Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2005
    Posts
    11
    Plugin Contributions
    0
    I've got the shop nearly fixed... However, it is still giving me the RED error message about permissions on configure.php, even though I KNOW it is set to 444... I've tried swapping it to 644, and back to 444... Still gives me the error message.

    http://www.seasidekites.com/shop

    Any ideas?

    Thanks in advance. :)


    Zen Cart 1.3.0.2
    MySQL 5.0.24-standard
    PHP Version 4.4.3

  2. #2
    Join Date
    Mar 2006
    Posts
    921
    Plugin Contributions
    2

    Default Re: configure.php permissions

    Maybe you're on a Windows-based server. If so, I don't think it's possible to CHMOD files.

    If this is the case, you can set the file to 'Read-only' from the properties dialog box in Windows (that's if you have remote access to the server).

    Hope this helps.

  3. #3
    Join Date
    Mar 2005
    Posts
    11
    Plugin Contributions
    0

    Default Re: configure.php permissions

    It's LINUX based... Never had this problem before, only with this script.

    Done lots of scripts, lots of permissions settings... Unique problem here.

  4. #4
    Join Date
    Jan 2004
    Posts
    59,767
    Blog Entries
    4
    Plugin Contributions
    133

    Default Re: configure.php permissions

    Quote Originally Posted by satori
    Never had this problem before, only with this script.

    Done lots of scripts, lots of permissions settings... Unique problem here.
    Sounds impressive.

    I guess that means you'll understand the technical info below, along with the security implications of adjusting the code...


    Zen Cart is using PHP's is_writable() function to check whether that file is writable by PHP.

    So ... PHP says it's writable. That means security risk, as anyone else using PHP on the same server "could" write a script to use PHP to write to that file and mess with your site. Hence the warning.

    If you are 100% convinced that PHP is wrong and that there is no risk, then feel free to manually override the warning by editing the define for
    define('WARN_CONFIG_WRITEABLE', 'true');
    in /includes/init_includes/overrides/init_header.php

  5. #5
    Join Date
    Mar 2005
    Posts
    11
    Plugin Contributions
    0

    Default Re: configure.php permissions

    Nothing impressive about it, although I know you were being a little snide. ;)

    I'm no Sensei, but I've installed my share of scripts.

    When I open the file's permissions by Dreamweaver OR CuteFTP, it shows as 444... Is there any way to be any more certain?

  6. #6
    Join Date
    Jan 2004
    Posts
    59,767
    Blog Entries
    4
    Plugin Contributions
    133

    Default Re: configure.php permissions

    Apologies extended for being snide.

    I really don't know your server's configuration details. I'd suggest talking to your host and asking why PHP is saying the file is still writable even though you've marked it read-only.
    Does your host offer a control panel? does that control panel have a file manager? Does it offer any tighter permissions settings?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: configure.php permissions

    Correcting the permissions setting for configure.php

    I found that my server's control panel was showing different permissions for this file even though Dreamweaver and CuteFTP and Leach were allowing me to set the permissions and were reporting them as my setting. I discovered that my host was not allowing a setting lower than 600. If you set it at 444 in your ftp program, it would report back as 444, but viewing it through control panel's filebrowser I discovered it was set to 600. I had to manually set it in the file browser to 400.

    I had to set the permissions there to 400, not 644 and not 444.

  8. #8
    Join Date
    Aug 2006
    Posts
    2
    Plugin Contributions
    0

    Default Re: configure.php permissions

    Quote Originally Posted by DrByte
    Zen Cart is using PHP's is_writable() function to check whether that file is writable by PHP.

    So ... PHP says it's writable. That means security risk, as anyone else using PHP on the same server "could" write a script to use PHP to write to that file and mess with your site. Hence the warning.

    If you are 100% convinced that PHP is wrong and that there is no risk, then feel free to manually override the warning by editing the define for
    define('WARN_CONFIG_WRITEABLE', 'true');
    in /includes/init_includes/overrides/init_header.php
    I think you're right bro, cause in the same problem with my site. I've got an error like thread starter too. But after I make a few change from:

    define('WARN_CONFIG_WRITEABLE', 'true');
    in /includes/init_includes/init_header.php to:

    define('WARN_CONFIG_WRITEABLE', 'false');
    And I don't got an error notice again like before.

    Thanks a lot bro DrByte

  9. #9
    Join Date
    Jan 2004
    Posts
    59,767
    Blog Entries
    4
    Plugin Contributions
    133

    Default Re: configure.php permissions

    NOTE: You MAY NOT be SECURE by doing that.

    That approach is a LAST RESORT only, and should ONLY be used after ALL OTHER options have been explored ... INCLUDING a confirmation from your web host that the files are TRULY safe and NOT writable by any hackers.

    Otherwise, you put your site at risk.

    Turning off a warning is NOT the same as solving the problem it is reporting.

    USE AT OWN RISK
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #10
    Join Date
    Aug 2006
    Posts
    2
    Plugin Contributions
    0

    Default Re: configure.php permissions

    Quote Originally Posted by DrByte
    NOTE: You MAY NOT be SECURE by doing that.

    That approach is a LAST RESORT only, and should ONLY be used after ALL OTHER options have been explored ... INCLUDING a confirmation from your web host that the files are TRULY safe and NOT writable by any hackers.

    Otherwise, you put your site at risk.

    Turning off a warning is NOT the same as solving the problem it is reporting.

    USE AT OWN RISK
    Yup bro, but maybe that is the last option if all the options still can't solve the problem.

    But, I think it will be okay if we only change it after changed the chmod option for the file.

 

 

Similar Threads

  1. configure.php permissions issue
    By wisecounselor in forum Installing on a Linux/Unix Server
    Replies: 3
    Last Post: 7 Jul 2006, 08:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •