Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

File Permissions

 
Reply
   X-Cart forums > X-Cart 4 > Dev Questions > Changing design
 
Thread Tools Search this Thread
  #1  
Old 12-13-2002, 09:27 AM
  shan's Avatar 
shan shan is offline
 

X-Guru
  
Join Date: Sep 2002
Location: Birmingham, UK
Posts: 6,163
 

Default What permissions should I set my files to on a LIVE site ?

The main point is to set correct file permissions.

First make sure that you changed back permissions that you set during the installation:

chmod 777 .
chmod 666 config.php


Also make sure that your php scripts have 0644 permissions and directories have 0755 except for some special directories like: admin/newsletter and templates_c.

Make sure that SQL connections are allowed only from the local machine.

Protect script install.php with new Auth code or delete it completely.

For extra security you may want to disable trans_sid PHP feature.

Try to access your admin interface only via HTTPS protocol (start your URL with https://)

Do not keep any unnecessary files in your web drectory (for example X-cart distribution archive).

Forbid directory listing in your web server, so no one can browse through your script directories.

Thats all I can remember at the moment.

This information came direct from the Xcart team
Reply With Quote
  #2  
Old 01-14-2004, 02:07 PM
  shan's Avatar 
shan shan is offline
 

X-Guru
  
Join Date: Sep 2002
Location: Birmingham, UK
Posts: 6,163
 

Default

As an update to the previous post here is what permissions you should have your files and folders.

LIVE SITE

.php - 644
.tpl - 644
.pl - 755
.sh - 755
VERSION - 644

DEVELOPMENT SITE / UPGRADING

.php - 666
.tpl - 666
.pl - 777
.sh - 777
VERSION - 666

FOLDERS

templates_c - always 777
catalog - 777 - (to be able to write catalog and then 755 once catalog has been written)
files - 777 - (to be able to write to the folder / upload pics etc)
log - 777


install.php must be deleted or renamed on a live site
also remove any tar files that are no longer needed.

You can also use .htaccess files to protect certain directories for extra security on a live site

I think thats about it ...
__________________
Looking for a reliable X-cart host ?
You wont go wrong with either of these.

EWD Hosting
Hands On Hosting
Reply With Quote
  #3  
Old 02-19-2004, 01:19 PM
  shan's Avatar 
shan shan is offline
 

X-Guru
  
Join Date: Sep 2002
Location: Birmingham, UK
Posts: 6,163
 

Default

as an additional note

you should only have execuatable files (.pl, .sh) set to 777 if they wont patch when set to 666 or 755 and only have them set like that while doing an upgrade etc.

in normal operation, even if your site is not live keep executable files set to 755
__________________
Looking for a reliable X-cart host ?
You wont go wrong with either of these.

EWD Hosting
Hands On Hosting
Reply With Quote
  #4  
Old 02-21-2006, 09:44 AM
 
sanj-xcart sanj-xcart is offline
 

Member
  
Join Date: Sep 2005
Location: London, UK
Posts: 28
 

Default File Permissions

Hi,

I recently asked X-Cart tech support for a complete and definitive list of file permissions for a live X-Cart store. This is the response below.

Quote:
All x-cart files should have 644 permissions and folders should have 755 permissions, apart from the exceptions below.

Exceptions

The following folders and all files in them should have 777 permissions:

.pgp
catalog
files
log
skin1
templates_c

How to set Permissions

If you have SSH access to your x-cart, you should run the following shell commands in order to set correct file permissions:

cd [xcart root directory]
find . -type d | xargs chmod 755
find . -type f | xargs chmod 644
chmod -R 777 .pgp catalog files log skin1 templates_c

If you are not going to edit x-cart templates with the Edit Templates page of X-Cart Admin Area or via Webmaster Mode, you may grant 755 permissions to the skin1 folder and 644 for all files in it.

If you not going to use HTML catalog feature, set file permission on the catalog folder to 755, and any files within to 644.

If your hosting provider uses suexec PHP binary (where all files are executed under your hosting account name and not as web user), then you should use the following commands:

cd [xcart root directory]
find . -type d | xargs chmod 750
find . -type f | xargs chmod 640

Hope this is useful to you.

sanj
__________________
X-Cart Gold 4.0.16, 4.0.17
X-AOM 4.0.16, 4.0.17
X-Affiliate 4.0.16, 4.0.17
Reply With Quote
  #5  
Old 02-22-2006, 08:47 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default

Also covered here:

http://forum.x-cart.com/viewtopic.php?p=121255
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Dev Questions > Changing design



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 10:08 PM.

   

 
X-Cart forums © 2001-2020