Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Warning: I Am Able To Write To The Configuration File: <path>/catalog/includes/configure.php


binh

Recommended Posts

Did a clean install of 2.2 onto a shared server environment following the instructions at oscdox. All went well but when I open the catalog, i get the following warning:

 

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

where <path> is obviously the full path to /catalog.

 

Now, the installation told me to use chmod 706 on configure.php and if that didn't work, chmod 755. Have done both and still getting this message. What should I set the permissions to on this file?

 

what can i do to get ride of this warning

please help

thank Q

Link to comment
Share on other sites

Warning: I am able to write to the configuration file: <path>/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

what can i do to get ride of this warning

please help

 

I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue.

Link to comment
Share on other sites

I believe I keep mine at 644.. but if that doesn't work either then 444 will definitely solve your issue.

 

 

hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange

thank Q

Link to comment
Share on other sites

  • 2 weeks later...
hi i tried both 644 and then after tried 444 permission but still doesn't work the warning msg is still there very strange

 

Same here, I've tried both of these but I keep getting the Warning message also. One thing to note is, I have run this exact same website on other webhost's servers with no problems using 644, so there must be some difference between the host setups in my case.

 

Anyone else have ideas on what could be wrong?

Link to comment
Share on other sites

I read some lengthy thread around here on this subject....

 

One person's solution was this:

 

They had been trying to change the permissions via their FTP program, and it never worked.

 

They logged on and used the control panel provided by the Host, and the changes worked.

 

I don't know if this applies in your case.

 

As always, your mileage may vary...

:huh:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

 

:thumbsup:

Link to comment
Share on other sites

  • 9 months later...

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

 

Receiving this error as stated above (and I'll repeat here):

Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Permissions on file currently are:

Full Modify ReadExe Read Write Special

Administrators: Allow Allow Allow Allow Allow None

System: Allow Allow Allow Allow Allow None

Users: None None Allow Allow None None

 

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?

Link to comment
Share on other sites

I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

 

Has anybody successfully avoided this error message?

 

Thank you,

Rob

 

Windows Server 2003 server, IIS 6, and OS Commerce 2.2 RC2.

 

Receiving this error as stated above (and I'll repeat here):

Warning: I am able to write to the configuration file: <path>/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Permissions on file currently are:

Full Modify ReadExe Read Write Special

Administrators: Allow Allow Allow Allow Allow None

System: Allow Allow Allow Allow Allow None

Users: None None Allow Allow None None

 

I've added IUSR_MACHINENAME to the list and marked Deny for everytyhing besides ReadExec and Read, but it still gives me the error. I'm doing this on the local file system through the local machine, and the permissions changes -are- being saved appropriately. Is it possible that IIS is configured incorrectly and using (very frighteningly) the SYSTEM or ADMINISTRATORS privelages?

Link to comment
Share on other sites

some hosts are absurdly disallowing ftp file permission changes whereas allowing php (or other script languages) to change file permissions. generally for the sake of their control panel to be able to change the permissions. which is in fact a more precarious situation in regard to security, it should be vice versa.

 

if your host's panel doesnt set the perm right still, you can do a trick to change file perm through php. you need to use chmod in php.

 

but then again, if you are not able to change file perm through ftp or your host's control panel, you should give them a call to ask whats going on with that.

Link to comment
Share on other sites

I'm having the same problem. To test your suspicion, I temporarily changed the permissions for the configure.php file and added "Deny Read" for the IUSRACHINENAME account and it wouldn't even load the page, failing when it tried to include configure.php. So it seems that the IUSR_MACHINENAME account is being used. I'm afraid it might be that the security check being made by osCommerce isn't accurately detecting the file settings with IIS. I've tried making sure that both IIS and Windows denies writing to this file, with no change in the message.

 

Has anybody successfully avoided this error message?

 

Thank you,

Rob

 

if you are sure that you set perms right, and php cant recognize the perms correctly, just go to application_top.php under includes, and set WARN_CONFIG_WRITABLE define to FALSE.

 

that should suppress false error messages.

Link to comment
Share on other sites

  • 1 year later...

Hi, has anyone found a solution to this known problem?

 

I am having this problem and it is becoming very annoying and hard to find a solution. Honestly a while back I solved it somehow, and installed new installation of osCommerce and have this same problem, yet can't remember what I did last time. I compared the permission settings for both stores and they look exactly same, so I am stuck. And I don't think I removed the warning code last time either.

I am using IIS and the Internet Guest is set to read only. As a matter of fact once I installed the osC. store, I had 2 warnings about two configuration files, I have set same permissions for both and one warning disappeard, yet the other one still her.

 

It is obviously some problem with osCommerce not reading permissions correctly. I hope the osCommerce support/troubleshooting team is seeing posts about this problem and can provide a fix, because this is a problem.

 

Please reply anyone if you have a solution for this, I am stuck on a project because of this and short on time. Thanks in advance!

Link to comment
Share on other sites

  • 8 months later...

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

 

:thumbsup:

 

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?

Thanks

Link to comment
Share on other sites

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?

Thanks

 

 

He's not talking of filemanager within osC admin, that must not be used but deleted, an open door to hackers.

 

Its filemanager within your hosting cPanel, select the file then change permissions

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 1 month later...

That is exactly what i did, and it solved the problem.

 

I had to use the set permissions in Cpanel from my host provider and set it to 444, then the warning message went away.

 

I read some lengthy thread around here on this subject....

 

One person's solution was this:

 

They had been trying to change the permissions via their FTP program, and it never worked.

 

They logged on and used the control panel provided by the Host, and the changes worked.

 

I don't know if this applies in your case.

 

As always, your mileage may vary...

:huh:

Link to comment
Share on other sites

  • 3 months later...

Ahh I fixed it... My FTP program was setting the file to 444, but when I refreshed the list, my server was setting it back to 644 for some reason! WTF? So I tried using my "File Manager" tool that comes with my web hosting instead to make the change, and using that keeps the setting at 444, which does fix the problem.

 

:thumbsup:

 

Yes, it worked!!

vs_indr

Link to comment
Share on other sites

  • 1 year later...
  • 1 month later...

Hi how did you do it am using one.com file manager and cant figure out how to correct it. I can see the texeditor but if I use it what I have to change anyway?

Thanks

 

Hi,

try so:

 

--------------------

Chmod

What is chmod

Chmod is essentially what rights a specific file or folder have. These rights decide whether a file can be read and

executed and where. You can for example assign rights to a file, which means that it cannot be viewed in a browser,

but can still be viewed, when accessing your web space via FTP. You should not change chmod for files or folders,

except if you are told to do so or if you are aware of the consequences changing chmod can have.

How to change chmod?

To change chmod on a file or folder, you should log on to your web space, using an FTP-program like FileZilla.

Right-click the file you wish to change chmod for and choose chmod/attributes/rights. From here you should be able

to set the rights.

Standard chmod rights

For files the standard chmod is 644 and for folders it is 755.

Changing chmod to 444

Some scripts (mainly OsCommerce) have files that needs to have chmod 444. This is not possible to do via FTP,

but should in stead be done via PHP. Please copy/paste the following code to a blank text document:

<?php

$filename = "file.php";

chmod("/customers/mydomain.dk/mydomain.dk/httpd.www/$filename", 0444);

echo "chmod for $filename was changed";

?>

file.php should be changed to the file that you wish to change chmod for. If the file is located in a subfolder, you

should enter this here as well, i.e. subfolder/file.php.

Save the file and upload it to your web space and access the file via a browser. The file's chmod will now be

changed.

------------------

Link to comment
Share on other sites

  • 3 weeks later...

Would someone be able to give me the "find the file" for dummies version? I cannot see this file at all. Where is it exactly?

Your help is greatly appreciated as I am very much a newby to this program.

Debra

Link to comment
Share on other sites

/catalog/includes/configure.php

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

  • 7 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...