Warning: I am able to write to the configuration file:

**RFH Customer: Jon Freeman** · 23rd January 2006, 12:42 AM

OK from the serv-u 1.6 (which is what my clients say is running here) help files:

-------------

SITE CHMOD

The "SITE Change Mode" command comes from UNIX where it is used to change access rights for files and directories. There is no direct equivalent in Windows, it has been added due to popular demand, even though it does not make a whole lot of sense in a Windows file system context. The syntax is:

SITE CHMOD <nnnn> <path/file>

In this <nnnn> is the permission code in octal format. First number is for setting IDs and is not supported by Serv-U, second number is for setting ‘owner’ permissions, third number is for setting ‘group’ permissions and not supported by Serv-U, fourth and last number is for setting ‘other’ permissions and not supported by Serv-U. The octal number format is:

4 = read permission
2 = write permission
1 = search/execute permission

For FTP clients that support the CHMOD command, you can change the file's ‘read-only’ and ‘hidden’ attributes. The server will only look at the ‘owner’ number of the CHMOD command (ie. ‘group’ and ‘other’ are ignored). To make a file read-only the ‘read’ bit has to be set while the ‘write’ bit has to be reset. For the command this means "SITE CHMOD 4xx file.txt" (with "xx" any value) or "SITE CHMOD 5xx file.txt". To remove the read-only attribute just set the "read" and "write" bits, ie. "SITE CHMOD 6xx file.txt". To set the hidden attribute of a file both the "read" and "write" bits need to be reset, ie. "SITE CHMOD 0xx file.txt". Directory listings reflect the file's attributes by showing "r--" for read-only files and "---" for hidden files.

**Staff: Warren Ashcroft** · 23rd January 2006, 01:24 AM

Thanks for that, it appears Serv-U DOES do something, albeit very little.

From what I can see, the only thing it does is toggles the standard Windows file "Read Only" attribute - it does not meddle with NTFS permissions.

Read Only is different from Read Permission.

**DavidJenkins** · 24th January 2006, 10:12 PM

yeah i was playing with this for another application and smart ftp let me set the permissions... why doesnt helm support this feature??

**Staff: Warren Ashcroft** · 24th January 2006, 11:58 PM

Originally Posted by DavidJenkins

yeah i was playing with this for another application and smart ftp let me set the permissions... why doesnt helm support this feature??

Because its unnecessery - all the permissions you need are simply there, and they do not pose a security risk.

However, for those that are security concious, you can disable write permissions at a global level for the entire domain.

**Mustang™** · 19th February 2006, 02:09 AM

so we can't use any kind of cms with your hosting that requires file permissions to be set to chmod 777?

**Staff: Warren Ashcroft** · 19th February 2006, 02:22 AM

Originally Posted by Mustang™

so we can't use any kind of cms with your hosting that requires file permissions to be set to chmod 777?

Not true - your webspace by default has writing permissions therefore you can securly write to files using a CMS etc...

This does not apply when FrontPage Extensions are in use.

**Al@iamstudios** · 6th March 2006, 08:17 PM

Just in case you've gotten this far down and still have the problem, I ran into the same error as Tanzy when I tried to get osCommerce up and running. I found the advice here (http://www.oscommerce.info/kb/224) worked for me. It basically said to use CHMOD 444 instead of CHMOD 644 when you reset the values for the configure.php file after the installation is complete. I did that (using SmartFTP) and the message stopped appearing.

**RFH Reseller: chet** · 19th October 2006, 03:22 PM

That did not work for me but I have noticed the following in /includes/header.php

Code:

 
// check if the configure.php file is writeable
  if (WARN_CONFIG_WRITEABLE == 'true') {
    if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
      $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
    }
  }

I'm guessing but need Warren to back it up, the above can be commented out if the files are not writable

Martyn

**Staff: Warren Ashcroft** · 19th October 2006, 03:38 PM

Hello Martyn,
There is actually a setting in an osCommerce config file that you can turn on to turn off this warning/check.

osCommerce is assuming that if IT can write to the file, anybody/anything else can (which could be true in a Linux environment) but Windows security doesnt work like that.

**RFH Reseller: schofieldandwhite** · 19th October 2006, 04:05 PM

Originally Posted by Warren Ashcroft

osCommerce is assuming that if IT can write to the file, anybody/anything else can (which could be true in a Linux environment) but Windows security doesnt work like that.

That is why linux has seperate permissions for owner/group/everybody. However, it can be confusing, especially to those without experience of *nix systems, therefore care always has to be taken, as it can rub both ways

Even though I have several years experince of *nix systems, I still stop and think carefully before executing chmod.

Better safe than sorry

Windows is definitely more simple when it comes to file permissions, but as stated above, it can rub both ways