After 3.8.0 update asked to change permissions to config.ini


(David) #1

Hi,

I got this note after updating Matomo through Softaculous. Can some kind soul tell me what the permissions should be?

Thanks very much!

The following are some important notes. It is highly recommended that you read them :
After completing the script upgrade process please apply safe permissions to the config file:
/home/davidphi/public_html/astats/config/config.ini.php


(Lukas Winkler) #2

Hi,

Interestingly I can’t find this message anywhere in the Matomo source (maybe I am not looking properly), so is there a chance this message is printed by Softaculous and not Matomo?

Nevertheless the safe permissions for the config.ini.php is that the webserver (running PHP) has to be able to read and write the file and everyone else should not be able to either read or write the file (as someone who can read the file has full access to the Matomo instance)


(David) #3

Thanks very much Lukas!

Unfortunately I am quite ignorant about permissions.

Currently the settings for config.ini.php are:

Owner: read write execute: all checked
Group: read write: checked
Others: read: checked
Unix equvalent: 764

Is that correct?

Thanks!


(Lukas Winkler) #4

This really depends on how your host has set up their servers.

But I’d set others to nothing as there might be a chance this includes other people on the server (although it shouldn’t)

When in doubt, I’d contact your host.


(David) #5

I will do that. I have contacted my host, so I’ll see what they advise.

Thanks very much for your help!