reckinracer Posted July 18, 2003 Posted July 18, 2003 :?: I get this error on the top and I have no idea what to do. Warning: I am able to write to the configuration file: /htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.
Rumble Posted July 18, 2003 Posted July 18, 2003 hi, You have to chmod 444 the catalog/includes/configure.php file so it is read only and not writeable or executable, an ftp program might be able to do this, i use FTP Surfer. I believe phpadmin can do this too?? I'm not sure though! Reddy to Rumble Thank you osCommerce and all who Contribute to her!
odette Posted July 19, 2003 Posted July 19, 2003 The same thing happens to me and I do not know why. I have the permissions set to 444 on the include configure file and the message remaind. :( Live free or die
odette Posted July 19, 2003 Posted July 19, 2003 The same thing happens to me and I do not know why. I have the permissions set to 444 on the include configure file and the message remaind. :( Live free or die
reckinracer Posted July 19, 2003 Author Posted July 19, 2003 it seems to be changing it self back to 644 everytime I change it to 444. I need help someone please help me.
Daemonj Posted July 19, 2003 Posted July 19, 2003 How are you changing the permissions on the file? Some FTP programs will not properly change the permissions of a file even though it appears that it has done so. Have you tried using the File Manager program in your server's control panel? Another option would be to access your server's shell securely (I recommend PuTTY for this), and chmod the file's permissions from there. Alternatively, you could try osC's Admin ~ Tools ~ File Manager application, but I do not have any experience with that. I hope that some of the above is useful to someone. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
chfields Posted July 19, 2003 Posted July 19, 2003 I don't think you can change permissions with the file manager in OSC. 644 chmod should work....don't know what else to suggest
reckinracer Posted July 20, 2003 Author Posted July 20, 2003 the files are all set to 644 and I still get the error I cannot connect using a shell becuase my powweb host doesnt have it and I have tried three different ftp programs and tried many different combinations of chmod and I still get the error. the only thing I havnt tried "that I know of" is the server control panel and thats because I have no idea what that is. can anyone help? :?: :?: :?:
Daemonj Posted July 20, 2003 Posted July 20, 2003 Try setting the files to 444. If that does not work, contact your hosts support department to ask if they know why PHP's is_writeable() function returns true on a file set to 444. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
Guest Posted July 20, 2003 Posted July 20, 2003 I had the same problem. It's fixed now but I'm not for sure that this is it. If your using apache, then what was the option you used when you ran /scripts/easyapache? I had used option 2 then I tried to install oscommerce with cpanel. I got the warning your talking about and could not make it go away. I looked all over the internet and found a lot of people who had the problem but nobody had an answer. So I deleted the OS cart and removed the databases and deleted all the db users. Then I ran /script/easyapache and used option 5. I found out that option 2 compiles apache with phpsuexec support. Option 5 compiles apache automatically. Then I re-installed the cart with cpanel and it works fine. Good luck Ray
Daemonj Posted July 21, 2003 Posted July 21, 2003 Thanks for passing that information along Ray! I will keep that in mind and see what experiences other users have with it.l "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
jon_l Posted July 21, 2003 Posted July 21, 2003 This is probably a dumb question, but can anyone give a quick explanation on what the file permissions actually do? Or point me to a website? I realise they control access for various types of user but what do the various types of access and user mean, and when is each in force? Should all files on OSC be set to 444? Jon.
Guest Posted July 22, 2003 Posted July 22, 2003 Maybe this will help? Or here is an outside link. Good luck, Matt
Falconer Posted July 24, 2003 Posted July 24, 2003 :?: I get this error on the top and I have no idea what to do. Warning: I am able to write to the configuration file: /htdocs/store/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. When I first ran the install, it complained, and then spit some code out. The code indicated that the installer was attempting to set the following files to chmod 706: 706 catalog/includes/configure.php 706 catalog/admin/includes/configure.php I later read in the forums that BEFORE RUNNING INSTALL, both of these files should be set to chmod 777. Then, apparantly, the installer can modify them, and reset them to 706. So, I believe the correct post-install setting is 706. So, to summarize PRE-INSTALL PERMISSIONS 777 catalog/includes/configure.php 777 catalog/admin/includes/configure.php POST-INSTALL PERMISSIONS 706 catalog/includes/configure.php 706 catalog/admin/includes/configure.php 777 catalog/images [heh, I threw in the last one, because I also found that in the forums. If it is not set, you can't upload images for products] osCommerce desparately needs to document PRE-INSTALL and POST-INSTALL permissions. A lot of people upload the script from a Windows machine, via FTP, and some permissions are not set correctly for the installation process, it seems. So, I think a table of Pre-Install and Post-Install permissions should be documented for all critical files, and placed in the distro. Would save a lot of questions.
Guest Posted July 24, 2003 Posted July 24, 2003 POST-INSTALL PERMISSIONS 706 catalog/includes/configure.php 706 catalog/admin/includes/configure.php At most, these should be 604. On some systems you will actually have to set them to 404. Thanks, Matt
Falconer Posted July 24, 2003 Posted July 24, 2003 POST-INSTALL PERMISSIONS 706 catalog/includes/configure.php 706 catalog/admin/includes/configure.php At most, these should be 604. On some systems you will actually have to set them to 404. Thanks, Matt Yea, I mistyped there. I actually meant 704. 706 still yeilds the banner warning. But 604 makes more sense, since it is a PHP file, and doesn't need to be executed by owner (read-write only). I stand corrected on that one. I appreciated your review, at this URL, of why permissions may be different on differing apache installs: http://www.oscommerce.com/forums/viewtopic.php...0149&highlight=
Falconer Posted July 24, 2003 Posted July 24, 2003 Matt (or anyone that knowns as much as he does), After installation, do either of the following files ever change: catalog/includes/configure.php catalog/admin/includes/configure.php Reason I ask is cause, if you chmod 404, doens't that make the file non-writable? Isn't 404 essentially read-only for owner and world?
Daemonj Posted July 24, 2003 Posted July 24, 2003 No, those files do not change. It would be safe to set them to 444. If you ever did need to change them, at the time of editing set the permissions to 644, edit the file, and then return it to 444. ;) "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.