I'm having some problems uploading opencart. The Problem is below.
"/public_html/store/images/" , it is called "cache" , the current script i am trying to install "open cart" would like me to mod this to 666 but whenever i go to do it, it stays modded to 777
Please Help! How Can I solve this problem?
When I set the permissions to 666 for images and cache, using cPanel, my webhost bans my IP >:(
I have to leave it as 777, otherwise, I am reported as trying to do sql injection attacks on my own website. LOL.
I also noticed that if I set the permissions to 666 for cache (and maybe images), the files in that folder have a permission of 000
Edited
This is the log file of my SQL Injection attack when I set permissions to 666
Note: Smiley fix.
I have to leave it as 777, otherwise, I am reported as trying to do sql injection attacks on my own website. LOL.
I also noticed that if I set the permissions to 666 for cache (and maybe images), the files in that folder have a permission of 000
Edited
This is the log file of my SQL Injection attack when I set permissions to 666
Code: Select all
Pattern match "\\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "72"] [id "950904"] [msg "Blind SQL Injection Attack. Matched signature <user_group>"] [severity "CRITICAL"] [hostname "www.mydomain.com"] [uri "/admin/javascript/JSCookMenu/default/user_group.png"] [unique_id "SPH9qxxxxxxxxxxxxxxxAAAK"] [Mon Oct 13 00:38:49 2008] [error] [client xxx.xxx.xx.xx] ModSecurity: Access denied with code 406 (phase 2).
Last edited by hm2k on Wed Nov 05, 2008 10:40 pm, edited 1 time in total.
They won't have the perms of 000, it'll likely be unreadable, that's why it's saying 000...
Contact your admin...
Contact your admin...
The installation instructions for OpenCart 0.7.9 are wrong and have been so since 0.7.8.
Permissions of 666 give read and write access to a pre-existing FILE for everybody. However, the server user needs to be able to write files that do not already exist on the server to a DIRECTORY. To do this the DIRECTORY needs to be readable, writable AND executable, hence permissions of 777 need to be set on the cache, download, image and image/cache directories.
Permissions of 666 give read and write access to a pre-existing FILE for everybody. However, the server user needs to be able to write files that do not already exist on the server to a DIRECTORY. To do this the DIRECTORY needs to be readable, writable AND executable, hence permissions of 777 need to be set on the cache, download, image and image/cache directories.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
The instructions in 0.7.9 don't tell you to use a numeric system, but instead tell you which permissions to add, as follows:
However, I tested the instructions myself, on my setup they worked as expected.
So you're suggesting we make it +wx instead of just +w?2. Make sure the following folders and files are writable. For Linux/Unix use the following:
chmod a+w image/
chmod a+w image/cache/
chmod a+w cache/
chmod a+w download/
chmod a+w config.php
chmod a+w admin/config.php
However, I tested the instructions myself, on my setup they worked as expected.
Another side note. some hosts have their apache server on a diff server than the host... (like GoDiddy)hm2k wrote: So you're suggesting we make it +wx instead of just +w?
However, I tested the instructions myself, on my setup they worked as expected.
and Im not sure if that will work or not with 666 or just +w.. but I'm not sure.
Sorry, my mistake on that one.hm2k wrote: The instructions in 0.7.9 don't tell you to use a numeric system,
Yep, that's right.So you're suggesting we make it +wx instead of just +w?
Is your setup running apache on a linux box or are you using IIS or XAMPP on a Windows box? If using apache on a linux box, are your pages being served from the apache user's "DocumentRoot" (ie. the default directory), or are the pages being served from a user's "public_html" directory? While the apache user is generally the owner of the "DocumentRoot" and, subsequently, has permission to do anything within this directory, the same is not true for the user's "public_html" directory. This directory (and any subdirectory) needs to be executable by the apache user, so that pages can actually be served from them. Since the apache user needs permission to write to the cache, download, image and image/cache directories, when setting permissions to allow the apache user to write to the directory, the executable bit needs to be retained.However, I tested the instructions myself, on my setup they worked as expected.
On Windows systems (either IIS or XAMPP), it it not necessary to set the executable bit.
Last edited by fido-x on Fri Nov 07, 2008 7:55 am, edited 1 time in total.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
I suspected this might be the case, on my linux box it tested fine, but that's windows for you!
The question is though, do you need +x once the directory is created, or just while you create the directories?
The question is though, do you need +x once the directory is created, or just while you create the directories?
You need to retain the +x so that the apache user can execute processes within the directories, eg. the creation of the cache files, or writing the uploaded images files, etc.hm2k wrote: I suspected this might be the case, on my linux box it tested fine, but that's windows for you!
The question is though, do you need +x once the directory is created, or just while you create the directories?
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
While we're on the topic, I see that admin/config.php now calls the root config.php
Given this, is there still a need to set permissions for admin/config.php to 777, as nothing is written to it (or is there something I'm missing)
Also, in control panel, the language is 777, 666, 775 etc. Could the install instructions speak this language because I had to google to work out what a+w means.
Even then I got it wrong and set things to 666 which made my webhost think I was the devil doing sql injection attacks
Given this, is there still a need to set permissions for admin/config.php to 777, as nothing is written to it (or is there something I'm missing)
Also, in control panel, the language is 777, 666, 775 etc. Could the install instructions speak this language because I had to google to work out what a+w means.
Even then I got it wrong and set things to 666 which made my webhost think I was the devil doing sql injection attacks
That's right, nothing is written to this file any more, therefore, there shouldn't be any need for permissions of 777 on this file, 444 (read only) should do fine.jty wrote: While we're on the topic, I see that admin/config.php now calls the root config.php
Given this, is there still a need to set permissions for admin/config.php to 777, as nothing is written to it (or is there something I'm missing)
This link might help you with the understanding of linux permissions http://linuxcommand.org/lts0070.phpAlso, in control panel, the language is 777, 666, 775 etc. Could the install instructions speak this language because I had to google to work out what a+w means.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
The install script still forces me to make admin/config.php writeablefido-x wrote:That's right, nothing is written to this file any more, therefore, there shouldn't be any need for permissions of 777 on this file, 444 (read only) should do fine.jty wrote: While we're on the topic, I see that admin/config.php now calls the root config.php
Given this, is there still a need to set permissions for admin/config.php to 777, as nothing is written to it (or is there something I'm missing)
I did argue with the script but the isntall script was adamant so I obliged >:(
Also, in control panel, the language is 777, 666, 775 etc. Could the install instructions speak this language because I had to google to work out what a+w means.
Too hard, FidoThis link might help you with the understanding of linux permissions http://linuxcommand.org/lts0070.php
I'm a user. I don't want to learn too much about Linux. My job is to sell product
Thanks. I'd better get out of here soon before I become a techno geek
Try changing the following line of "install/index.php" from (line 33):-jty wrote: The install script still forces me to make admin/config.php writeable
Code: Select all
$files=array('config.php','admin'.SLASH.'config.php','cache'.SLASH,'image'.SLASH,'image'.SLASH.'cache'.SLASH,'download'.SLASH);Code: Select all
$files=array('config.php','cache'.SLASH,'image'.SLASH,'image'.SLASH.'cache'.SLASH,'download'.SLASH);
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
No worries.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
The admin config needs to be writeable for upgrading, as old versions of the file will need to be redirected to the new file.
I did it in both install and upgrade, just in case there was an issue.
I did it in both install and upgrade, just in case there was an issue.
Aaah, there had to be a reason for it. Of course, you're right, the "admin/config.php" would need to be writeable for this to occur. I hadn't been thinking about the upgrade scenario.hm2k wrote: The admin config needs to be writeable for upgrading, as old versions of the file will need to be redirected to the new file.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
Who is online
Users browsing this forum: No registered users and 2 guests
