Jump to content



Photo
- - - - -

FAQ: Warning: I am able to write to the configuration file


This topic has been archived. This means that you cannot reply to this topic.
49 replies to this topic

#1   jchasick

jchasick
  • Members
  • 1,511 posts

Posted 05 April 2003 - 20:42

Q: What should i do to set the right user permission ???

Warning: I am able to write to the configuration file: c:/phpdev/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

A: you need to chmod the configure.php file to 644

#2   TB

TB
  • Members
  • 624 posts

Posted 05 April 2003 - 23:50

If you're using Windows as your test server and you get this error... just do the following:
Right click on 'includes/configure.php'

Select 'Properties' (A new box will appear...)

Select/Tick 'Read-only'

Click 'Ok'
(Don't forget to do this for both your 'catalog' and 'admin' directories.

Viola!
All better...

Cheers,
Tony
"The price of success is perseverance. The price of failure comes much cheaper."

#3   jchasick

jchasick
  • Members
  • 1,511 posts

Posted 06 April 2003 - 00:04

thanks for the Windows pickup Tony!

you seem to be very well versed and I invite you to please share your Windows knowledge for all the benefit from - your tips and hints and input are greatly appreciated /smile.gif' class='bbc_emoticon' alt=':)' />

8)
Reading is beneficial - Searching is enlightening
find answers at wiki.oscommerce.com/top

#4   TB

TB
  • Members
  • 624 posts

Posted 06 April 2003 - 00:25

Thanks Jeff!

I'll be starting an 'Installation on Windows' tutorial for the WIKI soon, which will cover everything from Apache/PHP/mySQL/mySQL Front/phpMyAdmin download locations and recommended installation methods.
I'll also be including the setup of osCommerce sites as a local websites (as per recent 'tips & tricks').

Basic moral of the tutorial will be to cover a Windows user up until the point where they need to configure the store with their store name and product details.

Once I get the time to install a Linux box... you'll see many more questions coming from my direction. /smile.gif' class='bbc_emoticon' alt=':)' />

Cheers,
Tony
"The price of success is perseverance. The price of failure comes much cheaper."

#5   jchasick

jchasick
  • Members
  • 1,511 posts

Posted 06 April 2003 - 00:54

thats what we are all here for /biggrin.gif' class='bbc_emoticon' alt=':D' />

keep up the great work 8)
Reading is beneficial - Searching is enlightening
find answers at wiki.oscommerce.com/top

#6   sunpetch

sunpetch
  • Members
  • 84 posts

Posted 09 April 2003 - 15:19

Dear Tony,

I have a problem with that warning.

I follow your step during i testing them in my computer and it working fine.

But once i make a change on my server ( Unix ) to chomod 644, the warning still the same thing ??

What should i do..
thank you very much

#7   Waza04

Waza04
  • Banned
  • 680 posts

Posted 09 April 2003 - 16:52

Tony - A manual as already been published:

Can't remember were I got it put it's eleven pages long!!!

PM Me if you want it!!

Warren

#8   TB

TB
  • Members
  • 624 posts

Posted 09 April 2003 - 19:05

CHMOD 644 should be fine.

Did you CHMOD both the admin and the catalog configure.php files?

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

Let me know how you go...
"The price of success is perseverance. The price of failure comes much cheaper."

#9   Melinda Odom

Melinda Odom
  • Members
  • 1,212 posts

Posted 15 April 2003 - 13:40

Hi,

You will probably need to set catalog/includes/configure.php to 444 as I had this problem when my server was updated to new security levels.

I still have the admin/includes/configure.php set to 644 which seems to be no problem.

#10   Ramesh

Ramesh
  • Members
  • 236 posts

Posted 17 April 2003 - 17:03

Theres a 'glitch' with this well known FTP program.

When you highlight a file /directory and right-click >CHMOD

The value shown is the setting you used when last changing permission!

Lets say you have 2 files which need to be 755

You set the first file to 755 by ticking the correct boxes.

When your about to do the second, you notice it says 755 ...so you think thats alright and dont change it. When in reality it will be whatever it was before !

WS-FTP LE only shows the value after the operation, on screen you see boxes which you have to tick.

I was helping a student when I noticed this. I have changed to another FTP program. WS-FTP LE is fine for basic FTP useage.

Hope this helps someone.
Special Effects / 3d + Flash

#11   toolcrazy

toolcrazy
  • Members
  • 1,845 posts

Posted 28 April 2003 - 20:41

CHMOD 644 should be fine.

Did you CHMOD both the admin and the catalog configure.php files?

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

Let me know how you go...


In some cases you may need to set it to chmod 444. My server is that way, I get errors if I don't.
Steve
-------------------------

#12   Tobo

Tobo
  • Members
  • 1 posts

Posted 08 May 2003 - 21:44

Hm i got same problem.

i have set the CHMOD permissions to both files to 444 but i still have this message on top of the page. it can not be a problem of my cache ... i have done this with two PCs and with several FTP Clients. And i have deleted Cache several times.

#13   visioncomputing

visioncomputing
  • Members
  • 24 posts

Posted 29 May 2003 - 03:02

I am getting the same error. Both configure.php files are set to 444. I have deleted my cache and have even tried it on another computer - the error is still there...

Any ideas? Thanks.

#14   SirLeo

SirLeo
  • Members
  • 90 posts

Posted 05 March 2004 - 02:01

644 should be appropriate, but 444 is probably better if you want to be sure you don't accidently modify the file.
after initial configuration, there usually is not a need to edit the file again.
If you are still getting an error with permissions set as 444, then there is a problem with the check function itself.
I saw this error after I had set the permissions to 644, and at this point, I have commented out the check. I don't recommend this for everyone, but I definitely don't want a customer seeing this message, ever!.
I believe the best place for any checks like this would be the admin interface.
If it weren't for tweakers, I would not have a job.

#15   froggie

froggie
  • Members
  • 1 posts

Posted 02 April 2004 - 20:25

Hi all,
felt a bit better when I saw all you guys experiencing the same problem as myself.
Since I have tried everything suggested and still have this annoying error message in the top of the page (and I assure you I do not want any customers to see it!) so I have understood that my last resort is to comment out the 'check'

but how do I find this check??

Please help,
Cheers,
Froggie

#16   peterr

peterr
  • Members
  • 1,578 posts

Posted 05 April 2004 - 13:15

Hi,

The CMOD of 444 is an overkill, please see this thread , post #8

Peter

#17   stevel

stevel
  • Members
  • 2,836 posts

Posted 31 May 2004 - 17:07

I added a contribution to manage this. http://www.oscommerc...tributions,2137

#18   solocommand

solocommand
  • Members
  • 1 posts

Posted 31 May 2004 - 19:33

A note for Windows Server 2003 Enterprise/Apache httpd: You need to dissallow access to the file to the use that the Apache service is running under in addition to making the file read-only.

#19   hotnuts21

hotnuts21
  • Members
  • 584 posts

Posted 15 June 2004 - 00:36

In the Old Wiki there used to be a section on what to CHMOD all files that needed protecting/changing. unfortunately I cant seem to be able to find this in the new knowledge base and cant remember what each folders permissions should be.

Can anyone remember what all the reccomended settings are?

rgds
Paul
Feel free to ask me for help
beep... beep....My Pager

#20   stevel

stevel
  • Members
  • 2,836 posts

Posted 15 June 2004 - 00:45

I use 444 for the configure.php files. Some say it is overkill, but it works. Other files can be 755.