Mantis Bug Tracker - Forums

Mantis2.11.0 clean install
I ran:

admin/check/index.php?show_all=0&show_errors=1
and got
For security reasons, you should delete (or at least restrict access to) the admin directory. Refer to the MantisBT Admin Guide for further details.

so I did a chmod on admin/ but that crashed mantis because

login_page.php: require_once( 'admin/schema.php' );

Please clarify
or specify an appropriate chmod or move schema.php out of admin

zzapper wrote: 12 Feb 2018, 10:20 so I did a chmod on admin/

What exactly did you set?

Independant from that, the safest way is to remove the directory.

Atrol
Can't remember may be chmod 700 but the issue is that Mantis login requires /admin/schema.php

zzapper wrote: 12 Feb 2018, 10:32but the issue is that Mantis login requires /admin/schema.php

It's not required if you remove the directory.

It's also not required if you chmod 000 for admin.

Thanks Atrol

oh gosh that's a catch22!

maybe the warning message in check.php should be more specific.

zzapper wrote: 12 Feb 2018, 10:39maybe the warning message in check.php should be more specific.

Any proposal?

Atrol
I guess just delete it!

zzapper wrote: 12 Feb 2018, 10:50just delete it!

This is no solution as it's intended to offer users the options to remove or to restrict.

Sometimes you need scripts from admin folder later on for checks or to run tools in it.
It's easier to restrict by chmod and set back when needed, than to restore exactly the same version of admin folder, that you removed.

It's better to keep it as it is at the moment, especially as there is a ongoing dicussion how to restrict by .htaccess https://www.mantisbt.org/bugs/view.php?id=23211

I have now deleted the admin/ so am done but 'chmod 000 admin/' didn't work for me but what I did't try 'chmod -R 000 admin/' .

Tschuss