Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.sites/default/files contains compiled PHP stuff, config and file uploads. We didn't want to burden people with creating more than one webserver writeable directory. My plan was that once #1856766: Convert file_public_path to the new settings system (make it not configurable via UI or YAML) is in to revisit the topic and move uploads one directory "in", ie. sites/default/files/uploads, sites/default/files/config, sites/default/files/php. David Rothstein has a similar but not identical proposal in #1967118-9: Figure out recommendations for Drupal 8 deployment challenges:
I think this is a big problem, and the default configuration doesn't make much sense to me for any site (small or large). Why should code, configuration, and user-uploaded files all live in the same place? This could cause security headaches too, since it encourages backups of all those things to be mixed together (even though you might care a lot more about the security of your code + configuration than you do about user-uploaded files, which are already public).
Would it be possible for the default configuration to look more like this:
sites/default/files => user-uploaded files
sites/default/config => configuration files
sites/default/code => compiled PHP code
Sites with multiple web servers would then be instructed to have the first two in a shared filesystem but the third one not shared.
Comments
Comment #1
Crell CreditAttribution: Crell commentedI'd be OK with either sites/default/files, sites/default/config, sites/default/code or with sites/default/files/upload, sites/default/files/config, sites/default/files/code.
The current setup definitely doesn't work, because it means you have files that should be checked into git (config) inside a directory that should not be checked into git (files). That totally can't fly. Either of the structures above (siblings of files, or all children of files) would resolve that problem.
Comment #2
chx CreditAttribution: chx commentedThe reason things got into files , we don't want people to bother with making three directories webserver writeable.
Comment #3
Crell CreditAttribution: Crell commentedRight. But making /sites/default/files writable, and then excluding /sites/default/files/content and /sites/default/files/php from git while leaving /sites/default/files/config in git would solve both problems. So +1 here.
Comment #4
effulgentsia CreditAttribution: effulgentsia commentedBuilding on #3, how about:
- sites/default/files/public
- sites/default/files/private
- sites/default/files/config
- sites/default/files/php
One flaw with the above is that it doesn't make 100% clear that "public" and "private" are content/uploaded files, whereas "config" and "php" aren't. Then again, the "public" files directory also contains css, js, and image caches, so what constitutes content/uploaded is blurry anyway.
Comment #5
Crell CreditAttribution: Crell commentedBumping this, as I think it's going to be a serious problem if we don't fix it.
I'd be fine with #4. Then you can put just sites/default/files/config[_abcd] in git and git ignore the rest.
Comment #6
dman CreditAttribution: dman commentedHappy to see thinking about this. If config belongs in git and the uploads don't then this is a big deal.
Comment #7
Crell CreditAttribution: Crell commentedBumping this to major and getting it back on people's radar. I think we should treat it as an RC blocker as well but I am not comfortable declaring that unilaterally. But I do think this is a release-blocking change.
Comment #8
catchExisting sites will have publicly indexed links pointing to files in /files. It might be possible to do redirects in core, but I'd rather leave those where they are, and people can move themselves as part of a 6/7-8 migration if they want to.
There is already sites/default/files/config_ and sites/default/files/php. Also the config directories are configurable already.
So really the only difference in terms of location is sites/default/files/public and sites/default/files/private - to me that's a good change for the defaults.
The other spot is the hardcoding in PhpStorageFactory:
That could check settings first so it doesn't end up in sites/default/files/public/php
So this looks to me like a change that could happen in a minor release, no need for it to either block release or to be punted to 9.x.
Comment #9
Crell CreditAttribution: Crell at Palantir.net commentedcatch: To clarify then, you're +1 on changing the defaults for public/private files as above, either now or in a point release (depending on when someone gets to it)?
Comment #10
Crell CreditAttribution: Crell as a volunteer commentedUpping version, and getting it back on people's radar. Assigning to catch as there was an outstanding question for him.