Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

jchasick

FAQ: Warning: I am able to write to the configuration file

50 posts in this topic

Q: What should i do to set the right user permission ???

 

Warning: I am able to write to the configuration file: c:/phpdev/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

A: you need to chmod the configure.php file to 644

Share this post


Link to post
Share on other sites

If you're using Windows as your test server and you get this error... just do the following:

Right click on 'includes/configure.php'

Select 'Properties' (A new box will appear...)

Select/Tick 'Read-only'

Click 'Ok'

(Don't forget to do this for both your 'catalog' and 'admin' directories.

 

Viola!

All better...

 

Cheers,

Tony

Share this post


Link to post
Share on other sites

thanks for the Windows pickup Tony!

 

you seem to be very well versed and I invite you to please share your Windows knowledge for all the benefit from - your tips and hints and input are greatly appreciated :)

 

8)

Share this post


Link to post
Share on other sites

Thanks Jeff!

 

I'll be starting an 'Installation on Windows' tutorial for the WIKI soon, which will cover everything from Apache/PHP/mySQL/mySQL Front/phpMyAdmin download locations and recommended installation methods.

I'll also be including the setup of osCommerce sites as a local websites (as per recent 'tips & tricks').

 

Basic moral of the tutorial will be to cover a Windows user up until the point where they need to configure the store with their store name and product details.

 

Once I get the time to install a Linux box... you'll see many more questions coming from my direction. :)

 

Cheers,

Tony

Share this post


Link to post
Share on other sites

Dear Tony,

 

I have a problem with that warning.

 

I follow your step during i testing them in my computer and it working fine.

 

But once i make a change on my server ( Unix ) to chomod 644, the warning still the same thing ??

 

What should i do..

thank you very much

Share this post


Link to post
Share on other sites

Tony - A manual as already been published:

 

Can't remember were I got it put it's eleven pages long!!!

 

PM Me if you want it!!

 

Warren

Share this post


Link to post
Share on other sites

CHMOD 644 should be fine.

 

Did you CHMOD both the admin and the catalog configure.php files?

 

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

 

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

 

Let me know how you go...

Share this post


Link to post
Share on other sites

Hi,

 

You will probably need to set catalog/includes/configure.php to 444 as I had this problem when my server was updated to new security levels.

 

I still have the admin/includes/configure.php set to 644 which seems to be no problem.

Share this post


Link to post
Share on other sites

Theres a 'glitch' with this well known FTP program.

 

When you highlight a file /directory and right-click >CHMOD

 

The value shown is the setting you used when last changing permission!

 

Lets say you have 2 files which need to be 755

 

You set the first file to 755 by ticking the correct boxes.

 

When your about to do the second, you notice it says 755 ...so you think thats alright and dont change it. When in reality it will be whatever it was before !

 

WS-FTP LE only shows the value after the operation, on screen you see boxes which you have to tick.

 

I was helping a student when I noticed this. I have changed to another FTP program. WS-FTP LE is fine for basic FTP useage.

 

Hope this helps someone.

Share this post


Link to post
Share on other sites
CHMOD 644 should be fine.

 

Did you CHMOD both the admin and the catalog configure.php files?

 

If you only did one, do a quick check to make sure it was the correct one... and then do both anyway.

 

Try surfing to another page off the default page, just incase your default page is being retreived from your browsers cache.

 

Let me know how you go...

 

In some cases you may need to set it to chmod 444. My server is that way, I get errors if I don't.

Share this post


Link to post
Share on other sites

Hm i got same problem.

 

i have set the CHMOD permissions to both files to 444 but i still have this message on top of the page. it can not be a problem of my cache ... i have done this with two PCs and with several FTP Clients. And i have deleted Cache several times.

Share this post


Link to post
Share on other sites

I am getting the same error. Both configure.php files are set to 444. I have deleted my cache and have even tried it on another computer - the error is still there...

 

Any ideas? Thanks.

Share this post


Link to post
Share on other sites

644 should be appropriate, but 444 is probably better if you want to be sure you don't accidently modify the file.

after initial configuration, there usually is not a need to edit the file again.

If you are still getting an error with permissions set as 444, then there is a problem with the check function itself.

I saw this error after I had set the permissions to 644, and at this point, I have commented out the check. I don't recommend this for everyone, but I definitely don't want a customer seeing this message, ever!.

I believe the best place for any checks like this would be the admin interface.

Share this post


Link to post
Share on other sites

Hi all,

felt a bit better when I saw all you guys experiencing the same problem as myself.

Since I have tried everything suggested and still have this annoying error message in the top of the page (and I assure you I do not want any customers to see it!) so I have understood that my last resort is to comment out the 'check'

 

but how do I find this check??

 

Please help,

Cheers,

Froggie

Share this post


Link to post
Share on other sites

A note for Windows Server 2003 Enterprise/Apache httpd: You need to dissallow access to the file to the use that the Apache service is running under in addition to making the file read-only.

Share this post


Link to post
Share on other sites

In the Old Wiki there used to be a section on what to CHMOD all files that needed protecting/changing. unfortunately I cant seem to be able to find this in the new knowledge base and cant remember what each folders permissions should be.

 

Can anyone remember what all the reccomended settings are?

 

rgds

Paul

Share this post


Link to post
Share on other sites

I use 444 for the configure.php files. Some say it is overkill, but it works. Other files can be 755.

Share this post


Link to post
Share on other sites

i have had this same problem -- still do.

changed permissions on both stated files to 444.... even installed steves protection of configuration contribution.

it tells me the settings have been changed, but they come up unprotected again.

 

so.... will commenting be my only option here?

Share this post


Link to post
Share on other sites

To explain things a little about setting permissions.

 

The CHMOD command used via FTP is only of use on Apache servers with a Unix/Linux operating system. CHMOD is an Apache command and does not work on Windows. If you're on a Windows server then you can CHMOD the files as much as you like via FTP and the settings wil appear to change whilst in reality they remain the same.

 

If you have not already done so you should try using the File Manager in your web hosting control panel to reset permissions.

 

You can also try this method:

 

Create a new text file on your desktop and rename it to chmod.php (ignore the warning about changing the file type). Then put the code below into it, and upload to the root of your osCommerce website. Once you've done that go to the root of your website in your browser and add 'chmod.php' onto the address e.g. http://www.yourdomain.com/chmod.php You won't see anything on the screen but the permissions should have been changed.

 

<?php
chmod ("includes/configure.php", 0444);
?>

 

If that doesn't do it then get onto your hosting company. Don't leave the chmod.php file on the server.

 

Vger

Share this post


Link to post
Share on other sites
To explain things a little about setting permissions.

 

The CHMOD command used via FTP is only of use on Apache servers with a Unix/Linux operating system. CHMOD is an Apache command and does not work on Windows. If you're on a Windows server then you can CHMOD the files as much as you like via FTP and the settings wil appear to change whilst in reality they remain the same.

 

If you have not already done so you should try using the File Manager in your web hosting control panel to reset permissions.

 

You can also try this method:

 

Create a new text file on your desktop and rename it to chmod.php (ignore the warning about changing the file type). Then put the code below into it, and upload to the root of your osCommerce website. Once you've done that go to the root of your website in your browser and add 'chmod.php' onto the address e.g. http://www.yourdomain.com/chmod.php You won't see anything on the screen but the permissions should have been changed.

 

<?php
chmod ("includes/configure.php", 0444);
?>

 

If that doesn't do it then get onto your hosting company. Don't leave the chmod.php file on the server.

 

Vger

 

Hi.

 

I got this error and tried the different settings with CHMOD in WS FTP but still got the error.

Then i tried to make this file as discribed here. And this solved the error ! Thanks

:thumbsup:

Share this post


Link to post
Share on other sites

Has any one found a solution to this issue yet. I have simply commented it out but I still don't understand what is going wrong with the check. Permissions are set correctly. i even installed a tool to do this but it doesn't seem to work either keeps coming back as unprotected.

Share this post


Link to post
Share on other sites
I added a contribution to manage this. http://www.oscommerce.com/community/contributions,2137

 

I love you Steve L. (litterary speaking)

Im on a Apache - Linux server and added your contribution (the last updat). Worked perfectly! Been trying to solve this problem for over one week so Im releved - think Im going out for a beer to salubrate.

/h

Share this post


Link to post
Share on other sites