Jump to content

Archived

This topic is now archived and is closed to further replies.

vampirehunter

Should Security Directory Permissions match the recommended ticks or crosses?

Recommended Posts

in the admin when logged in, its saying big red x signs next to a lot of the folders and files.

 

ive checked in cpanel and all the folders are 755 and files 644 or 444.

 

should that recommended ticks and crosses be ignored ?

 

and what should root directory such as public_html be chmod as?

 

thanks

Share this post


Link to post
Share on other sites

Normally, the recommended permissions should leave files and directories writable by the owner and only readable by all others. This usually means 644/755, although I have seen systems where the normal permissions are 604/705. Depending on whether PHP is running as owner, in group, or as a random user, you may have to add write permission (020 or 002) to some files and directories, in order for PHP to be able to write to them. The two configure.php files should have PHP write access taken away from them after setup, which can mean 444, but 644 can be unwritable in some setups. Your 644/755 permissions are common, but not universal. I don't know what the display is trying to tell you -- it could very well be totally wrong. I wouldn't worry about it if your store is running satisfactorily, and PHP can't write to the configure.php files.

 

On my hosting, public_html happens to be 750 permissions. If you think you might have changed yours accidentally, you could ask your host what they recommend.

Share this post


Link to post
Share on other sites

Normally, the recommended permissions should leave files and directories writable by the owner and only readable by all others. This usually means 644/755, although I have seen systems where the normal permissions are 604/705. Depending on whether PHP is running as owner, in group, or as a random user, you may have to add write permission (020 or 002) to some files and directories, in order for PHP to be able to write to them. The two configure.php files should have PHP write access taken away from them after setup, which can mean 444, but 644 can be unwritable in some setups. Your 644/755 permissions are common, but not universal. I don't know what the display is trying to tell you -- it could very well be totally wrong. I wouldn't worry about it if your store is running satisfactorily, and PHP can't write to the configure.php files.

 

On my hosting, public_html happens to be 750 permissions. If you think you might have changed yours accidentally, you could ask your host what they recommend.

 

cool, thanks

Yes, i went through all the folders and files,

and all are as expeccted, 755 and 644, with configure files as 444.

 

I guess the admin area permissions x marks can be ignored then. I will double check with the host anyway what they recommend.

Share this post


Link to post
Share on other sites

It doesn't look like that is a finished tool. The code checks two things. First, it checks if a directory is writeable. Then it checks a database table to see if that table has been whitelisted, which I suppose means it is OK to write to. If there is an entry in that table a check mark is shown in the last column. Otherwise an x is shown. But the table it is checking is empty and there isn't anywhere in the code to add an entry for it so that last column will always have an x in it.

Share this post


Link to post
Share on other sites

It doesn't look like that is a finished tool.

 

I suspected as much. A Quick'n'Dirty fix would be to add some INSERT entries into oscommerce.sql to populate the table for default usage. Beyond that, does anyone know if there are cases where you would want admin tools to change which tables/files should be writable? How about add-ons that add new directories or files? Does this adequately handle directories/files that should be read-only (versus can be R/W or must be R/W)? Does it work at all stages of osC's installation process (e.g., configure.php files should initially be R/W, later changed to R/O). Does it work on Windows servers, or just Linux?

 

Unfixed, the code and table should be removed from the product, as it only generates confusion and serves no useful purpose.

Share this post


Link to post
Share on other sites

×