Persistent security warnings
-
All the users of the app see this persistent, security warning:
Warning, your config file (htdocs/conf/conf.php) can be overwritten by the web server. This is a serious security hole. Modify permissions on file to be in read only mode for operating system user used by Web server. If you use Windows and FAT format for your disk, you must know that this file system does not allow to add permissions on file, so can't be completely safe. This security warning will remain active as long as the vulnerability is present.This seems unnecessary and a bit of a nuisance to not be able to remove it.
What to do about this?
-
Also, this other warning:
Warning, once setup is finished, you must disable the installation/migration tools by adding a file install.lock into directory /app/data/dolibarr. Omitting the creation of this file is a grave security risk. This security warning will remain active as long as the vulnerability is present.I had removed this, by following the displayed instructions, but it seems, the
install.lockgot deleted automatically by Cloudron after some time/a restart. -
I search on forum and don't find answer.
How to change permissions on files and folder.
I got this message on Dolibarr : " Warning: your configuration file (htdocs/conf/conf.php) is writable by the Web server. This represents a serious security vulnerability. Change the permissions so that it is read-only for the account under which the Web server is running, and not readable for others."On forum I see that I have to give permission 640 but who and how ?
I try this command on dolibarr terminal in contabo without success : chmod 644 conf.phpThanks
-
-
G girish has marked this topic as solved on
