Jump to content

Recommended Posts

Hello,

I recently installed osCommerce 2.3.4.1 on an Ubuntu 18.04 server running Apache2 as the web server. After installation and logged in the admin dashboard and do the file and folder security check, I was presented with the following in the screenshot. What appropriate permissions do I need to set? And are there any free templates that I can use for the shop? Thank you and looking forward to your inputs.

 

screencapture-my247deals-admin-sec-dir-permissions-php-2019-11-29-10_45_40.png

Share this post


Link to post
Share on other sites

Who owns the directories?  If it is the web user and you can't change ownership, you'd have to change the permissions to 555 on the red X directories.

If some other user (e.g. the FTP user) owns the directories, then you could do 755. 

If the FTP user owns the directories and the group matches the web user, you could do 750. 

There are other possibilities, but those are the main ones. 

The equivalent permissions for files are 444, 644, and 640 respectively unless you're on one of the rare servers that requires PHP files to have the execute bit checked. 

If you haven't already realized, the goal is to have a red X in the left column everywhere there is a red X in the right column. 

For the directories with a green check mark, 770 or 777 are two likely possibilities.  770 is preferable if it works. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
On 11/29/2019 at 11:18 AM, ecartz said:

Who owns the directories?  If it is the web user and you can't change ownership, you'd have to change the permissions to 555 on the red X directories.

If some other user (e.g. the FTP user) owns the directories, then you could do 755. 

If the FTP user owns the directories and the group matches the web user, you could do 750. 

There are other possibilities, but those are the main ones. 

The equivalent permissions for files are 444, 644, and 640 respectively unless you're on one of the rare servers that requires PHP files to have the execute bit checked. 

If you haven't already realized, the goal is to have a red X in the left column everywhere there is a red X in the right column. 

For the directories with a green check mark, 770 or 777 are two likely possibilities.  770 is preferable if it works. 

Thank you for your response. But I'm not quite sure what to look for, maybe to have a green check mark everywhere or just the left column or the right column. The web directory is owned by www-data and the group www-data. I can change the ownership to whatever I want since I have root access on the server. I have changed the include folder permission to basically all permissions already without seeing any noticeable change when refreshing that page. If I understand you quite well, you're saying the left column should all have a red X mark. But what about the right column? Should they all also have a red X all through or the opposite? I currently stopped the Apache web server so that I don't get hacked while trying to fix the directory permissions. Thank you for your help.

Share this post


Link to post
Share on other sites
chown -R root .
chmod -R g-w .
chmod -R g+w images/ includes/work/ pub/
chmod 640 includes/configure.php admin/includes/configure.php

Run from within the catalog directory. 

The right column is set by the application.  The goal is to make the left column match the right column (which may not be the best interface, but it's what we have). 

You could change the root in the first command to a different user.  Pretty much any user *except* www-data.  The user you use to SFTP to the server is a good choice. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
5 hours ago, ecartz said:

chown -R root .
chmod -R g-w .
chmod -R g+w images/ includes/work/ pub/
chmod 640 includes/configure.php admin/includes/configure.php

Run from within the catalog directory. 

The right column is set by the application.  The goal is to make the left column match the right column (which may not be the best interface, but it's what we have). 

You could change the root in the first command to a different user.  Pretty much any user *except* www-data.  The user you use to SFTP to the server is a good choice. 

Thank you but after following your instructions above and change the web root directory user to the user I used to ssh to the server, and changed the file and folder permissions as you have instructed above, I get "Unable to connect to database server!" error. I will keep trying anyway to see if I can come up with a fix.

Share this post


Link to post
Share on other sites

There might be a useful error message in the Apache error log.  That usually appears somewhere like /var/log/apache2/error.log or /var/log/httpd/error.log

You could try

chown -R ftp_user.www-data .

If that's not already how the ownership is set up. 

You might also verify that Apache is running as something in the group www-data. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×