I would like to know the answer too. Anyone here know what is the answer to your question. I'll do some investigation and get back to you if I bump into an anything. You should email the people at iContact as they probably could give you an answer..

Carl, go with what Chris said..

I am far from an expert in this, but over the past couple year's and dealing with different web hosts it's apparent to me that the host support folks, for at least the hosts I deal with, really don't know osCommerce all that well. They tend to make recommendations that apply to iContact website structure they do know, and those recommendations don't fit the requirements of osC in all cases..

I tend to rely on support from Chris here on osC forums over my own host tech support in many cases because of that...

Im with you on that bud but EVERY TIME I change the includes/configure.php to 444.

It simply reverts back to 400 of all things, Changed it with ftp/hosts cpanel/escommerce.

File manager the lot..

Just doesnt stay at 444.???.

Hmmm WHATS ONE TO DO..

ITS LIKE HAVING A MISCHIEVOUS DOG THAT DOESNT DO AS ITS TOLD..

Cheers..

Carl..

Hi Carl,.

The recommended file permissions above are 'normal' permissions. However, depending on your hosting provider, they may have different defaults. Godaddy defaults are 705 for directories and 604 for files, however....the user (you) should always be able to overide these settings and the two configure.php files should NEVER be anything more than 444. If your host won't allow you to make the configure.php files 444 and insist on 644, then ensure you have htaccess protection for the configure files..

# Disable access to config.php.

<Files ~ "includes\configure.php$">.

Deny from all.

</Files>.

Chris..

That one I can't answer, but my hunch it's something host server specific that's causing that? Others here with more tech knowledge might be have an idea..

On my host, 444 is read only for User, Group and Other. 400 is just User read only, with nothing for Group and Other..

I have read here in the forums that not all hosts treat permissions the same way, meaning settings could vary on certain permissions. So perhaps that's what's going on. Good luck on that...

Read >>.

Quick Install Guide.

First post by Vger #4.

Even though it was written for the 2.2 MS2, it still applies..

Why does your host resets your 444 to 400? >>.

We don't know..

Does resetting your configure.php file from 444 to 400 compromises that specific file? >>.

No, not at all..

Is it safe to leave the permission at 400? >>.

Yes..

Is it safe to leave the permission at 444? >>.

Yes..

What's the difference? >>.

400 is stricter than 444..

In both cases(400 or 444), to overwrite that file, you need to raise the permission(chmod) level...

Thanks Bryce..

I'll take note of that..

Much Appreciated as always,.

Will have a mooch through that guide for the other version..

And cheers once again chris.

(htaccess protection for the configure files.).

I'll take this onboard too.

I'm guna do a test and copy the config file - rename it and 444 it..

Then if it changes itself then my hosting server must not recognise 444..

Just a theory lol.

Thanks Guyz.

Carl...

My check permissions add-on allow you to blat permissions onto files in one go..

HTH.

G..

Hi G.....

Setting the permissions are done tbh, it's keeping them that way lol..

But still... can I get this addon with instructions on how to install.

It.?.

Thanks.

Carl...

If your store runs with configure.php set at 400 what is the problem?.

400 is stricter and more secure so you will be better off with those permissions providing the store functions ok..

Well......

I dont know fella. I'm only following what I'm told and trying.

To get it to the permission that oscommerce apparently works.

Better with, just listening to the experts.

If it's ok on 400 then no problem..

Cheers...

To get the add-on click on add-ons in the blue bar at the top of this iContact site and enter Check permissions in the search box..

Cheers.

G..

I did run my store successfully with the configure.php files set to 400 at one time so it does work, but it is dependent on the hosting service - sounds like yours want it that way so... give it a try - running at 400 is better than running at 644..

Got it. Might try it after.

Thanks..

This post has been edited by.

Solveit-uk.

: 31 December 2010, 18:11..

Is that under osC's "file_manager.php"? If so, that's a grave security risk. If you're running osC 2.2RC2a or earlier, follow the instructions in.

Http://forums.oscomm...howtopic=313323.

To harden your site. Especially note that you have to delete file_manager.php..

All PHP (.php) and image files (.gif, .jpg, etc.) should normally be 644. The two "configure.php" files might be 644, but if PHP is running as "owner" you may get warnings that osC can write to those files. In that case, 444 or tighter should work. Folders (directories) are usually no more than 755, although if osC complains that it can't write files to a particular directory, you will have to change permissions.

On those directories only.

To 775 or even (temporarily) 777. As customers and visitors have no business writing files to your site, you would normally not leave a directory "world writable" (777). Even if PHP is running as a random user, and requires 777 permissions for osC to write to a directory, you should set it back to 755 when you're done uploading product data or whatever. If there's something that requires 777 for day-to-day operations, good luck... you're going to need it!.

Note that many servers are configured to ignore permission change requests from FTP clients. If that's the case with you, you will need to sign on to your hosting account file manager (e.g., cPanel > File Manager) to change permissions..

It's not clear to me if the "recommendations" you list are coming from osC or your host. 600 for the configure.php files is bad, as it probably still allows osC/PHP to write to the files. If this is from a host tool, they obviously don't know about osC's particular needs. If this is from an osC tool, I'm surprised at some of the permissions they suggest. By any chance are you on a Windows server? If so, permissions may change "all by themselves" to something that Windows can handle. Windows' permission structure is quite different than Linux's, and the osC tools would probably have been written with Linux in mind.



Needed.

And use Windows' tools accordingly to set them..

Remember, you only want yourself (as owner) to be able to.

Write.

To a directory or file (6 or 7 for the first digit for files or directories under Linux, no "Read Only" under Windows). Everyone else (the group and world members under Linux: second and third digits) should have read permission (4 or 5 for files or directories). On Windows, it would be "Read Only" for everyone but the owner. 644 for files, 755 for directories under Linux; "Read Only" for non-owner under Windows. There are exceptions:.

1) The two configure.php files should.

Not.

Be writable by PHP (osC), to prevent accidental or malicious corruption. Depending on how your server is configured (PHP is running as the owner or not), this may involve removing write permission from the owner (644 -> 444 in Linux, add "Read Only" for owner in Windows). If PHP is already running as "group" or "world" (not as "owner"), you may not have to do anything. Best: leave the configure.php files with the same permissions as all other files, and wait to see if osC gives you a warning about being able to write to the two files. If it does, take away "write"/add "Read Only" to their permissions..

2) osC may complain that it is unable to write to certain files or directories in the normal course of it's business. The solution is.

For these specific files or directories only.

To add "write" permission to "group" or even "world" (664 or 666 for files, 775 or 777 for directories under Linux; remove "Read Only" for non-owners under Windows). Try 664/775 first (under Linux), as it is safer than 666/777. If you absolutely.

Must.

Go to 666/777 permissions under Linux (just for selected files or directories), because PHP is running as a random ("world") user, try to change back to 644/755 when you're done with whatever operation needed to write files. You want to leave as little as possible "world writable" by other random users, not just those out on the Web, but including those sharing your server. Best: give all files 644 permissions, and all directories 755 (Linux), and wait for osC to complain that it can't write to something..

3) osC does not normally run shell scripts or executable binaries, so this may not apply to you, but on a Linux system such files need to be marked "executable" (add 111), which normally means 755 instead of 644 permissions..

You can often use tighter (more restrictive) permissions than those given here, but it's possible to get.

Too.

Restrictive and prevent osC from operating normally. So, depending on how your server is configured, it may indeed be possible to run files at 600 instead of 644 (Linux system) or forbid access to anyone but the owner (Windows). And remember, Windows uses a different permission system than Linux, so certain Linux-style permissions may not be acceptable to Windows, and a permission such as 444 may be mysteriously turned into 400. Be careful about using tools (such as from osC's File Manager) that were built with Linux in mind they may do surprising things on Windows. You're probably better off using Windows' built-in file/folder permission tools to make changes. I would suggest starting with standard permissions for files and directories/folders, and only tightening/loosening them as required to quiet warnings that osC can (or can't) write to them..

Individual hosts may have their own rules about what permissions are allowed or are encouraged. This is in addition to whatever funny things are done in the name of converting Linux-style permissions to Windows-style permissions and vice-versa. In the end, it is up to you, as the iContact site owner, to understand what different permissions mean and what the consequences are..

This post has been edited by.

MrPhil.

: 31 December 2010, 21:15..

Well that was very intersteing.....

Say it again.

Lol to be fair thats sent my head in all directions. But I do know.

Your saying different cmods for linux/windows. what my server is running on..

Server Type = Linux..

Theres alot to take in there, but I firstly changed my cmods with cutftp,.

Then I changed them with my host, but I have only used oscommerce file manager to.

Modify the txt displayed on pages, but the 2 configure.php cmod settings still keep.

Changing, just checked again and again they've changed, thing is I let the "file.

Permissions checker" I have with my hostchange them to what it says they should.

Be and still they change back.?.

Im going to have a read on that post where your saying "Especially note that you have to.

Delete file_manager.php." I use this to edit the txt info on the iContact site but.

If your telling me this is a security issue then it must go, I dont want to not.

Take what your saying as truth but no1 else has told me this.?.

Bryce/chris.??.

All I can say phil I really appreciate your post, tons of info there for me to.

Take onboard and I most certainly will..

Thank You for your time/effort and knowledge..

Carl..

========================================================.

Quick note:.

On that security post it states:.

(The permissions for the two configure.php files will vary according to the server your iContact site is on - it could be 644, 444 or 400 which is correct.).

My cmod settings are always one of these, never above so.

All should be fine I think..

This post has been edited by.

Solveit-uk.

: 01 January 2011, 02:11..

Hi...

In my Host Admin section I have quite alot of tools at my dissposal,.

1 happens to be a "Check File Permission" module/link what ever it is..

So I click to check and I get this back for the escommerce files and recommends.

The correct file permission settings aswell, Now I have had good feedback from.

Chris Dunn (who knows what he's talking about in this area) but both.

Info clash's so can someone/chris tell me whats what.? Do I change them to the recommended.

Or leave them, Chris did say in.

This Post.

To set ALL Folders to 755.

And ALL files to 644 (except includes/configure.php and admin/includes/configure.php which should be set to 444) -.

So what do I do.? Escommerce came as an addon with my.

Hosting package (and I dont for 1 min doubt chris) so why are they saying to make these changes:.

I do notice some 777's in there so I will be going changing them now too 644.

(my cuteftp doesnt pass down the file permissions thoughout all folders so its.

One by one lol).

==========================================================================================.

Public_html/escommerce/admin/configuration.php 444 Recommends: 600.

Public_html/escommerce/admin/ext/modul...nt/sofortueberweisung/autoinstaller.gif 755 Recommends: 644.

Public_html/escommerce/admin/images/categories/configuration.gif 644 Recommends: 600.

Public_html/escommerce/admin/includes/configure.php 444 Recommends: 644.

Public_html/escommerce/admin/includes/boxes/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/english/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/espanol/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/german/configuration.php 644 Recommends: 600.

Public_html/escommerce/ext/modules/pay...erweisung/images/sofortueberweisung.gif 755 Recommends: 644.

Public_html/escommerce/images/Conservatory.jpg 777 Recommends: 644.

Public_html/escommerce/images/bathroom.jpg 777 Recommends: 644.

Public_html/escommerce/images/bedroom.jpg 777 Recommends: 644.

Public_html/escommerce/images/category_hardware.gif 777 Recommends: 644.

Public_html/escommerce/images/jewellery.gif 777 Recommends: 644.

Public_html/escommerce/images/kitchen.jpg 777 Recommends: 644.

Public_html/escommerce/images/lighting.jpg 777 Recommends: 644.

Public_html/escommerce/images/livingroom.jpg 777 Recommends: 644.

Public_html/escommerce/images/lowvoltage.jpg 777 Recommends: 644.

Public_html/escommerce/images/mains-charger-ipod.jpg 777 Recommends: 644.

Public_html/escommerce/images/outdoor.jpg 777 Recommends: 644.

Public_html/escommerce/images/sony.jpg 777 Recommends: 644.

Public_html/escommerce/includes/configure.php 444 Recommends: 644.

========================================================================================.

Then it gives file permission details:.

Permissions we would recommend below include:.

755 = This allows everyone to read and execute (or enter, for directories)..

Appropriate for CGI scripts and directories where you don't mind people knowing what's in there..

711 = Only you (and your scripts) can read the contents, but everyone can execute/enter..

Appropriate for directories which the web server needs to access but you don't want everybody seeing what's in there..

700 = Only you/your scripts can do anything..

Appropriate for directories which you don't want to be web-accessible but do use, eg. to contain data files for your scripts..

644 = Allows everyone to read. Appropriate for non-script files which you intend people to access on the web, eg. HTML, CSS..

600 = Only you/your scripts can read. Appropriate for script include or data files which you don't want people to access directly on the web..

Any understanding of the matter would be appreciated..

Thanks..

Carl...

OK I now got it down to just these:.

Public_html/escommerce/admin/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/images/categories/configuration.gif 644 Recommends: 600.

Public_html/escommerce/admin/includes/configure.php 444 Recommends: 644.

Public_html/escommerce/admin/includes/boxes/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/english/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/espanol/configuration.php 644 Recommends: 600.

Public_html/escommerce/admin/includes/languages/german/configuration.php 644 Recommends: 600.

Public_html/escommerce/includes/configure.php 444 Recommends: 644.

Any Ideas if I should change them. Thing is one: includes/configure.php.

Keeps changing itself to 400 all the time. so I'm thinking I should change them.

Because in the description above for the codes theres no mention of 444..

So just as a guess.... maybe the server doesnt recognise it maybe.?.

I havnt a clue... just guessing.!!.

Thanks.

Carl..

======================================================.

I've made a note of the above before changing and then gone and changed them..

Site seems to be ok, but is what i've done OK.?.

This post has been edited by.

Solveit-uk.

: 31 December 2010, 00:40..