FAQ: Warning: I am able to write to the configuration file

[Guest]

Q: What should i do to set the right user permission ???

 

Warning: I am able to write to the configuration file: c:/phpdev/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

A: you need to chmod the configure.php file to 644

[TB]

If you're using Windows as your test server and you get this error... just do the following:

Right click on 'includes/configure.php'

Select 'Properties' (A new box will appear...)

Select/Tick 'Read-only'

Click 'Ok'

(Don't forget to do this for both your 'catalog' and 'admin' directories.

 

Viola!

All better...

 

Cheers,

Tony

[Guest]

thanks for the Windows pickup Tony!

 

you seem to be very well versed and I invite you to please share your Windows knowledge for all the benefit from - your tips and hints and input are greatly appreciated :)

 

8)

[TB]

Thanks Jeff!

 

I'll be starting an 'Installation on Windows' tutorial for the WIKI soon, which will cover everything from Apache/PHP/mySQL/mySQL Front/phpMyAdmin download locations and recommended installation methods.

I'll also be including the setup of osCommerce sites as a local websites (as per recent 'tips & tricks').

 

Basic moral of the tutorial will be to cover a Windows user up until the point where they need to configure the store with their store name and product details.

 

Once I get the time to install a Linux box... you'll see many more questions coming from my direction. :)

 

Cheers,

Tony

[Guest]

thats what we are all here for :D

 

keep up the great work 8)

[Guest]

Dear Tony,

 

I have a problem with that warning.

 

I follow your step during i testing them in my computer and it working fine.

 

But once i make a change on my server ( Unix ) to chomod 644, the warning still the same thing ??

 

What should i do..

thank you very much

[Waza04]

Tony - A manual as already been published:

 

Can't remember were I got it put it's eleven pages long!!!

 

PM Me if you want it!!

 

Warren

[TB]

CHMOD 644 should be fine.

 

Did you CHMOD both the admin and the catalog configure.php files?

 

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

 

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

 

Let me know how you go...

[Guest]

Hi,

 

You will probably need to set catalog/includes/configure.php to 444 as I had this problem when my server was updated to new security levels.

 

I still have the admin/includes/configure.php set to 644 which seems to be no problem.

[Ramesh]

Theres a 'glitch' with this well known FTP program.

 

When you highlight a file /directory and right-click >CHMOD

 

The value shown is the setting you used when last changing permission!

 

Lets say you have 2 files which need to be 755

 

You set the first file to 755 by ticking the correct boxes.

 

When your about to do the second, you notice it says 755 ...so you think thats alright and dont change it. When in reality it will be whatever it was before !

 

WS-FTP LE only shows the value after the operation, on screen you see boxes which you have to tick.

 

I was helping a student when I noticed this. I have changed to another FTP program. WS-FTP LE is fine for basic FTP useage.

 

Hope this helps someone.

[toolcrazy]

CHMOD 644 should be fine.

 

Did you CHMOD both the admin and the catalog configure.php files?

 

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

 

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

 

Let me know how you go...

 

In some cases you may need to set it to chmod 444. My server is that way, I get errors if I don't.

[Tobo]

Hm i got same problem.

 

i have set the CHMOD permissions to both files to 444 but i still have this message on top of the page. it can not be a problem of my cache ... i have done this with two PCs and with several FTP Clients. And i have deleted Cache several times.

[visioncomputing]

I am getting the same error. Both configure.php files are set to 444. I have deleted my cache and have even tried it on another computer - the error is still there...

 

Any ideas? Thanks.

[Guest]

644 should be appropriate, but 444 is probably better if you want to be sure you don't accidently modify the file.

after initial configuration, there usually is not a need to edit the file again.

If you are still getting an error with permissions set as 444, then there is a problem with the check function itself.

I saw this error after I had set the permissions to 644, and at this point, I have commented out the check. I don't recommend this for everyone, but I definitely don't want a customer seeing this message, ever!.

I believe the best place for any checks like this would be the admin interface.

[Guest]

Hi all,

felt a bit better when I saw all you guys experiencing the same problem as myself.

Since I have tried everything suggested and still have this annoying error message in the top of the page (and I assure you I do not want any customers to see it!) so I have understood that my last resort is to comment out the 'check'

 

but how do I find this check??

 

Please help,

Cheers,

Froggie

[peterr]

Hi,

 

The CMOD of 444 is an overkill, please see this thread , post #8

 

Peter

[stevel]

I added a contribution to manage this. http://www.oscommerce.com/community/contributions,2137

[solocommand]

A note for Windows Server 2003 Enterprise/Apache httpd: You need to dissallow access to the file to the use that the Apache service is running under in addition to making the file read-only.

[Guest]

In the Old Wiki there used to be a section on what to CHMOD all files that needed protecting/changing. unfortunately I cant seem to be able to find this in the new knowledge base and cant remember what each folders permissions should be.

 

Can anyone remember what all the reccomended settings are?

 

rgds

Paul

[stevel]

I use 444 for the configure.php files. Some say it is overkill, but it works. Other files can be 755.

[windprod_doc]

i have had this same problem -- still do.

changed permissions on both stated files to 444.... even installed steves protection of configuration contribution.

it tells me the settings have been changed, but they come up unprotected again.

 

so.... will commenting be my only option here?

[♥Vger]

To explain things a little about setting permissions.

 

The CHMOD command used via FTP is only of use on Apache servers with a Unix/Linux operating system. CHMOD is an Apache command and does not work on Windows. If you're on a Windows server then you can CHMOD the files as much as you like via FTP and the settings wil appear to change whilst in reality they remain the same.

 

If you have not already done so you should try using the File Manager in your web hosting control panel to reset permissions.

 

You can also try this method:

 

Create a new text file on your desktop and rename it to chmod.php (ignore the warning about changing the file type). Then put the code below into it, and upload to the root of your osCommerce website. Once you've done that go to the root of your website in your browser and add 'chmod.php' onto the address e.g. http://www.yourdomain.com/chmod.php You won't see anything on the screen but the permissions should have been changed.

 

<?php
chmod ("includes/configure.php", 0444);
?>

 

If that doesn't do it then get onto your hosting company. Don't leave the chmod.php file on the server.

 

Vger

[heineken]

To explain things a little about setting permissions.

 

The CHMOD command used via FTP is only of use on Apache servers with a Unix/Linux operating system. CHMOD is an Apache command and does not work on Windows. If you're on a Windows server then you can CHMOD the files as much as you like via FTP and the settings wil appear to change whilst in reality they remain the same.

 

If you have not already done so you should try using the File Manager in your web hosting control panel to reset permissions.

 

You can also try this method:

 

Create a new text file on your desktop and rename it to chmod.php (ignore the warning about changing the file type). Then put the code below into it, and upload to the root of your osCommerce website. Once you've done that go to the root of your website in your browser and add 'chmod.php' onto the address e.g. http://www.yourdomain.com/chmod.php You won't see anything on the screen but the permissions should have been changed.

 

<?php
chmod ("includes/configure.php", 0444);
?>

 

If that doesn't do it then get onto your hosting company. Don't leave the chmod.php file on the server.

 

Vger

 

Hi.

 

I got this error and tried the different settings with CHMOD in WS FTP but still got the error.

Then i tried to make this file as discribed here. And this solved the error ! Thanks

:thumbsup:

[webination]

Has any one found a solution to this issue yet. I have simply commented it out but I still don't understand what is going wrong with the check. Permissions are set correctly. i even installed a tool to do this but it doesn't seem to work either keeps coming back as unprotected.

[hpn]

I added a contribution to manage this. http://www.oscommerce.com/community/contributions,2137

 

I love you Steve L. (litterary speaking)

Im on a Apache - Linux server and added your contribution (the last updat). Worked perfectly! Been trying to solve this problem for over one week so Im releved - think Im going out for a beer to salubrate.

/h