Warning: I am able to write to the configuration file

[robertbob]

I'm getting the message from the zen\include\configure.php but I changed the admin configure.php to 444 and the problem persists.

I'm thinking that I should try a fresh install, but I hesitate since I would have to redo all of my customization.

[Kim]

There are 2 configure files. One at includes/configure.php and the other at admin/includes/configure.php. Are they both 644?

[robertbob]

They are both at 444. Would a reinstall be of any use?

[Ajeh]

You are positive that they are set to 444 ...

As in after you set them you checked once more to make sure the setting took?

If that is the case ... and this only happens on rare rare occaisions with hosts that usually have something not configured quite right on the server ... you can comment out the error ...

We do not like this as being the method you use ...

Can you please check once more the settings on:
/includes/configure.php

/admin/includes/configure.php

and make sure that they are, in fact set to 444 ...

[DrByte]

They are both at 444. Would a reinstall be of any use?

Re-installing won't make any difference.

Some hosts have more isolated security arrangements and thus allow more direct access to their customers' files. The warning is telling you that if someone were to get past Zen Cart's security systems, they could possibly read or change those very important configuration files. Thus it's important to find a way to prevent the warning message, rather than merely suppress it.

The message is saying that the webserver, using PHP, *is* able to write to the file, according to the access check that PHP does against the file.

Sometimes, although rare, it's necessary to set these files to 400 instead of the common 444 or 644. Any lower than 400 may cause you to lose access to the file.


Some hosts have security configured such that even when you "ask" the server to set the files to 444, they remain at 644 or even get changed again later by a server security or filesystem properties check. This is why folks have asked to check and double-check what the permissions are ;)

(I've combined some of this information into the FAQ on this topic, available here:
https://www.zen-cart.com/tutorials/index.php?article=90 )

[robertbob]

Thanks for all of the suggestions, however, even when I set the permissions to 400 on both configure files I still get the warning message. I agree that disabling the warning is not the ideal solution but I am running out of options.

I set the file premissions with my webhost file manager software and then I log out and double check them with an FTP software and it does confirm the permission setting to be at 400.

[DrByte]

Very well - you can override it by following this approach:
http://www.zen-cart.com/forum/showthread.php?t=54400

But ... I'd be watching carefully to be sure your server doesn't have compromised security and is leaving you open for trouble...

If you were only advertising or using static pages, that's one thing ... but you're running a store, with private and confidential customer information and financial data flowing through it. That's quite another scenario -- and not one to be taken lightly.

[azrahn]

Hi.

Highly unlikely but possible is that the account that apache runs under has admin rights on the directory's.
Then the files would always be writable by the webserver.

Ronald.

[manada]

Had the same problem some time ago. The website Control Panel was showing 444 for this file but when I went through SHH and checked, it was rw-rw- r . I had to set manually: chmod 444 configure.php. It worked out.

Adam T.