Please don't create directories and files in the installer. The sites/default directory should probably not be writable, ever.

Can we just include the attached (or similar) pre- and post-install scripts and documentation on doing the same on Windows or FTP?

CommentFileSizeAuthor
Installer scripts.zip447 bytesdavid strauss

Comments

aaronbauman’s picture

aaronbauman
he/him
commented

Almost 2 years later, there's still a fundamental divide between the UX side and the DX side of this issue.
For example, here's a bug report that seems to be in direct contradiction to this one:
#194369: User experience: Error for file folder not present during install felt wrong

The UX side wants the install experience to be as easy as possible #652288. The user shouldn't have to know how to use a shell, should be able to everything through the web. Directories and files should be created automatically during install.

The DX side argues that the file system is ugly when Drupal creates and owns sites/default and settings.php #99011. Permissions and ownership are mangled. Data may be lost during upgrades.

There are so many tickets about the files directory and the install process. As a developer I feel your pain, but I tend to lean toward the UX side. It may be a pain for developers to work around quirky file ownership and permissions, but it's far from impossible. For someone unfamiliar with shell, it might actually be impossible given their current experience level.

A message to the effect of "you have to run a script" is gibberish to a lot of folks, and poses an insurmountable hurdle that will significantly degrade Drupal adoption and usage. I mean, as a developer, isn't it just as easy for you to write a script that does the inverse of the ones you posted to address this issue?

Maybe a meta-issue for this exists already. If so then this issue and #194369 (and probably others) should be marked as postponed pending a resolution. If not, then maybe this is a good place to formalize the discussion and make a decision.

One compromise might be to ask the user during install whether Drupal should try to create files directories and settings.php.

David_Rothstein’s picture

David_Rothstein commented

I believe for Drupal 7 (and even for Drupal 6) we fixed all known bugs with settings.php being improperly owned by the wrong user: See #418302: Copy default.settings.php to settings.php during install IFF webserver owns files (FTP on shared hosting), among others.

It's not clear to me what the specific bug with the files directory is? Regardless of who owns that directory itself, the files within it will always wind up being owned by the webserver anyway...

See also #913796: Use authorize.inc to securely copy settings.php during the installer (for Drupal 8) which would probably make it possible for more environments to have the files directory owned by the owner of the Drupal codebase (not the webserver user).

Status: Active » Closed (outdated)

Automatically closed because Drupal 7 security and bugfix support has ended as of 5 January 2025. If the issue verifiably applies to later versions, please reopen with details and update the version.