23 replies to this topic

[binh]

Did a clean install of 2.2 onto a shared server environment following the instructions at oscdox. All went well but when I open the catalog, i get the following warning:

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

where <path> is obviously the full path to /catalog.

Now, the installation told me to use chmod 706 on configure.php and if that didn't work, chmod 755. Have done both and still getting this message. What should I set the permissions to on this file?

what can i do to get ride of this warning
please help

[edgy]

binh, on Jun 17 2007, 11:18 PM, said:

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

what can i do to get ride of this warning
please help

I believe I keep mine at 644..  but if that doesn't work either then 444 will definitely solve your issue.

[binh]

edgy, on Jun 18 2007, 12:44 AM, said:

I believe I keep mine at 644..  but if that doesn't work either then 444 will definitely solve your issue.

hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange

[ChrisW123]

binh, on Jun 17 2007, 04:57 PM, said:

hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange

Same here, I've tried both of these but I keep getting the Warning message also.  One thing to note is, I have run this exact same website on other webhost's servers with no problems using 644, so there must be some difference between the host setups in my case.

Anyone else have ideas on what could be wrong?

[germ]

I read some lengthy thread around here on this subject....

One person's solution was this:

They had been trying to change the permissions via their FTP program, and it never worked.

They logged on and used the control panel provided by the Host, and the changes worked.

I don't know if this applies in your case.

As always, your mileage may vary...

[ChrisW123]

Ahh I fixed it...  My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason!  WTF?  So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

[ChrisW123]

Yep, just like Germ said.

[ppccJohn]

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

Receiving this error as stated above (and I'll repeat here):
Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

Permissions on file currently are:
Full Modify ReadExe Read Write Special
Administrators: Allow Allow Allow Allow Allow None
System: Allow Allow Allow Allow Allow None
Users: None None Allow Allow None None

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?

[robrobinson]

I'm having the same problem.  To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php.  So it seems that the IUSR_MACHINENAME account is being used.  I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS.  I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

Has anybody successfully avoided this error message?

Thank you,
Rob

ppccJohn, on Apr 14 2008, 07:22 PM, said:

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

Receiving this error as stated above (and I'll repeat here):
Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

Permissions on file currently are:
Full Modify ReadExe Read Write Special
Administrators: Allow Allow Allow Allow Allow None
System: Allow Allow Allow Allow Allow None
Users: None None Allow Allow None None

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?

[unity100]

some hosts are absurdly disallowing ftp file permission changes whereas allowing php (or other script languages) to change file permissions. generally for the sake of their control panel to be able to change the permissions. which is in fact a more precarious situation in regard to security, it should be vice versa.

if your host's panel doesnt set the perm right still, you can do a trick to change file perm through php. you need to use chmod in php.

but then again, if you are not able to change file perm through ftp or your host's control panel, you should give them a call to ask whats going on with that.

[unity100]

robrobinson, on Apr 16 2008, 09:53 AM, said:

I'm having the same problem.  To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php.  So it seems that the IUSR_MACHINENAME account is being used.  I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS.  I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

Has anybody successfully avoided this error message?

Thank you,
Rob

if you are sure that you set perms right, and php cant recognize the perms correctly, just go to application_top.php under includes, and set WARN_CONFIG_WRITABLE define to FALSE.

that should suppress false error messages.

[alexander85]

Hi, has anyone found a solution to this known problem?

I am having this problem and it is becoming very annoying and hard to find a solution. Honestly a while back I solved it somehow, and installed new installation of osCommerce and have this same problem, yet can't remember what I did last time. I compared the permission settings for both stores and they look exactly same, so I am stuck. And I don't think I removed the warning code last time either.
I am using IIS and the Internet Guest is set to read only. As a matter of fact once I installed the osC. store, I had 2 warnings about two configuration files, I have set same permissions for both and one warning disappeard, yet the other one still her.

It is obviously some problem with osCommerce not reading permissions correctly. I hope the osCommerce support/troubleshooting team is seeing posts about this problem and can provide a fix, because this is a problem.

Please reply anyone if you have a solution for this, I am stuck on a project because of this and short on time. Thanks in advance!

[ecartz]

In Windows, right click on the file; select Properties from the menu; click the Read-only checkbox to checked; click Apply; click OK.  

This is a Won't Fix bug with PHP:  http://bugs.php.net/bug.php?id=27609

[msafiri85]

ChrisW123, on 28 June 2007 - 12:37 AM, said:

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks

[spooks]

msafiri85, on 09 March 2010 - 03:24 PM, said:

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks

He's not talking of filemanager within osC admin, that must not be used but deleted, an open door to hackers.

Its filemanager within your hosting cPanel, select the file then change permissions

[allgamer]

That is exactly what i did, and it solved the problem.

I had to use the set permissions in Cpanel from my host provider and set it to 444, then the warning message went away.

germ, on 28 June 2007 - 12:35 AM, said:

I read some lengthy thread around here on this subject....

One person's solution was this:

They had been trying to change the permissions via their FTP program, and it never worked.

They logged on and used the control panel provided by the Host, and the changes worked.

I don't know if this applies in your case.

As always, your mileage may vary...

[vs_indr@yahoo.com]

ChrisW123, on 28 June 2007 - 12:37 AM, said:

Ahh I fixed it...  My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason!  WTF?  So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

Yes, it worked!!

[Acknowledeged74]

Yep same with me, kept trying it in the ftp, but as soon as I change permission to 444 in host c/panel, and refreshed admin, got message;

'This is a properly configured installation of osCommerce Online Merchant!'

Perfect Tankya [img]http://forums.oscommerce.com//public/style_emoticons/default/kiss.gif[/img]

[stah]

msafiri85, on 09 March 2010 - 03:24 PM, said:

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?
Thanks

Hi,
try so:

--------------------
Chmod
What is chmod
Chmod is essentially what rights a specific file or folder have. These rights decide whether a file can be read and
executed and where. You can for example assign rights to a file, which means that it cannot be viewed in a browser,
but can still be viewed, when accessing your web space via FTP. You should not change chmod for files or folders,
except if you are told to do so or if you are aware of the consequences changing chmod can have.
How to change chmod?
To change chmod on a file or folder, you should log on to your web space, using an FTP-program like FileZilla.
Right-click the file you wish to change chmod for and choose chmod/attributes/rights. From here you should be able
to set the rights.
Standard chmod rights
For files the standard chmod is 644 and for folders it is 755.
Changing chmod to 444
Some scripts (mainly OsCommerce) have files that needs to have chmod 444. This is not possible to do via FTP,
but should in stead be done via PHP. Please copy/paste the following code to a blank text document:
<?php
$filename = "file.php";
chmod("/customers/mydomain.dk/mydomain.dk/httpd.www/$filename", 0444);
echo "chmod for $filename was changed";
?>
file.php should be changed to the file that you wish to change chmod for. If the file is located in a subfolder, you
should enter this here as well, i.e. subfolder/file.php.
Save the file and upload it to your web space and access the file via a browser. The file's chmod will now be
changed.
------------------

[Redlady2]

Would someone be able to give me the "find the file" for dummies version?  I cannot see this file at all.  Where is it exactly?
Your help is greatly appreciated as I am very much a newby to this program.
Debra