View Issue Details

IDProjectCategoryView StatusLast Update
0001379OXID eShop (all versions)6. ------ Setup -------public2009-10-23 12:46
Reportermarco_steinhaeuser 
PriorityhighSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.1.6 revision 22740 
Target VersionFixed in Version4.2.0 revision 23610 
Summary0001379: chmod 0644 config.inc.php after setup process
DescriptionDuring the setup process, the setup routine chmod's the config.inc.php to 0755 to make it writable. The setup routine shall certainly consider to chmod 0644 once config data where written to the file ;)
TagsNo tags attached.
Theme
BrowserAll
PHP Version5.2.6
Database Version5.0.33

Activities

marco_steinhaeuser

2009-10-07 15:43

reporter   ~0001894

And - if easily possible - Show a warning near the warning about the /setup/ folder, that config.inc.php is still writable if not set to 0644.

tomas_liubinas

2009-10-07 16:47

reporter   ~0001895

If possible it should set permissions BACK to previous permission set instead of just unassigning writeable permissions..

ralf_trapp

2009-10-10 14:50

reporter   ~0001909

Check how well known applications:

http://www.prestashop.com/en/downloads/
http://www.zen-cart.com/
http://www.pragmamx.org/Downloads-op-view-lid-731.html (german)
http://wordpress.org/

do handle "installation wise permission settings and use this as best practice

vilma_liorensaityte

2009-10-20 14:49

reporter   ~0001934

added warning messages to setup last step and admin home page:
'SETUP_CONFIG_PERMISSIONS' => "WICHTIG: Aus Sicherheitsgründen setzen Sie Ihre config.inc.php Datei auf read-only-Modus!",
'SETUP_CONFIG_PERMISSIONS' => "Due to security reasons put your config.inc.php file to read-only mode!",