jorge Posted June 18, 2014 Report Posted June 18, 2014 I have 644 permissions for my conf.php. However, when I'm working as Administrator account, I see this message: It is possible to edit all settings because the configuration file is not locked, but this could lead to security issues. If you want to secure your system, you need to lock the configuration file for this installation. According to this post http://forum.revive-adserver.com/topic/112-securing-revive/?hl=%2Bconfiguration+%2Bfile , permissions should be 444 for the conf.php file, that means only read permission for everybody. Do you agree with that? Quote
techs Posted June 18, 2014 Report Posted June 18, 2014 If you like to read the file by owner , group and others then 444 is ok . Why don't you use 440 ? Quote
jorge Posted June 18, 2014 Author Report Posted June 18, 2014 Sure, 440 would be ok too. My question is why is 644 suggested in the docs, if it doesn't work (at least for me). Quote
andrewatfornax Posted July 17, 2014 Report Posted July 17, 2014 Sure, 440 would be ok too. My question is why is 644 suggested in the docs, if it doesn't work (at least for me). 644 is suggested because it does what you can see - it locks the configuration file from changes. Which is a more secure way to leave things that always allowing the UI to make changes any time - and you can always update the file permissions when you need to make changes. Quote
vocalist Posted October 6, 2014 Report Posted October 6, 2014 I have tried resetting permissions from 644 to 444 or 440 but it fails - the only other option it will allow is 640 Quote
benwinton Posted October 24, 2017 Report Posted October 24, 2017 For Andrew: My conf file is set to 644, but I still receive the warning -- as well -- for Version 4.1.1. Is there a way to remove the warning, and still have the permission on that file set to 644, or are we just stick with having to ignore the warning message? Sorry, I forgot to turn on the "notify me" feature of this forum. Just did that. Quote
andrewatfornax Posted October 25, 2017 Report Posted October 25, 2017 Hi @benwinton, Well, if the permissions are 644, and the file is owned by the user that the web server runs as, then the warning is correct. There is no way to turn off the warning message - if you want to leave the configuration file open to allow changes at any time, then the warning message will always show. Quote
benwinton Posted October 28, 2017 Report Posted October 28, 2017 Thanks, Andrew. That is what I was thinking, and it helps to verify all is working as expected. andrewatfornax 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.