Local file transfer impossible due to weird conditions in update manager; "Module installation requires FTP access"
Error (or status) message is Module installation requires FTP access.
There is error in Update manager - for unknown reason to determine if local file transfer is possible there are no writability checks but file ownership matching checks. Affected by this weird concept file is update.menager.inc and here is example:
// If the owner of the last directory we extracted is the same as the
// owner of our configuration directory (e.g. sites/default) where we're
// trying to install the code, there's no need to prompt for FTP/SSH
// credentials. Instead, we instantiate a FileTransferLocal and invoke
// update_authorize_run_update() directly.
if (fileowner($project_real_location) == fileowner(conf_path())) {
module_load_include('inc', 'update', 'update.authorize');
$filetransfer = new FileTransferLocal(DRUPAL_ROOT);
update_authorize_run_update($filetransfer, $updates);
}
// Otherwise, go through the regular workflow to prompt for FTP/SSH
// credentials and invoke update_authorize_run_update() indirectly with
// whatever FileTransfer object authorize.php creates for us.
else {
system_authorized_init('update_authorize_run_update', drupal_get_path('module', 'update') . '/update.authorize.inc', array($updates), t('Update manager'));
$form_state['redirect'] = system_authorized_get_url();
}
Basically this works only on standard webserver configurations. If you have sophisticated permissions made up purposely or just messed up it won't allow you and force to use FTP. Even always working sheet-anchor known as "chmod -R 777" will NOT solve problem. 99% of users stricken by that will end up with few hours of pointless research, system checkups and debugging wasted concluded by some very wise advice "you can always use FTP or simply upload file manually" by some random guy or even on Drupal issue tracker.
Please, no I beg you developers - fix that becouse it is VERY OLD issue and it is ANNOYING. Only thing to do is to change way of checking if local file transfer is not possible eg. is_writable().
Comments
Comment #1
jaredwiltshire CreditAttribution: jaredwiltshire commentedAgreed, this is a stupid way of checking if the module can be installed directly. It should simply check if the ./sites/all/modules directory is writeable to install a new module.
Comment #2
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedLooking at the Git history, the original issue that added this has some discussion explaining the reason for the current behavior: #609728-5: Skip authorize.php step if webroot files are owned by the httpd user
It makes sense to me.
We should probably transfer some of this explanation into the code comment though. The comment is also a little confusing currently in that it implies it's checking sites/default because that's where the code will be installed, but in reality the code is not going to be installed there. I'm not sure it matters much which directory is checked (it would be pretty unusual to have different directories in the Drupal codebase owned by different users); perhaps it's just using sites/default because that's what the installer uses.
I could also imagine improving the on-screen messaging in this case, although we don't want to do it in a way that encourages people to change their filesystem to be insecure...