-
- 34 Posts
Hi Guys.
What is the recommended solution to locking down this file under IIS or a Windows/Apache host combo?
Currently - using NTFS permissions - it is set to Everyone : Read/Read&Execute with no other permissions assigned to it. It is also set to read only and under IIS - its permissions are read only.
However - the warning still appears every time I log into the manager that the config file is still able to be written to.
If you speak to your web host they need to right click the file and select properties then check the read only option.
Some FTP server software also allows you to use chmod on the file in FTP to 777
For me we use gene6ftp server and this does not allow chmod commands instead i created a custom command which my users can use in ftp to set a file read-only or not
-
- 34 Posts
Unfortunately using CHMOD to change the permissions on the file is not a viable option as this is a Windows 2003 Server running IIS - not a *nix system and apache combo.
This is a file residing on my server at home to which I have full unrestricted access.
The file is set to read only using NTFS permissions for the IUSR account - and is set to read only in the filesystem.
If IIS were to attempt to write to the file it would fail - so I am reasonable sure that it is safe - but the error is a false positive
I can account for this because the first time I setup MODx I had not enabled write access and I had to manually edit the file because IIS/MODx was unable to do so.
As a result - this is why I asked how to remove that message.