HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Your config.php file is not writable

edited March 2013 in Vanilla 2.0 - 2.8

Not sure why no one is having this problem when I did a forum search. The message "Your config.php file is not writable. Find out how to fix this" keeps coming back after 12 hours or so after I CHMOD it to 755 or 777. When I have a look at the config.php file, it returns back to 400 (read-only) after 8 - 12 hours or so....

And it keeps coming back! can someone help me please?

Tagged:

Comments

  • This is about learning how permissions actually work, the only reason why people chmod to 777 is because becuase cheap web host don't change a way to provide ownership. Because of this shoddiness, people don't actually understand permissions, and assume the chmoding 777 is a normal thing to do, when if fact it should be avoided 99% of the time.

    Ownership is key, permissions on their own tell you nothing. What you are experiencing in normal security behaviour. It can also be server configuration problems.

    You need to find the web user often www-data, and assign ownership and to it. Then you can set you permissions up. 775 would be the ideal value (not 755). If you are unable to do this you need to contact your host.

    grep is your friend.

  • I am aware that 777 should be avoided. However, for testing purposes only I also tried 777. The main problem is, after CHMODing it to 755 fixes the forum error message "Your config.php file is not writable." only temporarily. After 8 - 12 hours or so, the message comes back and I have to CHMOD it again.... and again...

  • x00x00 MVP
    edited March 2013

    Can you set config dependent thing in dashboard when you fix it?

    755 is not what you want try 775.

    if you can `

     $ sudo chmod  0755 conf
     $ sudo chmod  0775 conf/config.php
     $ sudo chown  www-data:www-data conf
     $ sudo chown  www-data:www-data conf/config.php
    

    Some server security where php attempts to chmod, it will result in lower permissions.

    grep is your friend.

  • I am aware that 777 should be avoided. However, for testing purposes only I also tried 777. The main problem is, after CHMODing it to 755 fixes the forum error message "Your config.php file is not writable." only temporarily. After 8 - 12 hours or so, the message comes back and I have to CHMOD it again.... and again...

    I may confuse the issue. But what user is the owner of the files? and can't you get the provider to fix it.

    you could create crontab file to reset permission with x00's suggestion after the provider runs the security check.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    UnderDog
  • ToddTodd Chief Product Officer Vanilla Staff

    Just to give another bit of insight. Your problem is certainly not something common and is most likely because your webhost has something strange going on. Usually, Vanilla creates the config.php and therefore owns it and can modify it to its hearts content. There is nothing that should be taking over ownership of that file and it's actually hard for php to even do that consistently.

    Different webhosts supporting/not supporting different things is pretty much the number one difficulty we have when developing our software and it can really hold us back.

    Shadowdare
  • edited March 2013

    godaddy and some other pond scum hosting services are the reason ....

    there may, or may not, be something you can do to change the permissions of the files - it depends upon who owns them now, and what permission they currently have.Log into the shell and determine who owns the files. If you do not own them, you will probably need tech support to get you sorted out (if dhapache owns them, there may be another approach you can take).
    If you do own the files, try using chmod from the command line in the shell - if that doesn't work, you will probably need help from support.

    if you can log in using SSH, you might have better luck; or at least a better chance of figuring out what happened. Off the top of my head, the most likely thing i can think of is that when you restored the files, their ownership got set incorrectly for some reason. Using SSH, you can use
    Code:ls -l
    in the folder where your files are located to check the file ownership. if the ownership turns out wrong, perhaps you could 1) download the file using FTP, 2) delete the file off the server, 3) upload the file back to the server using FTP, and 4) try again to CHMOD.

    also, not directly related to your problem, but are you sure that these files need to be 777? giving any file world-write, especially if you do so along with world-execute, sounds the perfect recipee for a security disaster somewhere down the line.

    the two commands that you absolutely need are Code:ls -l to list files in long format to give you all the info you need - permissions, owner, group, etc. Code:cd directory name to change directory to directory name - and Code:chmod 755 filename +

    peregrineUnderDog
  • nice write up @DavidShine sounds like a good plan to me.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ToddTodd Chief Product Officer Vanilla Staff

    @DavidShine, but tell me what you really think about those hosting services. Don't hold back now :D

    peregrineUnderDogvrijvlinder
  • @DavidShine said:
    godaddy and some other pond scum hosting services are the reason ....

    Guys,
    This is an exact good test case for installation & upgrade on those type of hosts.
    While we know what needs to be fixed where (the host) we can still test if the upgrades & installations will go right on these hosts and improve our error messaging.
    Maybe something for 3.0

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    It's true about the mentioned hosting service..s . When I was searching for a service I read horrible stories about these. They over book their servers and have crappy support. I am happy with FatCow . They helped me solve any issue. The chat is so so the folks chatting are not the smartest they likely read from a script and copy paste answers coz no one writes that fast ;) I never had to set permissions higher than 775 if that. If I found out I was not the owner , well they don't want to know the kind of anger from me that would come down on them !!!

    UnderDog
  • I have a related problem. While everything seems to work perfectly I discovered that users can't change their profile photo. I checked permissions and everything seems OK.

    Then I looked at file ownership and found out that userpic directory is owned by user 99. and the same thing goes for config.php in conf directory.

    On my local machine everything works fine and file ownership is not changed by the script but when installed on a cpanel server the ownership goes to user 99. When I changed to owner to the main domain owner villa said config.php is not writable and this did don't solve users photo problem as well.

    I'm using the latest version downloaded yesterday: vanilla-core-2-0-18-8

    I'm sure it's a good security but it's not working right. or is it my host limiting some functions?

    please advise.

  • hgtonighthgtonight ∞ · New Moderator

    @Arifman on my host, the same user owns all of the files. Is this the case for you?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • @hgtonight

    No the user owns the account but for some reason only those files are owned by user 99 which I think it's the script itself.

    One more thing Is causing the problem is PDO maybe not installed or enabled on the server, I was about to send a support request but I thought I'll come here first to update the issue.

    So in a minute or so I'll contact my host and see what comes up.

    Arif

  • hgtonighthgtonight ∞ · New Moderator

    This is definitely an environment issue. Make sure your host meets the minimum requirements.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

    UnderDog
  • Where config.php file?
    Httpdoc/conf?

Sign In or Register to comment.