Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

1.3.4sp3 and 1.3.5sp1 permissions? Rate Topic   - - - - -

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 24 October 2007 - 08:21 PM #1

Once again, permissions and the lack of a clear/accurate explanation in these forums prompts me to ask...

1) What are the correct permissions for all folders and files for 1.3.4sp3?

2) What are the correct permissions for all folders and files for 1.3.5sp1?

Thank you in advance!

v4.9.2sp1


 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 29 October 2007 - 12:32 PM #2

Sorry for the bump, but seriously! I know I can search the forum and manuals to find answers, but the answers mostly contradict each other. Why this is so difficult to find or get accurate info on, is beyond me.

Just asking... thanks. :)

v4.9.2sp1


 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 29 October 2007 - 11:32 PM #3

You are correct about the various contradictions involving permissions and security in general. The reason for this is because the same methods will not work for everyone. Before you can decide on proper permissions you must first determine the type of server and the PHP configuration on it.


Linux – Running PHPSuexec or suPHP (CGI)

Most budget hosts and hosting farms use this configuration so they can easily track down and kick off the many spammers and script kiddies they allow onto their servers. Some scripts do not like this CGI environment because it changes certain system variables causing them to fail. There is also a performance sacrifice with these configurations because each PHP process requires more cpu to run as a CGI. It is not unusual for clients running busy PHP scripts to get kicked off of these servers because of resource usage.

Permissions if PHP is running as a CGI are simple:

All directories should be 755
All files should be 644

You cannot CHMOD files or directories to 666 or 777 on these servers because it will result in an internal server error.
You also cannot insert PHP commands into .htaccess files. If you need to manipulate PHP functions on this configuration, you must add commands to a file named php.ini and save it in the web root directory.

-------------------------------------------------------------------------------------------------------------------------------

Linux – Running PHP as an Apache module (best for Cs-Cart)

This is the best performing and most versatile environment because PHP is running in it’s native environment instead of emulation.

Permissions if PHP is running as an Apache Module

Cs-cart
755 - addons
777 - catalog  - If used (755 if not)
755 - classes
755 - core
777 - images  - If used (755 if images stored in database) - same with sub directories.( Files inside this directory  should be 644)
755 - include
755 - payments
755 - shippings
777 - skins    -  Same with sub directories and files - (Delete unused skins)
755 - targets
777 - var
777 -   / compiled    -  Same with sub directories.
777 -   / database    -  If used (755 if not)
777 -   / lh_uploads  -  If used (755 if not)
777 -   / downloads   -  If used (755 if not)
777 -   / log         -  If Logging is enabled  (755 if not)
[COLOR="Red"]755[/COLOR] -   / skins_repository  -  Same with all sub directories. Files inside should be 644 (Delete unused skins)

config.php - 777 during install then reverted to 644 after

All other files should be 644

-------------------------------------------------------------------------------------------------------------------------------

Windows IIS (Not recommended)

If it is a windows server running IIS then there are no changes to file directory permissions needed. An IIS server is not a good choice for CS-Cart or any PHP script (especially those requiring mod_rewrite). Security is another major concern on an IIS machine so you are best to avoid them.

-------------------------------------------------------------------------------------------------------------------------------


I noticed in the last install instructions contained in the 1.3.5-sp1 archive another inaccuracy.

As seen above, CHMOD 777 will only work on servers running PHP as an Apache module but there is another problem the recommendations. They recommend to chmod -R 777 but you should not do this. The –R flag means recursive and will make every file and folder under the directory you are CHMODing also have 777 permissions. You should not make files or directories world writable if it isn’t absolutely necessary and it is not wise to make your .htaccess files 777
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 30 October 2007 - 03:17 AM #4

S-Combs - Thank you, thank you, THANK YOU! These are the settings I had mostly, but some files of mine should probably be changed. Again, THANK YOU for your time and explanation!

Jesse - I recommend this to be stickied somewhere if this is what most CS users are going to need, and if it is accurate (and I see no reason why it isn't). Thank YOU for your time as well.

v4.9.2sp1


 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 30 October 2007 - 03:24 PM #5

I made a change above to the permissions needed on the var/skins_repository for those on servers running PHP as an Apache module. After further thought, there is no need to make these many directories writable since these files never change. This results in a HUGE improvement in security since this directory contains so many sub-directories. That directory (and all sub-directories) should actually be set as 755 and all files within them to 644


I personally use FlashFXP for my FTP client. It gives more options when it comes to changing directory permissions than most others.

As you can see by this screenshot, you are able to seperately set different permisions to directories and files for an entire directory tree. Some others may allow this as well but I am not aware of them.

Posted Image
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 30 October 2007 - 04:37 PM #6

[EDITED for better? readability]

Things may be getting muddy again... here is what I assume thus far...

For folders and files :


/addons -
755 for dir and subdirs,
644 for all files within dir and subdirs

/catalog -
777 for dir and subdirs if used (755 if not),
644 for all files within dir and subdirs

/classes -
755 for dir and subdirs,
644 for all files within dir and subdirs

/core -
755 for dir and subdirs,
644 for all files within dir and subdirs

/images -
777 for dir and subdirs if used with file system (755 if used with database), 644 for all files within dir and subdirs

/include -
755 for dir and subdirs,
644 for all files within dir and subdirs

/payments -
755 for dir and subdirs,
644 for all files within dir and subdirs

/shippings -
755 for dir and subdirs,
644 for all files within dir and subdirs

/skins -
777 for dir and subdirs,
777 for all files within dir and subdirs, may delete unused skins dirs

/targets -
755 for dir and subdirs,
644 for all files within dir and subdirs

/var -
777 for dir,
644 for all files within

/var/compiled -
777 for dir and subdirs,
644 for all files within dir and subdirs

/var/database -
777 for dir and subdirs if used (755 if not),
644 for all files within dir and subdirs

/var/lh_uploads -
777 for dir and subdirs if used (755 if not),
644 for all files within dir and subdirs

/var/downloads -
777 for dir and subdirs if used (755 if not),
644 for all files within dir and subdirs

/var/log -
777 for dir and subdirs if used (755 if not),
644 for all files within dir and subdirs (except /var/log/settings.php which seems to need 777)

/var/skins_repository -
755 for dir and subdirs,
644 for all files within dir and subdirs


Other recommendations :

/yourstoredir/config.php -
777 during installation,
644 after installation

/yourstoredir -
755 for this dir,
644 for all files within this dir

delete install.php after installation

Please look carefully to see if the above is accurate. (Sorry for being so anal about this, but security and store stability are paramount to me. Thank you for any and all comments/time!)

v4.9.2sp1


 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 30 October 2007 - 04:47 PM #7

A little confusing but correct if on a server with PHP running as an Apache module.
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 30 October 2007 - 05:11 PM #8

Tried to edit post above better, sorry for any confusion or for worsening matters.

v4.9.2sp1


 
  • MacAddict
  • Junior Member
  • Members
  • Join Date: 04-Jan 08
  • 5 posts

Posted 01 March 2008 - 01:00 AM #9

this really useful guys, thanks. Is there a way to automate this check. ie shell commands to perform the right permissions from a root level and recursively check all directories and files

 
  • Ramin
  • Junior Member
  • Members
  • Join Date: 14-Jan 07
  • 2 posts

Posted 17 August 2008 - 03:29 PM #10

thanks this post helped me

 
  • BOB'5
  • Member
  • Members
  • Join Date: 15-Dec 07
  • 47 posts

Posted 27 March 2009 - 06:37 PM #11

This is all a bit confusing.

I'm using Siteground CP to change permissions. Just checked skins for example and it is 777 but the 2 files (.htaccess and index.php) are both 644.

Could somebody please clarify the exact file permissions as according to post #3 mine would appear incorrect?

Site has been hacked once before and I don't want it to happen again.
In the final stages of going live... :D

Just got to sort out some bugs with Google Checkout :(

 
  • BOB'5
  • Member
  • Members
  • Join Date: 15-Dec 07
  • 47 posts

Posted 07 April 2009 - 03:20 PM #12

bump......
In the final stages of going live... :D

Just got to sort out some bugs with Google Checkout :(

 
  • baballuci
  • Senior Member
  • Members
  • Join Date: 02-Mar 06
  • 969 posts

Posted 08 April 2009 - 01:32 PM #13

I use the permissions as in post #6. Been ok for me.
Charlie