open to hacking vulnerability by having too many "world-writable" files on your site. There are detailed security recommendations in the FAQ and the Wiki.
How To Set File/Folder Permissions
Most FTP programs will allow you to change file permissions.
Connect to your site with your FTP program.
Move to your public_html directory, and perhaps into your "zencart" folder underneath public_html, if you've used a subfolder.
Then look for a "Properties" command that can be applied to that directory (often if you right click, Properties will be one of the options).
Then change the permissions to the needed setting for the following folders:
(If prompted whether to include files/folders underneath them (also called "recursive"), say or check "Yes")
All of these folders to "writable" (often this means 777, or maybe 755 if using suPHP: see footnote):
(Specifically, these need to be writable so that files can be uploaded to them, or created in them or written to them by PHP.)
-
/cache
-
/pub
-
/images
-
/includes/languages/english/html_includes
-
/admin/backups
-
/admin/images/graphs
These files to "read-only" (often 644 or 444):
-
/includes/configure.php
-
/admin/includes/configure.php
Using cPanel
In cPanel, you have File Manager.Open File Manager, and browse to the folder where you have put your Zen Cart files, and make the changes to particular files/folders as needed.
Example: /includes/languages/english/html_includes
Browse down through
- includes
- languages
- english
- html_includes
Click on html_includes.
Then you'll get another page, and likely in the top right corner there will be a "folder permissions" or "permissions" link. Click on that.
Then set the permissions to read, write, and execute for ALL categories of users (usually 9 checkboxes). If it has an option to process all files under this subdirectory, check that box.
Then click OK (or whatever button to process the changes).
Using SSH
If you have SSH access instead of cPanel, you could type the following commands:1. chdir /home/myaccount/public_html/zencart
(substitute your actual working directory)
2. Type the following commands:
(uppercase R is important)
(If you're running suPHP, then 755 is appropriate, meaning you can probably skip the "777" lines since your folders are probably already 755: see footnote)
chmod -R 777 ./cache
chmod -R 777 ./pub
chmod -R 777 ./images
chmod -R 777 ./includes/languages/english/html_includes
chmod -R 777 ./admin/backups
chmod -R 777 ./admin/images/graphs
chmod 444 ./includes/configure.php
chmod 444 ./admin/includes/configure.php
3. OPTIONAL: And this line changes all the files (not folders) and files within subfolders (but not the folders themselves) to be ideal for typical webserver use:
find ./ -type f -exec chmod 644 {} \;
If these methods don't work, then you'll need to contact your hosting company for assistance in changing file permissions.
On a Windows Server:
1. Browse to the wwwroot folder (or whatever path your zen files are in.2. Right-click on a particular file or folder (see list of folders and files above)
3. Choose properties
4. Choose the Security tab
5. Add "IUSR_xxxxxxx" and give read/write permissions to it.
6. OK, OK, OK
7. If you don't have a "security" tab in step 4 above, simply check the "read" and "write" boxes (or uncheck a read-only box if it exists).
8. Repeat for all required files/folders. Same list as for Linux/Unix servers earlier in this FAQ.
On a Windows PC (sometimes referred to as "localhost"):
Similar to Windows Server above:1. Browse to the wwwroot folder (or whatever path your zen files are in.
2. Right-click on a particular file or folder (see list of folders and files above)
3. Choose properties
4. Set the read-only flag on or off depending on your requirements
5. Click Apply and/or OK.
6. Repeat for all required files/folders. Same list as for Linux/Unix servers earlier in this FAQ.
CONSIDERATIONS WHEN RUNNING suPHP or suExec ON YOUR SERVER:
If your host is running suPHP (occasionally also referred to as suexec), there are a couple variations on permissions issues which you must observe:a) you will need to make sure that your files and folders are owned by your username and not root
If either of these is not done, then you'll get "500 Internal Server Error" messages.
Thus, in suPHP mode, substitute "755" for all "777" suggestions mentioned above in relation to *folders*, and "644". Or, if your hosting company has an even stricter configuration,
then use the lower numbers specified by them.