Hopefully simple question.

Whenever I have miva upload a file or create a file using the Miva admin, it makes the files as a certain owner with no group or public read or write access. This means I can never overwrite those files or in some cases even download them later through FTP access (which uses a different owner group). This question primarily concerns my graphic files and even my export files such as the product export.

I've contacted my hosting site and they claim it is simply not possible to have both interfaces to have the same access permissions.

Any help or advice to get around this is greatly appreciated!!!!

This is an unfortunately common configuration at some hosts that do not work with Merchant very well. The cause of the problem is that Merchant runs as a cgi script but in their case, the cgi scripts execute as the same user as the web server user. This is bad for multiple reasons. One is that if Merchant is running as the web server user, then all of its databases must be readable and writable by the web server user. This is horrible! If Merchant is not running as you, then the files aren't able to be manipulated by you as you've discovered. More importantly though, if Merchant runs as the web server user than all of its databases have to be read/write for that user as well which means that any person on any site on the server will most likely be able to steal your Merchant data or customer/credit card data if they simply know the path to get to your files and write a simple PHP application. PHP apps that are poorly written also tend to get hacked, so having the files set that way may also make it easy for someone to stumble across them even if they weren't looking for them.

The ideal configuration for Merchant is where things run as your user account, the databases reside outside of the publicly served documents area and then the files have permissions that allow access to only your user which means for an intruder to gain access to them, they would have to break into Merchant, break into your account, or gain admin access to the server; all of which would be much more difficult than writing or exploiting a simple php script somewhere else on the server.

Thanks for the reply David! I'm a little confused by your response though as this part of the process is over my head.

We are paying for a dedicated server so no other sites are supposedly on our server. Would that make any difference to your recommendations.

Anything we should ask our hosting site to do that would change this?

Being on a dedicated server would remove some of the risk since you don't have to worry about other people. There's still the risk that comes from the files being owned by the same user that the web server runs as, and of course the big inconvenience you have trying to access the files.

Since it is a dedicated, I can probably tell you a way to get into the server that will let you get to the files, private message me and I'll send you more info.