define_pages and html_includes permissions

[ALiepinieks]

Hello, seen a bunch of questions similar to mine, but have been looking for two days now and can't find one that is the same, so apologies if this has been answered elsewhere.

I seem to be unable to access any file situated under the includes/languages/english/html_includes directory via the define pages editor. The following message is displayed at top of screen:

Error: I can not write to this file. Please set the right user permissions on: /home/onyx/public_html/includes/languages/english/html_includes/define_main_page.php

Incidentally, the update button is nowhere to be seen, and the plain text editor doesn't even allow changes let alone saving them (htmlarea allows changes on screen, but no update possible).

So I checked the permissions on the html_includes folder, and they are currently set to 777 for the time-being. All files have been set to 644, and I've changed and re-applied these permissions a few times to see if the change will in fact make a difference. The only time it makes a difference is when I change the files to 666, and I while I have left them this way for now it does not seem like this should be the case.

Lastly, I can edit the files via ftp / text editor successfully, so it would not appear as if permissions alone are the problem (at least not to me).

Has anyone got any ideas what the problem could be? Thanks in advance for any help.

...


I have some additional info below if it is of any importance...


Initially I moved a working ZC fileset (1.3.8a) and database to a new server, and ran into some permission problems along the way. Fixed most of these fairly quickly, but after the 4th problem it occurred to me that this could go on forever, or at least until I fully test every possible feature whether it's used or not.

The html_includes problem was one of these that was encountered, and quite obviously this was not the case on the previous server.

So I decided this might be a good time to upgrade to 1.3.9c. As database had been backed up, and all overrides diligently documented, I achieved chose a fresh install and for once in my life followed the installation instructions to the letter, including pre and post-installation permission changes etc.

Still to this point having the problem.

[haredo]

Take time to read this, maybe you have missed a permission..

http://www.zen-cart.com/forum/showthread.php?t=35748

[ALiepinieks]

OK, this makes perfect sense and thanks very much for pointing me to the right thread.

...but...

I swear I saw somewhere in the documentation these files needed to be 644, or perhaps it was in an area stipulating methods for securing the site?

I simply cannot ask my client to reset permissions on files every time he wants to edit them, any ideas on a way around this? (I only ask because I'm led to believe the very nature of these files being editable makes them the most likely to be hacked)

[haredo]

You are very correct but it is a pain (but necessary) to keep hackers playing on someone else's site..

https://www.zen-cart.com/tutorials/index.php?article=73
Read post #7

[ALiepinieks]

ok, so no hope on the horizon - understand, and thanks for your help : )

as an aside, it seems odd to me therefore that html_includes wouldn't be stored in a similar fashion to ezpages then (easy in retrospect!). just by definition they are typically 99% text and therefore more suitable for db storage than ezpages, so is this simply the evolution of zc they took or is there some other practical reason they're stored as files with this security vs flexibility dilemma?

[haredo]

Your Welcome... Glad I could point you in the right direction..