Hello everyone,
I tried to set up a Trackmania Nations Forever server and I tried to control it using remoteCP.
When I login for the first time, I should change my admin password. I can login succesfully, but when I try to change the passsword I get an error: [2009-10-15T17:06:59+02:00] [PHP Warning] DOMDocument::save(./xml/admins.xml) [domdocument.save]: failed to open stream: Permission denied on line 201 in file /var/www/remoteCP_4-0-3-2/includes/core/rcp_session.class.php
Every time I want to make a change (if it is my password or my servername etc.) I do get an error with Permission denied.
Can someone please help me? I run an Ubuntu 9.04 server with an Apache webserver and the Trackmania nations forever dedicated server. My version of remoteCP is 4-0-3-2.
Permission denied
Moderators: hal|Sascha, TM-Patrol
-
- pedestrian
- Posts: 12
- Joined: 15 Oct 2009 15:11
- Owned TM-games: TMNF
Re: Permission denied
Just need to chmod 771 all your xml config files..
Just be sure never to give read rights out to the 'everyone' group, as unless your server supports the .htaccess method, a simple google search can unveil your server settings along with the dozens of others who have improperly protected their rcp settings.
Just be sure never to give read rights out to the 'everyone' group, as unless your server supports the .htaccess method, a simple google search can unveil your server settings along with the dozens of others who have improperly protected their rcp settings.
-
- pedestrian
- Posts: 12
- Joined: 15 Oct 2009 15:11
- Owned TM-games: TMNF
Re: Permission denied
Ok thank you very much, problem solved, also thanks for the security tip. I think that should be added to the manual of remoteCP because they tell you to chmod 777 the whole cache and XML directory.
Re: Permission denied
I've mentioned it before in the RemoteCP subforum, only after a user in the Deepsilver forum (german equivalent of here) bragged extensively about how he exploited that very weakness to compromise several servers. Sascha certainly knows, it's up to him/her to change the documentation.
Normally the .htaccess file keeps those files safe from prying eyes, but unfortunately not all hosts support it's use. Unfortunately, practically any script you try to run; whether it's a server rpc script such as RCP, an image gallery, or a forum; simply state in their instructions to use CHMOD 777 on all the appropriate files -- without any consideration of the potential security risks.
For what it's worth, there's an easy test to check RCP's security... just try to access the /xml/admins.xml file from your browser. If you can access it, you need to remove the read rights.
Normally the .htaccess file keeps those files safe from prying eyes, but unfortunately not all hosts support it's use. Unfortunately, practically any script you try to run; whether it's a server rpc script such as RCP, an image gallery, or a forum; simply state in their instructions to use CHMOD 777 on all the appropriate files -- without any consideration of the potential security risks.
For what it's worth, there's an easy test to check RCP's security... just try to access the /xml/admins.xml file from your browser. If you can access it, you need to remove the read rights.
- hal|Sascha
- Pit Crew
- Posts: 671
- Joined: 12 Aug 2005 16:22
- Owned TM-games: TMU, TMN, TMS, TMO
- Location: Germany Munich
- Contact:
Re: Permission denied
I changed the official docs here: http://www.tmbase.de/V6/docs/install4/
There is also a "important information" part that tells you about the secuirty issue with *.xml files.
If you really want to secure your RCP install, you should also have a look into the file /includes/core.class.php
There is a code line like this
There youre able to change the xml path. Should also increase security a little bit 
There is also a "important information" part that tells you about the secuirty issue with *.xml files.
If you really want to secure your RCP install, you should also have a look into the file /includes/core.class.php
There is a code line like this
Code: Select all
self::$instance->storeSetting('xmlpath', './xml/');

CPU: Intel Core 2 Duo E6600
Mainboard: Asus P5W DH Deluxe
RAM: 2 GB
Graphics: ATI Radeon X1950XTX
Audio: Soundblaster Audigy 4
Internet: ADSL 6Mbit
OS: Windows Vista Bussiness
Mainboard: Asus P5W DH Deluxe
RAM: 2 GB
Graphics: ATI Radeon X1950XTX
Audio: Soundblaster Audigy 4
Internet: ADSL 6Mbit
OS: Windows Vista Bussiness