Installation & Configuration

What is this "Security risk" error about config.php and 444?

Scenario:
"I have just finished installing Nucleus and I receive this strange error message when I try to login to my administration area:

Security Risk
One or more of the Nucleus installation files are still present on the webserver, or are writable.

You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus

config.php should be non-writable (chmod to 444)
If you don't want to see this error message again, without solving the problem, set $CONF['alertOnSecurityRisk'] in globalfunctions.php to 0, or do this at the end of config.php.

What do I need to do to get rid of it?"

Solution:
Check to make sure you have deleted the install.php and install.sql files from your webserver. If these files are gone, you need to change the permissions on config.php either through your FTP client:

Changing permissions using an FTP client.

You can also set permissions on files through your host's control panel. The following example uses a cpanel interface. First, login to your host's control panel and go to the File Manager. In cpanel, you simply click on the File Manager icon:

Navigate to the File Manager by clicking on the File Manager icon.

Next, browse to the /public_html/ directory if you installed Nucleus in your root directory, or /public_html/subdirectory/ if you installed in a subdirectory. Locate your config.php file and click on it to view its properties:

Locate config.php on your webserver.

Click on "Change permissions" to adjust the file permissions. Set it to 444 or to "Read" for "User", "Group" and "World". Hit "Change" and you're done!

Change permissions on config.php to 444.

If the above still doesn't work and you still get the error message, open the globalfunctions.php file inside the /nucleus/libs/ directory and make sure the line for $CONF['alertOnSecurityRisk'] is set to 0 like this:

$CONF['alertOnSecurityRisk'] = 0;

Original forum thread (thanks, ftruscot!):
http://forum.nucleuscms.org/viewtopic.php?t=13705

section: Installation & Configuration | submitted by Leng on 2007.Jan.26 | 15407 views

item rate
Total votes: 16 - Rating: 9.00

Please tell us how useful this answer was to you (0 = useless, 10 = very very helpful):

10