Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

Adamanto75

How to set file permissions in osc 2.3

8 posts in this topic

Hello Everyone,

 

Can anyone point me to a tutorial of how to set your file permissions?

 

I used check permissions b4 in oscommerce 2.2 but don't know how to do it without that add on.

 

Thank You

 

Adamanto75

Share this post


Link to post
Share on other sites

@@Adamanto75,

 

Use your FTP client or your hosting account file manager to check permissions.

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

I could not open the link above, It was asking for a credentials to access. What can I do to see it?

 

Thanks

Share this post


Link to post
Share on other sites

Your FTP client should be able to tell you what the current permissions are, but might not be allowed to change them. If so, use your host's control panel > file manager to change permissions. Never use Dreamweaver or any other page editor or word processor to edit PHP code -- it will mess you up badly if you don't know exactly what you're doing (and what it's doing behind your back!). Use a normal text editor such as Notepad++, ViM, or even Notepad to edit files, and FTP such as FileZilla to upload/download files.

 

What permissions to use depends upon your hosting and how it's set up. On a Linux system you will see either rwxr-xr-x style or 755 style (they're interchangable). Directories are usually 755 (writable only by the owner). For any directory where the program needs to upload files to (or otherwise write in), try 755 first, although you may need to make it writable by group (775) or even world writable (777 -- change back to 755 when you're done uploading). You probably don't need to make any directory read-only, but that would be 555. Files are usually 644 (writable only by the owner). The same conditions apply as for directories, except "111" less. At least the two "configure.php" files need to be "read-only", which is usually 444. Ask your host for specific instructions if you can't figure this out. For most people, just use the default permissions but change configure.php to read-only. For some, you'll get error messages that osC is unable to write to a specific directory -- you'll need to add "write" permission (+020, or even +022) for just that directory.

 

On a Windows server, you may want or need to add "read-only" attributes to folders and/or selected files. I don't use a Windows server, so it would be best to ask your host or someone else who does use one. Your hosting service control panel will have the tools to do all this.

Share this post


Link to post
Share on other sites

And what about the .htaccess en .htpasswd files in the /admin/ directory?

I use osc 2.3.1 and I've set the permissions to 664 for these 2 files.

My guess would be to set those to 444 for security reasons, but then osc admin shows errors that these files should be writable... 644 isn't accepted either, the errors will only disappear with permissions set to 664. Why is that, and is it safe enough??

 

Little extra question about the permission settings for images. The ones I uploaded are set to 777, is this okay? I also see some are set to 644, why are those different and might that be a better setting?

Share this post


Link to post
Share on other sites

What to set .htaccess and .htpasswd to depends in the end on how your server is configured. You might want to ask your hosting service for advice. It wouldn't hurt to start with as tight of permissions as possible (444 or even more restrictive), and loosen them up only if osC complains that it needs to write to them.

 

644 means that the owner (you) can write to them, as well as any program running as owner (some PHP installations). That you have to use 664 simply means that PHP is not running as owner, but in your group. That should be reasonably safe. What you need to be careful about is if PHP is running as a random user ("world/other") and you have to grant xx6 permissions for specific files and xx7 permissions for specific directories. Those open up those files and directories to any other user sharing your system to overwrite files! In some configurations, visitors on the Web might even be able to write to them! In such a case, you want to change back to 644/755 as soon as you're done uploading files or whatever calls for osC (running PHP) to write files.

 

777 is bad for any file. Change them to 644. First of all, "7" means that it's read-write for everyone on the server, as well as unnecessarily setting the "execute bit" (needed only for directories and some executable files, such as binaries and shell scripts). If they were uploaded through osC, that's because there's some idiot code in osC that blindly sets permissions to 777.

ShopAdminNL likes this

Share this post


Link to post
Share on other sites