Hello all,

My first question here is probably a dumb one. But what the hell.

I have installed Drupal on Win Server 2003 using IIS6.

That went fine.

I then installed the clean urls tool which is suggested on IIS Aid. To do this I needed to add some info to my settings.php page. That went fine and installed. BUT now drupal is saying:

The file settings.php is not protected from modifications and poses a security risk. You must change the file's permissions to be non-writable.

So I changed the file to read-only. Which blocked me out of the site. So I tried a new version and denied write permissions to all users and the file was still writable.

What am I missing. I'm being dumb right? Right?

Just tell me like I'm an idiot kid. It's late and I'm coded out for the day.

So a really easy explanation would be awesome.

I would appreciate it guys.

M

Comments

iammagpie’s picture

Sorry to bump it.....but.....what the hell....

LaurenH’s picture

I'm having the same darn issue. I don't work with IIS very often, so I'm not really sure what I'm missing here. I would think that if I set the file to deny Write access, Drupal would be satisfied... but no. So I tried denying "Modify" access (whatever the heck that is), but that of course denies "Read" and "Read & Execute" permissions as well. According to everything I've read, the file should now be write-protected, but Drupal doesn't seem to think so and honestly I trust Drupal better than I trust IIS, so maybe there's a way to completely secure it?