4 replies to this topic

[Tom_Hennigan]

Help, I f-uped, Someone can get to my configure, how do I reset user permissions?  

There is now an alert above the site.  I need to fix asap.    Config.PNG   10.58K   7 downloads

[Biancoblu]

configure.php should be set to 444 or 400, depending on server set up.

[ShopAdminNL]

This goes for both configure.php files? I have one in my shop dir and one in my admin dir, both are set to 644 now.

And also, I've read that .htpasswd should be set to 444, but when I do my admin panel gives an error, so they are now set to 664. Is this okay, and/or what to do with this?

[DunWeb]

@ShopAdminNL

Directories should be 705 (755 if you have to)

Files should be 604 (644 if you ahve to)

TWO configure.php files should be 444



Chris

[MrPhil]

The idea with the two configure.php files (or three, if you have a "local" one) is to secure them against writing by PHP code (such as osC), to minimize the chances of a hacked osC overwriting them. Depending on how your server is configured (whether PHP runs as owner or in group/world), 644 may sometimes be sufficient, but 444 is almost always sufficient. Just remember to temporarily restore to 644 if you want to edit or to upload a new copy.

N.B.: '6' = Read-write and '4' = Read-only for 'ugo' = user/owner group other/world users (Linux style)