doodles Posted December 21, 2003 Posted December 21, 2003 Hi I just installed osCommerce 2.2-MS2 on my site. It now says in a pink bar at the top: Warning: I am able to write to the configuration file: /home/public_html/products/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. How do I fix that?
Guest Posted December 21, 2003 Posted December 21, 2003 You need to change the permission setings on configure.php. Since you set them to 706 when you set up your store. Simple rechange them CHMOD 755 configure.php This will remove the Pink Error on top of your page. Hope this helped.
poohbeer Posted December 22, 2003 Posted December 22, 2003 Its still there apparantly the error is because it can stil write to this file so you should disable writing. What I did is: CHMOD 400 configure.php This way only the file/process owner can read the file, nobody can write to it or execute it and the group or public can not even read it (nor write or execute). I'm not sure about these settings though.. My (just setup shop) still seems to work but I'm having problems with the admin part. No idea if this is relate to the chmod though, I think not.
Guest Posted December 22, 2003 Posted December 22, 2003 Chmod 644 is the correct permission on configure.php - there are two copies, one in catalog/includes and one in admin/includes. Matti
GsmCorner Posted December 22, 2003 Posted December 22, 2003 hi, this site will help you, look at the very bottom and it will tel you what to do... http://wiki.oscommerce.com/helpInstallNew this is what u need to do when you have just installed oscommerce: 1. Rename the catalog/install folder or delete it. 2. Reset the permissions on /catalog/includes/configure.php to 644 (if you are still getting the warning message at the top set configure.php to 444 which is read only - this happens on some servers that have been updated for security reasons). 3. Set the permissions on /catalog/images directory to 777 4. Reset the permissions on /admin/includes/configure.php to 644 5. Create the dir /admin/backups and set the permissions to 777 6. Set the permissions on /admin/images/graphs directory to 777 hope that helps.. Regards Tom
poohbeer Posted December 22, 2003 Posted December 22, 2003 2. Reset the permissions on /catalog/includes/configure.php to 644 (if you are still getting the warning message at the top set configure.php to 444 which is read only - this happens on some servers that have been updated for security reasons). Not at all an expert here, but why 644? Nothing or nobody need to right to this file, do they? And if it still gives an error: why 444? Isn't only the proces required to read that file? Since passwords are in there I think setting it to 400 should be better, isn't it?
poohbeer Posted December 23, 2003 Posted December 23, 2003 2. Reset the permissions on /catalog/includes/configure.php to 644 (if you are still getting the warning message at the top set configure.php to 444 which is read only - this happens on some servers that have been updated for security reasons). Not at all an expert here, but why 644? Nothing or nobody need to right to this file, do they? And if it still gives an error: why 444? Isn't only the proces required to read that file? Since passwords are in there I think setting it to 400 should be better, isn't it? 644 still gives errors with my system. 444 doesn't give any errors but can anybody here that can tell me why permissions on catalog/includes/configure.php needs to be 444 and not simply 400? everything seems to work with 400 and webusers certainly can't read the configure.php file which is a good thing since it has user and password info in it. So can anybody explain this?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.