Hi. I’m trying out Dolibarr. So far, I’m optimistic that it will meet my needs. However, there is a strange message at the bottom of the dashboard:
" Warning, your config file ( htdocs/conf/conf.php ) can be overwritten by the web server. This is a serious security hole. Modify permissions on file to be in read only mode for operating system user used by Web server. If you use Windows and FAT format for your disk, you must know that this file system does not allow to add permissions on file, so can’t be completely safe. All security warnings (visible by admin users only) will remain active as long as the vulnerability is present (or that constant MAIN_REMOVE_INSTALL_WARNING is added in Setup->Other Setup)."
After I figured out that “htdocs” does not actually refer to a directory anywhere, I found the conf.php file and checked its permissions. They are 644: The owner has write access, but everyone else can only read the file. The owner of the file is 1554, but I don’t know how to know if this is the “web server” referred to in the warning. Do I need to change the permissions to 444 so that nobody has write access? That seems possibly extreme, so I would rather not take that action without more confirmation.
Thanks for any information you can provide.
John
