jenodorf Posted October 25, 2013 Posted October 25, 2013 Hi when I go into admin I'm told that config.php does not have the correct permissions but I've checked and it's set to 644 My hoster - fasthosts will not allow it to be changed to 444 Do I need to worry about security? group and public are set to read only and owner is set to read and write thanks Ian
Jack_mcs Posted October 25, 2013 Posted October 25, 2013 It depends on the security of the server. On some servers, having it set to 644 doesn't matter while on others it does. It would bother me that they won't allow setting the permissions lower and, if it were my site, I would look for another host. Whatever you are saving by using them is not worth the security of your shop. If you do decide to leave it like it is, then you need to edit the code in the includes/header.php file so that that message is not displayed since it will scare off customers if left there. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
MrPhil Posted October 25, 2013 Posted October 25, 2013 Are you talking about the configure.php files? The ones where you get the nasty error message if they're writable? Don't forget that there are two of them that need to be changed. Catalog (storefront) and admin (backend). 644 is the normal file permission, which allows read-write access by the owner and read-only by everyone else. Depending on the server setup (what user ID PHP runs under), this may be writable by PHP (and thus osC). If it is, you'll get the warning and need to change it to 444 (read-only for everyone) so that osC can't accidentally/maliciously overwrite it. If PHP is running under your group or as "other", 644 is safe (but files and directories that osC needs to write to will have to be 664/775 or even 666/777). Keep in mind that most servers these days ignore chmod requests by FTP clients, and you need to go into your host's control panel File Manager to change permissions. Some File Managers have their quirks, such as cPanel requiring you to check/uncheck boxes, rather than overwriting the three numbers. It's very unlikely that your host forbids 444 permissions (unless they've got a botched setup) -- more likely you're just not setting permissions correctly. Also, some hosts disallow "world writable" permissions (xx2, xx3, xx6, xx7) for security reasons.
jenodorf Posted October 26, 2013 Author Posted October 26, 2013 Hi this is the reply I had from fasthosts Dear Ian Thank you for your e-mail. On the shared platform, you will be unable to use permission 444. The reason being is that such a permission would remove write permission from the owner. The owner of the file must always have means of writing to the file in question otherwise you would lock the file in such a way that it would not be able to be administered / changed once that permission was set. To resolve this issue, you will need to set a permission on the file ensuring that write permissions are retained, such as 644. Thanks again for contacting us. Best regards, Joel Hawkins - Technical Support Fasthosts Customer Support So it appears that a 444 option is a no go for fasthost users time for a think regards Ian
MrPhil Posted October 27, 2013 Posted October 27, 2013 That's stupid. You can always chmod back to 644 if you need to write (unless you go to 0xx permissions, which will lock you out). If PHP is running as owner, osC wants to make sure it can't accidentally overwrite certain files, so 444 is necessary. IF PHP isn't running as owner, 644 is fine. Either way, I suggest you get a smarter host.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.