View Full Version : Permissioning Issue on Fresh Install - MS2MAX

10-09-2003, 08:33 PM
Hi, I have just finished an install of ms2-max using the oscdox guide. I used CuteFTP to upload my files. I set the permissions for /catalog/includes/configure.php and catalog/admin/includes/configure.php to 777 through SSH using Putty.exe for the installation. At the end of the installation did a "chmod -v 644 configure.php" to change the permissioning and it all looks good (configure.php' changed to 0644 (rw-r--r--)). But everytime I hit my /catalog/index.php, I would still get:

Warning: I am able to write to the configuration file: /homepages/11/xxxxxxxx/htdocs/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

What gives? Does anyone have any ideas? I checked through FP and SSH and the permissioning on both configure.php's looks correct. Why am I still getting this?

Help is much appreciated, Thanks..

10-10-2003, 03:47 AM
This suggestion was taken from another board. I have used it and it worked for me.

Create a file called protect.php with the following contents:

chmod('includes/configure.php', 0444);

Upload it to your catalog folder and then in a browser open protect.php on your site. It will set the protection. The only alternative seems to be to ask PowWeb support to set it for you.

I suggest also uploading this to your admin folder and opening that too. Once you have done this, you can delete the protect.php files.

10-10-2003, 04:40 AM
Thanks, I have just tried your suggestion but it didn't seem to work. I actually changed it to chmod('includes/configure.php', 0644); because wouldn't 444 pervent configure.php from being altered or deleted in the future even by the owner?

10-10-2003, 07:37 AM
Try it a 444. That may be your issue. Different servers have different requirements. If 0644 doesnt work, get more restrictive. Since you already have osCommerce configured, there is no need for anyone to be able to edit it. It is easy enough to chmod it back to less restrictive permissions later...