Jump to content



Photo
- - - - -

Warning: I Am Able To Write To The Configuration File: <path>/catalog/includes/configure.php


This topic has been archived. This means that you cannot reply to this topic.
23 replies to this topic

#1   binh

binh
  • Members
  • 10 posts

Posted 17 June 2007 - 23:18

Did a clean install of 2.2 onto a shared server environment following the instructions at oscdox. All went well but when I open the catalog, i get the following warning:

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

where <path> is obviously the full path to /catalog.

Now, the installation told me to use chmod 706 on configure.php and if that didn't work, chmod 755. Have done both and still getting this message. What should I set the permissions to on this file?

what can i do to get ride of this warning
please help
thank Q

#2   edgy

edgy
  • Members
  • 30 posts

Posted 17 June 2007 - 23:44

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

what can i do to get ride of this warning
please help


I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue.

#3   binh

binh
  • Members
  • 10 posts

Posted 17 June 2007 - 23:57

I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue.



hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange
thank Q

#4   ChrisW123

ChrisW123
  • Members
  • 315 posts

Posted 28 June 2007 - 00:28

hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange


Same here, I've tried both of these but I keep getting the Warning message also. One thing to note is, I have run this exact same website on other webhost's servers with no problems using 644, so there must be some difference between the host setups in my case.

Anyone else have ideas on what could be wrong?

#5   germ

germ
  • Members
  • 13,921 posts

Posted 28 June 2007 - 00:35

I read some lengthy thread around here on this subject....

One person's solution was this:

They had been trying to change the permissions via their FTP program, and it never worked.

They logged on and used the control panel provided by the Host, and the changes worked.

I don't know if this applies in your case.

As always, your mileage may vary...
/huh.gif' class='bbc_emoticon' alt=':huh:' />
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -

"Headers already sent" - The definitive help

"Cannot redeclare ..." - How to find/fix it

SSL Implementation Help

Like this post? "Like" it again over there >

#6   ChrisW123

ChrisW123
  • Members
  • 315 posts

Posted 28 June 2007 - 00:37

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

/thumbsup.gif' class='bbc_emoticon' alt=':thumbsup:' />

#7   ChrisW123

ChrisW123
  • Members
  • 315 posts

Posted 28 June 2007 - 00:38

Yep, just like Germ said.

#8   ppccJohn

ppccJohn
  • Members
  • 1 posts

Posted 14 April 2008 - 19:22

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

Receiving this error as stated above (and I'll repeat here):
Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

Permissions on file currently are:
Full Modify ReadExe Read Write Special
Administrators: Allow Allow Allow Allow Allow None
System: Allow Allow Allow Allow Allow None
Users: None None Allow Allow None None

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?

#9   robrobinson

robrobinson
  • Members
  • 1 posts

Posted 16 April 2008 - 13:53

I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

Has anybody successfully avoided this error message?

Thank you,
Rob

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

Receiving this error as stated above (and I'll repeat here):
Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

Permissions on file currently are:
Full Modify ReadExe Read Write Special
Administrators: Allow Allow Allow Allow Allow None
System: Allow Allow Allow Allow Allow None
Users: None None Allow Allow None None

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?



#10   unity100

unity100
  • Members
  • 16 posts

Posted 16 April 2008 - 16:21

some hosts are absurdly disallowing ftp file permission changes whereas allowing php (or other script languages) to change file permissions. generally for the sake of their control panel to be able to change the permissions. which is in fact a more precarious situation in regard to security, it should be vice versa.

if your host's panel doesnt set the perm right still, you can do a trick to change file perm through php. you need to use chmod in php.

but then again, if you are not able to change file perm through ftp or your host's control panel, you should give them a call to ask whats going on with that.

#11   unity100

unity100
  • Members
  • 16 posts

Posted 16 April 2008 - 16:22

I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

Has anybody successfully avoided this error message?

Thank you,
Rob


if you are sure that you set perms right, and php cant recognize the perms correctly, just go to application_top.php under includes, and set WARN_CONFIG_WRITABLE define to FALSE.

that should suppress false error messages.

#12   alexander85

alexander85
  • Members
  • 14 posts

Posted 04 July 2009 - 23:45

Hi, has anyone found a solution to this known problem?

I am having this problem and it is becoming very annoying and hard to find a solution. Honestly a while back I solved it somehow, and installed new installation of osCommerce and have this same problem, yet can't remember what I did last time. I compared the permission settings for both stores and they look exactly same, so I am stuck. And I don't think I removed the warning code last time either.
I am using IIS and the Internet Guest is set to read only. As a matter of fact once I installed the osC. store, I had 2 warnings about two configuration files, I have set same permissions for both and one warning disappeard, yet the other one still her.

It is obviously some problem with osCommerce not reading permissions correctly. I hope the osCommerce support/troubleshooting team is seeing posts about this problem and can provide a fix, because this is a problem.

Please reply anyone if you have a solution for this, I am stuck on a project because of this and short on time. Thanks in advance!

#13   ecartz

ecartz
  • Members
  • 1,964 posts

Posted 05 July 2009 - 00:02

In Windows, right click on the file; select Properties from the menu; click the Read-only checkbox to checked; click Apply; click OK.

This is a Won't Fix bug with PHP: http://bugs.php.net/bug.php?id=27609
Always backup before making changes.

#14   msafiri85

msafiri85
  • Members
  • 7 posts

Posted 09 March 2010 - 15:24

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

/thumbsup.gif' class='bbc_emoticon' alt=':thumbsup:' />


Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks

#15   spooks

spooks
  • Members
  • 7,017 posts

Posted 09 March 2010 - 15:38

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks



He's not talking of filemanager within osC admin, that must not be used but deleted, an open door to hackers.

Its filemanager within your hosting cPanel, select the file then change permissions
Sam

Remember, What you think I ment may not be what I thought I ment when I said it.

Contributions:


Auto Backup your Database, Easy way

Multi Images with Fancy Pop-ups, Easy way

Products in columns with multi buy etc etc

Disable any Category or Product, Easy way

Secure & Improve your account pages et al.

#16   allgamer

allgamer
  • Members
  • 1 posts

Posted 05 May 2010 - 22:15

That is exactly what i did, and it solved the problem.

I had to use the set permissions in Cpanel from my host provider and set it to 444, then the warning message went away.

I read some lengthy thread around here on this subject....

One person's solution was this:

They had been trying to change the permissions via their FTP program, and it never worked.

They logged on and used the control panel provided by the Host, and the changes worked.

I don't know if this applies in your case.

As always, your mileage may vary...
/huh.gif' class='bbc_emoticon' alt=':huh:' />



#17   vs_indr@yahoo.com

vs_indr@yahoo.com
  • Members
  • 29 posts

Posted 16 August 2010 - 06:49

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

/thumbsup.gif' class='bbc_emoticon' alt=':thumbsup:' />


Yes, it worked!!
vs_indr

#18   Acknowledeged74

Acknowledeged74
  • Members
  • 115 posts

Posted 02 September 2011 - 13:56

Yep same with me, kept trying it in the ftp, but as soon as I change permission to 444 in host c/panel, and refreshed admin, got message;

'This is a properly configured installation of osCommerce Online Merchant!'

Perfect Tankya [img]http://forums.oscommerce.com//public/style_emoticons/default/kiss.gif[/img]

#19   stah

stah
  • Members
  • 4 posts

Posted 08 October 2011 - 11:36

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks


Hi,
try so:

--------------------
Chmod
What is chmod
Chmod is essentially what rights a specific file or folder have. These rights decide whether a file can be read and
executed and where. You can for example assign rights to a file, which means that it cannot be viewed in a browser,
but can still be viewed, when accessing your web space via FTP. You should not change chmod for files or folders,
except if you are told to do so or if you are aware of the consequences changing chmod can have.
How to change chmod?
To change chmod on a file or folder, you should log on to your web space, using an FTP-program like FileZilla.
Right-click the file you wish to change chmod for and choose chmod/attributes/rights. From here you should be able
to set the rights.
Standard chmod rights
For files the standard chmod is 644 and for folders it is 755.
Changing chmod to 444
Some scripts (mainly OsCommerce) have files that needs to have chmod 444. This is not possible to do via FTP,
but should in stead be done via PHP. Please copy/paste the following code to a blank text document:
<?php
$filename = "file.php";
chmod("/customers/mydomain.dk/mydomain.dk/httpd.www/$filename", 0444);
echo "chmod for $filename was changed";
?>
file.php should be changed to the file that you wish to change chmod for. If the file is located in a subfolder, you
should enter this here as well, i.e. subfolder/file.php.
Save the file and upload it to your web space and access the file via a browser. The file's chmod will now be
changed.
------------------

#20   Redlady2

Redlady2
  • Members
  • 8 posts

Posted 26 October 2011 - 20:11

Would someone be able to give me the "find the file" for dummies version? I cannot see this file at all. Where is it exactly?
Your help is greatly appreciated as I am very much a newby to this program.
Debra