We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 4499
    • 34 Posts
    Hi Guys.

    What is the recommended solution to locking down this file under IIS or a Windows/Apache host combo?

    Currently - using NTFS permissions - it is set to Everyone : Read/Read&Execute with no other permissions assigned to it. It is also set to read only and under IIS - its permissions are read only.

    However - the warning still appears every time I log into the manager that the config file is still able to be written to.
    • If you speak to your web host they need to right click the file and select properties then check the read only option.

      Some FTP server software also allows you to use chmod on the file in FTP to 777

      For me we use gene6ftp server and this does not allow chmod commands instead i created a custom command which my users can use in ftp to set a file read-only or not
        http://www.onesmarthost.co.uk
        UK MODX Hosting with love.
        • 4499
        • 34 Posts
        Unfortunately using CHMOD to change the permissions on the file is not a viable option as this is a Windows 2003 Server running IIS - not a *nix system and apache combo.

        This is a file residing on my server at home to which I have full unrestricted access.

        The file is set to read only using NTFS permissions for the IUSR account - and is set to read only in the filesystem.
        If IIS were to attempt to write to the file it would fail - so I am reasonable sure that it is safe - but the error is a false positive

        I can account for this because the first time I setup MODx I had not enabled write access and I had to manually edit the file because IIS/MODx was unable to do so.

        As a result - this is why I asked how to remove that message.
        • Garry Nutting Reply #4, 17 years ago
          Not sure if you found out how to remove the check - the check can be bypassed by commenting out the following lines in config_check.inc.php in the manager/includes directory:

          if (is_writable("includes/config.inc.php")){
              // Warn if world writable
              if(@fileperms('includes/config.inc.php') & 0x0002) {
                $warningspresent = 1;
                $warnings[] = array($_lang['configcheck_configinc']);      
              }
          }
          


          (Note to all - The above change is only recommended for people who are running on Windows servers where PHP can’t properly check file permissions - and, as pointed out by Caledai, make sure that the file permissions are manually verified)

          Hope that helps,
          Garry
            Garry Nutting
            Senior Developer
            MODX, LLC

            Email: [email protected]
            Twitter: @garryn
            Web: modx.com