New install - 7.6 Error: config.php needs write permissions but shows as 777

[Paul49]

Hi - newbie to WHMCS.

On new install, shows error message /configuration.php needs write permissions but have set them to 777 but still shows.

Any ideas??

 

Paul

[MYGSG - Nicholas S]

2 hours ago, Paul49 said:

Hi - newbie to WHMCS.

On new install, shows error message /configuration.php needs write permissions but have set them to 777 but still shows.

Any ideas??

 

Paul

Hi @Paul49,

Welcome to WHMCS! What a great automation tool for managing everything!

Have you tried 755?

Regards,
Nick.
 

[Paul49]

Thanks for the idea Nick but I have tried all write combinations, including 755  ☹️

WHMCS looks really good.  I have used my own management database for over 10 years but getting a little creaky and its about time I switched to WHMCS after looking at it for years 🙂

Will reinstall with write permissions in place see if that assists.

 

Thanks again.

 

[yggdrasil]

On 11/7/2018 at 8:15 AM, Paul49 said:

Thanks for the idea Nick but I have tried all write combinations, including 755  ☹️

WHMCS looks really good.  I have used my own management database for over 10 years but getting a little creaky and its about time I switched to WHMCS after looking at it for years 🙂

Will reinstall with write permissions in place see if that assists.

 

Thanks again.

 

How do you change the permissions on the file in your server? How did you uploaded the files as well?

Seems like a server problem. Make sure the permission on files in your web server are properly set. This is not related to database management. Its related to the Unix user/group permissions. You should never have files set to 777 for security reasons unless you have a very good reason to do so. Your server administrator or hosting company should be able to help you out here in case there is a user/group permission problem in your hosting account.

Edited November 10, 2018 by yggdrasil

[MYGSG - Nicholas S]

On 11/7/2018 at 9:15 PM, Paul49 said:

Thanks for the idea Nick but I have tried all write combinations, including 755  ☹️

WHMCS looks really good.  I have used my own management database for over 10 years but getting a little creaky and its about time I switched to WHMCS after looking at it for years 🙂

Will reinstall with write permissions in place see if that assists.

 

Thanks again.

 

Hi @Paul49,

Depending on the OS you are using for your server, if you have SSH (commandline access) or if you are using just shared cPanel hosting (with no commandline access)

If you are using cPanel please see my attached image, these are the Permission settings that I use.

If you are using a Linux based server:

chmod 755

If you need additional help, please feel free to PM me.

Kindest Regards,
Nick.

Edited November 11, 2018 by RLT - Nicholas

[mcubedpe]

I have the same issue.

Fresh Centos 7 - default Apache 2.4.  unziped and copied all files to /var/www/html.  chown -R apache:apache /var/www/html - then - "chmod -R a+w configuration.php attachments downloads templates_c".

No dice... the install requirements checker does work, at first I was missing a few extra PHP modules, installed them all rechecked, found the modules - everything is happy except the read/write permissions on the directories.  Even tried - chmod -R a+rwx /var/www/html - no joy.

Opened a ticket.

Maybe this program doesn't want to be installed into the doc root as root?  I guess I'll try again inside a /whmcs/ subdir on the webserver.

-Michael

[mcubedpe]

I figured it out... by default Centos 7 has SELINUX enabled, and it won't allow you to write to any directory inside the http www docroot.

I simply disabled SELINUX, however there are plenty of guides on how to enable RW files/directories via setting special SELINUX rules, I don't see the point.

-Michael

[yggdrasil]

8 hours ago, mcubedpe said:

I figured it out... by default Centos 7 has SELINUX enabled, and it won't allow you to write to any directory inside the http www docroot.

I simply disabled SELINUX, however there are plenty of guides on how to enable RW files/directories via setting special SELINUX rules, I don't see the point.

-Michael

That is only true on CentOS for a vanilla Apache installation and that is not even the proper fix. You should not disable SELINUX to make Apache work, in fact, you should not disable SELINUX at all on CentOS to make something work unless you want make your server more vulnerable. You are not configuring Apache properly as it can work just fine with SELINUX. Its common for people to start making things less secure and more writable as a quick fix but it seems to me your server is not properly configured. Using the docroot tells me exactly this. You should run under a proper secured account with the proper user and usergroup in the Apache wheel. You are probably even running PHP in DSO mode and not under suexec. (just my guess).

You are just asking for troubles in the future. I would rather get an administrator to properly install and secure your web server. Its not advised to run something like WHMCS like that that will be exposed on the Internet. WHMCS not wanting to be installed like that, is a good thing. Your web server is the problem, not WHMCS.

Edited November 12, 2018 by yggdrasil

[mcubedpe]

8 hours ago, yggdrasil said:

That is only true on CentOS for a vanilla Apache installation and that is not even the proper fix. You should not disable SELINUX to make Apache work, in fact, you should not disable SELINUX at all on CentOS to make something work unless you want make your server more vulnerable. You are not configuring Apache properly as it can work just fine with SELINUX. Its common for people to start making things less secure and more writable as a quick fix but it seems to me your server is not properly configured. Using the docroot tells me exactly this. You should run under a proper secured account with the proper user and usergroup in the Apache wheel. You are probably even running PHP in DSO mode and not under suexec. (just my guess).

You are just asking for troubles in the future. I would rather get an administrator to properly install and secure your web server. Its not advised to run something like WHMCS like that that will be exposed on the Internet. WHMCS not wanting to be installed like that, is a good thing. Your web server is the problem, not WHMCS.

Well I certainly pushed your buttons.  This is a dedicated host, it's used 100% only for WHMCS, why should I bother with the extra work to run this 1 app as a dedicated user, when it's the only app on the host.  Yes, I'm certainly aware of FPM, Fastcgi, suexec versions or methods of running PHP.

However in my use case, with a vanilla Centos7, as a dedicated WHMCS machine, I don't see the point in creating the SELINUX rules to allow RW, then finish the install, and then disable them.  As WHMCS when done doesn't want anything in the DOCROOT to be writable anyway.  So once I finished the install the entire docroot is set Read Only.  Also this is a corporate machine behind firewalls and such, and again in my use case I don't see the point in using SELINUX.

If you have a machine that is directly exposed to the Internet, certainly make sure you are using any and all security features you can use.

-Michael

[yggdrasil]

12 hours ago, mcubedpe said:

Well I certainly pushed your buttons.  This is a dedicated host, it's used 100% only for WHMCS, why should I bother with the extra work to run this 1 app as a dedicated user, when it's the only app on the host.  Yes, I'm certainly aware of FPM, Fastcgi, suexec versions or methods of running PHP.

However in my use case, with a vanilla Centos7, as a dedicated WHMCS machine, I don't see the point in creating the SELINUX rules to allow RW, then finish the install, and then disable them.  As WHMCS when done doesn't want anything in the DOCROOT to be writable anyway.  So once I finished the install the entire docroot is set Read Only.  Also this is a corporate machine behind firewalls and such, and again in my use case I don't see the point in using SELINUX.

If you have a machine that is directly exposed to the Internet, certainly make sure you are using any and all security features you can use.

-Michael

Apache runs on its own user group, you should not be running the PHP files that WHMCS uses in the same mode. Even if you are the only user in that server and you don't share or give anyone else access, how do you think ticket works in WHMCS? You need to upload files into the server, assuming someone by mistake is running everything under root (not your case but an example) that person that uploaded a file on a ticket now has root privileges on that file on your server. If he can somehow manipulate the system to rename it or finds a flaw in WHMCS (which is not hard when it comes to uploading files) he can execute a command, rename the supposed image and now he actually uploaded a .bash file, and since you are running things in root, the file now has root access which means game over as they can execute commands as super admin. The user just gained root privileges on your server just by exploiting WHMCS.

While that is not your case, it's a example in case someone tells something similar like "Why would I not run everything under root if I don't give anyone else access to my server..".

Well, you are giving people access to your server the second WHMCS is public. Since WHMCS runs PHP and that PHP is executed trough Apache, you need to make sure it runs with the minimal possible permissions and privileges on the system for those files. You really think that CentOS 7 would ship Apache but force people to disable SELINUX to make it work? The answer is no. It works if you properly configured  it. You probably found some blog from an Indian developer that said to disable SELINULX, or another tutorial that does not need even use SUDO on commands. Copying and pasting commands is ok as long as you know what they do. Running a static HTML file that does nothing under that sort of web server config might not be as bad, but running PHP that also connects to MySQL is not a great idea. And WHMCS does not exactly have the greatest security track in terms of secure coding and vulnerabilities exposed. I'm also sure your docroot is not to read only mode only. Otherwise your WHMCS install would not work, how do you expect WHMCS to create the cache files for smarty or even the uploaded files from tickets if it can't write into the your folder?

Don't disable SELINUX

Move your docroot folder or use a proper vhost in the Apache config

Restrict that vhost to a specific unix user/usergroup

Run PHP under that user/usergroup with suexec

I would say that is a minimum, assuming the worst happens, at least the person will not gain root access to your server and just be contained to that account and your WHMCS installation, cleaning that up might be easier than reinstalling the whole server.

WHMCS does write files into your system, and if you running that as Apache, that is one level higher in permissions to a user account already which is bad. Disabling SELINUX also makes you system less secure.

Here:

https://www.electronicdesign.com/embedded-revolution/don-t-disable-selinux

Edited November 13, 2018 by yggdrasil

[Ghulam abbas]

Web root path is /var/www/

I'm somewhat comfortable on the command line, but for sure not a sysadmin. Right now the permissions for config.php read:

-rw-rw-rw-. 1 jack.brighton jack.brighton 0 Jun 30 17:56 config.php

Also, changing permissions on config.php to 777 did not fix the issue. 

777 is unsafe (public write on config files, nice), especially on a shared enviroment.

I recommend 775.

The web user needs write permissions to set config values.

i think  its about time I switched to WHMCS after looking at it for years 

[mcubedpe]

13 hours ago, yggdrasil said:

... Disabling SELINUX also makes you system less secure.

Here:

https://www.electronicdesign.com/embedded-revolution/don-t-disable-selinux

yggdrasil,

While everything you are providing are absolutely good or best practices, they belong in a "How to install WHMCS on Centos7 securely" Guide, not in this thread.

The OP asked what else can be causing permission problems with the ridiculous install instructions that WHMCS provides that simply says set everything to 777 - SELINUX was the item I ran into - so hopefully the OP will reply with more details.

With you passion and experience maybe you should take the time and create a  "How to install WHMCS on Centos7 securely" Guide - and make it available to the community.

That said.. the fact that WHMCS is a program we pay for, and yet they completely wash their hands at any meaningful attempt on how to install their software properly, because they appear to be trying to promote their install service is a bit dubious in my mind.  But at this time, WHMCS is what my management wants to review for now, so here I am.

-Michael

[uocmohangngay]

On 11/6/2018 at 2:53 PM, RLT - Nicholas said:

Hi @Paul49,

Welcome to WHMCS! What a great automation tool for managing everything!

Have you tried 755?

Regards,
Nick.
 

I have the same question, thank you for the help.