not only did they upload files, they were able to change the "owner" of all the "777" folders (and all the files within!) to "root", the highest account on the server. I had to get help from the Host to change the file ownership back to my account. :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
nonickch Posted July 26, 2008 Posted July 26, 2008 I don't know the mechanics of "how" either. But being a recent victim, I'm here to say it can and will happen. Not only did they upload files, they were able to change the "owner" of all the "777" folders (and all the files within!) to "root", the highest account on the server. I had to get help from the Host to change the file ownership back to my account. :blush: well, once they get to upload code they can pretty much do whatever you can (the webserver perms to be precise). Giving ownership of your files to someone else is something permitted (unless it's setuid), they probably did that to delay you from recovering since they also lost access to that folders perm changing aswell. I still can't figure out how they upload stuff. Maybe they are using some of the upload scripts? If so, I could easily remove th upload scripts in osc so I can avoid getting spanked (my webserv asks for 777 perms on my images folder :( )
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.