oS Commerce permissions problem


Today I installed my oS Commerce e-shop on craiglist.freehostia.com .

Freehostia  has many free installers, seven subdomains, I like their hosting service.

When opened the index page, a message in pink appeared reading “Warning: I am able to write to the configuration file:

home/www/craiglist.freehostia.com/admin/includes/configure.php.

This is a potential security risk – please set the right user permissions on this file.”

oscommerce permissions chmod

 

I understud that files  catalog/includes/configure.php and catalog/admin/includes/configure.php, must be set to “read – only” status in order to prevent this warning.

First I tried to change permissions of those two files trough web interface – selected them and click on ‘permissions.’

The pink message stayed on…

Then I deleted them  /first made a copy!/ – a hudge error message came when tried to access index or admin page.

Restored the configure.php files.

After that I decided to change permissions to all the files in Include folders.

They was set to standard chmod 644.

I set them to suisidal 777!

A red warning appeared on webinterface telling me ‘Are you crazy’ /not exactly but with other words 😉

Some words about file/folder permissions a.k.a. CHMOD:

If you Right click on any file and select ‘Properties’  a message box will appear.
You maybe know there are checkboxes ‘Read-only’, ‘Hidden’, ‘Archive’. This is for files on your computer.
When files are to be uploaded and accessed through Internet, the term CHMOD is used.

CHMOD is similar but there are more possibilities to fine adjust access permissions – for example the Owner of the site can write and execute the file and another people – only to read it.

There are some combinations between Owner, visitors and their levels of access. So there is  a  unique three-digit number for each.

Chmod 777 means total freedom – everyone is allowed to read, write and execute the file. This is dangerous because someone visitor may re-write the file with some maliciuos code or just delete it!

Chmod444 and 600 put more restrictions for security reasons and are most often used.

You may ask – why are those numbers needed – just put restriction for everyone and no problems.

But if file is overprotected, it could not be changed/rewrited  by some php scripts and another error messages appear. Your web site /eshop, forum, blog/ could not work normal.

CHMOD is a  Linux – friendly command, so sometimes Windows files refuse to understand it and change as we wish.

In that case a good idea is to change chmod using FTP software. There are a lot of free FTP programs.

I used CuteFTP8.0 to connect via FTP protocol to my webhost /freehostia./

You have to know the ftp address to connect your host or ask your host provider or look in their support forum. Usually there is FTP info on your control panel page. Then run CuteFTP and paste this addres. Press ‘connect’.

When connecter remotely, you will see two windows with folders and files – the left is your computer and the right is your web site /osCommerce in my case./

Find in tree structure catalog/includes/configure.php and catalog/admin/includes/configure.php files /one by one not at once as they are in different folders and subfolders./

Then rightclick on that configure.php  files –> choose ‘ properties’ and select read only – chmod 444.

 This is all.

After refreshing the oSCommerce page, the pink message is disappeared for good!