After install getting message for settings.php

socaljim949

Hello, I just downloaded and installed the latest version 1.6.rc5

After installing and checking "include/settings.php" and verifying that it is set to 644 permissions I get the error below when I click on "admin panel" and on a few other links. I triple checked my permissions and I cannot see what is wrong. I have also tried different permissions configurations with the file "settings.php".

Any help would be greatly appreciated.

"Please change permission of config file (settings.php) to remove write access. e.g chmod 644 settings.php"

Thank you in advance.

jtaubman

Some ISP settings mean that the owner and the server are the same. I don't have this problem on Hostgator, but an installation on 1&1 shows the error. I suspect it's not possible to write protect the settings file from the server.

peter

Try setting it to 444

socaljim949

Hi Peter I already tried changing it to 444 no luck.

masino_sinaga

Just try setting it to 555

This warning message also occured to me. After I changed it to 555, then the warning message never shown up again. Hope this helpful.

Best regards,

Masino Sinaga

harkonnen

Using 1and1.com and chmod 444 did the trick

I'm using 1and1.com and I just installed osTicket 1.6rc5 few hours ago.

And chmod 444 did the trick.

Thank you everyone.

openmtl

Hello, I just downloaded and installed the latest version 1.6.rc5
After installing and checking "include/settings.php" and verifying that it is set to 644 permissions I get the error below when I click on "admin panel" and on a few other links. I triple checked my permissions and I cannot see what is wrong. I have also tried different permissions configurations with the file "settings.php".
Any help would be greatly appreciated.
"Please change permission of config file (settings.php) to remove write access. e.g chmod 644 settings.php"
Thank you in advance.

The code is wrong for two reasons,

a) even if a file is 0644 osticket complains on certain hosting companies if they (for security reasons) run the web server as the uid so the issue is really only group and other write access. Depending upon the host you may not be able to chmod to 4XX but you just get 6XX always anyway e.g. chmod 000 gives you 600. One hoster I run on does that

b) php potentially caches certain file operations anyway yielding the old result....

so we need to change the code as follows,

Edit /scp/admin.php and around line 37 or so you'll see a big long line over

multiple lines like this,

if($cfile && file_exists($cfile) && is_writable($cfile))

$warn=sprintf('Please change permission of config file (%s) to remove write access. e.g <i>chmod 644 %s</i>',

basename($cfile),basename($cfile));

Change that to something like this,

if($cfile && file_exists($cfile) && ((fileperms($cfile) & 0x0002) || (fileperms($cfile) & 0x0010))) {

$warn=sprintf('Please change permission of config file (%s) from to remove group or other write access. e.g <i>chmod 644 %s</i>',

basename($cfile),basename($cfile));

clearstatcache();

}

This actually checks the mask is what it should be i.e. we don't care about write in uid but we do not want the write in gid and other to be set so it checks that rather than assuming web server runs as gid or other.

I put the clearstatcache(); at the end so it's called after we complain. That way if you change the file with chmod() (via FTP etc) then it should have forgotten the old setting on subsequent script run.

salami1_1

nice one, I couldnt get the warning away either but the code fix helped!

b.r.