Step 3: Create settings.php and the files directory

Last updated on
5 February 2018

In order for Drupal to work, you have to tell Drupal where the database is, what the database is called, and the database credentials to access the database. This information is collected when you run the installer and is stored in the settings.php file which is located in:


When you first extract Drupal, it doesn't come with a settings.php file, instead it comes with default.settings.php. When you first install Drupal, it will attempt to copy and rename default.settings.php to settings.php for you. There are some rare instances where you will need to do this manually which are covered in detail further down on this page.

Finally, the purpose of having default.[config-file].php is so you can easily update Drupal, without overwriting the entire configuration that runs your site. Yes, there was a time when that happened...

Automatic settings.php Overview

By default, Drupal will attempt to create and populate the settings.php file automatically when you use install.php to setup the site. The script also changes the permission on the file to secure it once it is finished and then creates a sites/default/files directory for housing all of your non-core files. Unfortunately, some types of shared/local hosting are configured so PHP and Apache run as the same user. This might result in the install script failing to execute the creation and population of the settings.php file, along with setting permissions and creating the files directory. If you get errors referring to the Settings file during installation, you will have to manually create the settings.php file and do a few more tasks before you can run install.php. Once it is created with write permissions, the installation script will automatically populate the proper information for your site config. Afterwards, you will have to re-secure the settings.php file.

At this point, jump to the next page step: Step 4: Run the installation script. If you run into problems with the installation due to the Settings, come back here and follow the Manual steps outlined below.

Manual settings.php Overview

Drupal comes with a sample settings.php configuration file located at: sites/default/default.settings.php
Before you run the installation script (install.php), you need to copy default.settings.php file as a new file called settings.php and change its permissions to be writeable. After the installation, you will need to restrict the permissions again.

Manual settings.php Detailed Instructions

Step 1 - Navigation & Creation

Navigate to sites/default of your root Drupal install.

Copy the default.settings.php file and save the new file as settings.php in the same directory (see note below about renaming). If you have shell access (command line) run the following command from the directory that contains your Drupal installation files:

cp sites/default/default.settings.php sites/default/settings.php 

Note: Do not simply rename the file. The Drupal installer needs both files.

If you only have FTP access, you will have to download the file to your computer, rename it, then upload it. Some hosting providers have a file manager on the dashboard where the file can be copied and renamed.

Step 2 - Check the Permissions Are Writeable

By default, the sites/default directory and the settings.php file should be writeable. You can check that the permissions of sites/default and settings.php are writeable by issuing the following commands:

ls -l sites/ 

Permission on sites/default should be 755 [drwxr-xr-x]:

ls -l sites/default/settings.php 

Permission on settings.php should be 644 [-rw-r--r--]:

If they are anything but writeable, you can issue the following commands:

chmod 644 sites/default/settings.php 

Note: If you are in the same group as the web user, then changing the permissions to 664 will be sufficient.

Several FTP tools like Filezilla, Transmit, and Fetch etc. allow you to change file permissions, using a 'file attribute' or 'get info' command. In this case the file permission should be set to 644. If your FTP client has checkboxes for setting permissions, check both the Read and Write boxes for "Owner", "Group", and "Others" (but leave the Execute boxes unchecked). For some situations, you may need a permission of 664. Some hosting providers allow a similar operation through the dashboard file manager.

Step 3 - Try the Install

At this point, give the install a go. See if you can get through the installation by running http://[yoursite]/install.php. If you are successful, the first page you will want to visit is Reports -> Status report (admin/reports/status)

On the reports page, look for a line that says: File system. If it says anything other than "Writeable", you will need to follow Step 4 below.

Next, look for a line that says: Configuration file. If it says anything other than "Protected", then you will need to re-secure the configuration files as described in Step 5 below.

Step 4 - Create the Files Directory

The installation should have created the sites/default/files directory for you, but in the off chance it didn't, you will need to create it manually and set the right permissions on it.

mkdir sites/default/files 

Note:On most linux systems, a newly created directory is already setup with the 755 permission. In case it isn't, you can issue the command:

chmod 755 sites/default/files 

This sets the files directory to 755 [drwxr-xr-x].

Depending on how your apache configuration is setup, you might have to instead run:

chmod 777 sites/default/files 

This sets the files directory to 777 [drwxrwxrwx]. It is less secure than 755, but there's nothing you can do about it if that's how your server is setup.

Step 5 - Post Install Permission Check

After the installation script has run, Drupal tries to set the permissions automatically to:

555 (read-execute) [dr-xr-xr-x] for the sites/default folder.
444 (read-only) [-r--r--r--] for the settings.php

If not, you will need to manually set them:

chmod 555 sites/default 
chmod 444 sites/default/settings.php 

These permissions are correct, and should not be changed, because changing these opens up a security risk.

OS specific instructions

Fedora Linux settings.php notes

If you have clean Fedora (or RHEL, CentOS, Scientific Linux) you have SELinux enabled by default after clean installation. There are few more steps to be done to be able to finish Drupal installation on SELinux enabled site to gain more security by SELinux.

If you don't want to use SELinux you may simply disable it, but this is not recommended as SELinux is able to block some exploits. Also you may turn SELinux into permissive mode to go through creating the settings.php file (because even if you have set the permissions for writing to settings.php, the install script will think you don't because SELinux is active and is blocking writing to settings.php file).

To go through installation, do this (as root):

  1. Enable allow_httpd_anon_write boolean:
    setsebool allow_httpd_anon_write=1 
  2. Change type of default directory and settings.php to public_content_rw_t (whole command is in one line):
    chcon -t public_content_rw_t sites/default sites/default/settings.php sites/default/files 

After the installation finishes, revert previous settings to benefit from SELinux:

  1. Disable allow_httpd_anon_write boolean:
    setsebool allow_httpd_anon_write=0 
  2. Reset security context:
    chcon -R -t httpd_sys_content_t sites/default 

Windows (IIS) settings.php notes

On a Windows computer using Internet Information Server (IIS), complete the following steps:

  1. Right-click sites\default\settings.php.
  2. Grant Write permissions to IUSR_MachineName (IIS6) or IUSR (IIS7).

Note: On Windows Server 2008, you can also do this from the command line by running the following command from your sites\default directory:

icacls settings.php /grant IUSR:W 

The installer will change the file back to Read Only after installation, but you should verify this after installation.

For more information about modifying Windows file permissions, see the Troubleshooting FAQ.