#517814: File API Stream Wrapper Conversion added a new paradigm to Drupal file storage. Rather than our old crappy system where you had one files directory which could hold either private files, or public files, but not both, this new system has one directory for each type of file, and you can mix and match them. Hooray!
However, there are a couple of considerations that need to be made:
1. It is insecure for private files to be stored in a web-accessible directory such as sites/default/files. We have a workaround in place which leverages Apache .htaccess files to protect viewing, but this doesn't help people using other web servers like IIS or whose servers have .htaccess overrides turned off. To adhere to best-practices, the private files directory should go into a non-web accessible directory; typically the directory above wherever you stuck your Drupal files.
2. However, to do this, we basically need to prompt a user upon installation to specify both a private and public file path, since we have no way of knowing what is and is not a "safe" directory for them to use (I think? possible to figure this out on a $_SERVER variable for docroot?). I know the UX team has been adamantly against adding more options to our installer, and this is a particularly tricky one (though we would not be the first CMS to offer such an option in our installer).
3. Another option is to leave the files where they are (sites/default/files and sites/default/private) until installation is complete, and then create a warning that shows up in the status panel for them to address. I'm not quite enthused about this idea either because a) it goes "Welcome to Drupal, here's a nice error for you!" and we've been trying hard this release to get away from that, and b) if it's something I need to do anyway, why not just fricking prompt me on install? :P
Basically, this issue is to hammer out what we do about this. For more background, see http://drupal.org/node/517814#comment-1932230 and below.
Comment | File | Size | Author |
---|---|---|---|
#120 | 551658-no-temp-on-install-5.patch | 2.52 KB | Stevel |
#118 | 551658-no-temp-on-install-4.patch | 1.95 KB | Stevel |
#117 | 551658-no-temp-on-install-4.patch | 1.95 KB | Stevel |
#116 | 551658-no-temp-on-install-3.patch | 1.15 KB | Stevel |
#115 | 551658-no-temp-on-install-2.patch | 1.15 KB | Stevel |
Comments
Comment #1
Frando CreditAttribution: Frando commentedWell, what about defaulting to "all files public" as in all previous Drupal versions, and to use private files, you first have to enable them by either entering a path or specifying to use sites/default/files/private. So this would be a non-obligatory step (not every site needs private files), therefore we don't have to present an error, but can rather provide a friendly-looking link "If you want to use private, protected file downloads on your site, please proceed to the private files settings page". There, we then have a nice page with lots of space for help text and explanations. Could basically look like
---------------------------------------------------------------------------------
Set up private files
( ) Enter a path to a writeable directory outside of your webroot
[............]
( ) Use sites/default/files/private. WARNING: This may be insecure on systems other than Apache.
[submit]
---------------------------------------------------------------------------------
Of course with better texts, and we could also only offer the second option after we have tested that files stored there are only accessible via system/files (could work similar to clean URL check).
Comment #2
CalebD CreditAttribution: CalebD commentedI agree with Frando.
Private files is turned on to meet a specific functionality requirement, so it makes sense to have only Public files configured initially. Letting users know the option is there after install is the best we can do. All the other options end up sacrificing UX somewhere or end up being insecure depending on the web server.
More detail:
#1 -- Agreed, there's just no way to ensure the proper access across all web server software and configurations.
#2 -- I haven't gone through the D7 installation process in a while, I mostly just lurk reading issues, but I'm inclined to agree that adding more options degrades UX. Perhaps it could somehow be made an option for the Expert installation profile. Think of most software installers on Windows. If it just keep hitting next it will install the software's default components in a default location. Determining a default location outside of the web root could be done with some comparison of the site URL and local path (probably), but in most cases PHP won't have access to do anything in the directory above web root. Adding another "go here and chmod this" during installation sounds like a bad idea.
#3 -- I think it's fine to leave public there, but private shouldn't be enabled by the installer. Having an error after installation would be very dissatisfying and a turn off. Again, I'm imagining installing some new software on my desktop only to have it throw missing DLL errors or something upon first run. Not pleasant.
Comment #3
webchickOh. Actually that's a very reasonable suggestion! Nice!
Can someone whip up a patch? Part of it should correct the documentation in INSTALL.txt (I think) where the previous patch suggested sites/default/private as the folder for private files.
Comment #4
webchickTo be clear, we don't need to get too fancy with this, I don't think. Just make the private files directory optional until such time as someone wants to explicitly switch it on. There's already a separate field for it on admin/settings/file-system. And fix/add some help text to talk about non-web-accessible directories.
Comment #5
aaron CreditAttribution: aaron commentedthere are some simple tests that have been created for private streams now, which is part of (but not the only reason) we now enable a private:// stream wrapper in addition to the public:// stream by default. so if we remove that, we'll probably need to rework the tests.
Comment #6
yoroy CreditAttribution: yoroy commentedIs this why currently in HEAD the installer mentions missing 'private' and 'private/temp' directories?
Sounds like UX and DX both point to the same solution :)
Comment #7
pwolanin CreditAttribution: pwolanin commentedThe stream wrappers patch added a temp directory managed by Drupal - this as to avoid problems with using the system temp directory under some configurations.
The installer will currently put this under sites/default/private/temporary - hence you must create sites/default/private for any file uploads to work.
This temp dir is also projected by just a .htaccess file, but generally the names are random using drupal_tempnam(), and unless you turn on private files, all the files here are destined to be public eventually.
Unless a non-core module uses private files by default, you'd have to navigate to the settings page and turn them on, so in a sense we already require you to turn this on before private:// is used for a new install. I guess we could essentially have private:// fail unless the user has specifically set a directory?
Comment #8
catchThe installer shouldn't be prompting for more than one directory, as it currently seems to, so promoting this to bug report.
Comment #9
Bojhan CreditAttribution: Bojhan commentedBump, this is super critical - its pretty much a hassle to install Drupal now. You have to figure out from the rather cryptic help text what categories to make.
Comment #10
axyjo CreditAttribution: axyjo commentedHow about having an blank index.php page being created in the private directory? That would disable directory indexes without the need for .htaccess files, but it doesn't solve the problem for people who know the path to the private file.
Comment #11
pwolanin CreditAttribution: pwolanin commentedaxyjo - not really a solution
Comment #12
pwolanin CreditAttribution: pwolanin commentedFirst pass at a patch - note that it bumps the PHP requirement to insure we have function sys_get_temp_dir().
If we don't want to bump that, then we'll have to add a fallback or something.
Also, by default this puts the private files under the public one - surely not where you'd really want them, but makes install simpler. I won't be surprised if this makes the testbot sad also.
Comment #13
catchI think it's better to be able to install, than it is to have a great default path for private file directory - if you really care you'll stick that outside the webroot.
5.2.1 - are there any distributions which still ship with this? Any hosts still running it? I can't imagine there are but you never know.
Comment #14
pwolanin CreditAttribution: pwolanin commentedAs of > 1 year ago, there were still some people using 5.2.0: http://www.nexen.net/images/stories/phpversion/200810/mineure5.en.png
Don't seem to be more recent updates at that site.
Comment #15
moshe weitzman CreditAttribution: moshe weitzman commentedPHP version change looks fine to me.
I don't see why the installer has to create a private directory at all. All our profiles default to public. Why not default the private variable to ../private or something outside of web root?
Comment #16
pwolanin CreditAttribution: pwolanin commented@moshe - I don't feel strongly either way - but seems nicer to at least have a functioning path by default.
Comment #17
webchickI am not that fussed about tmp directory locations, tbh, but sticking the private folder *in* the public folder is even worse from a WTF standpoint, from where I sit.
What happened to the lovely suggestions above about NOT dealing with a private dir in any way during install, and letting the 2% of users who actually need that functionality fill out a private filesystem path at admin/config/media/file-system? (or wherever it is now)
Comment #18
pwolanin CreditAttribution: pwolanin commented@webchick - we could do that, but seems like we might have to add some kind of error handling?
Comment #19
webchickSorry, could you elaborate? You mean with the tests, or with existing installs, or..?
Comment #20
aaron CreditAttribution: aaron commentedperhaps we could add a switch to enable the private stream, and leave it off by default? turning it on would be from the private files setting page, which would also require a valid folder on verify.
Comment #21
arhak CreditAttribution: arhak commented@19 can't have the textfield for private file path with an invalid value set, since the first time you load the form you don't see any errors (haven't been submitted therefore not validation yet)
- leaving the page at that point (without submitting anything) will be a WTF
- attempting to "reset to default" the page will be another WTF
that's what I think aaron is aiming at #18, #20
Comment #22
aaron CreditAttribution: aaron commentedThis patch creates a new setting to allow private files. If it's not set, then we don't have private files.
It is set with a checkbox on the file system admin page at admin/config/media/file-system. Checking it and hitting submit then displays the usual textfield for the directory. That also rebuilds the menu, so we can register the new private files menu path.
I put the default path at ../private/files, and everything works fine from my end.
Comment #23
aaron CreditAttribution: aaron commentedI forgot to add that the variable to register the private stream wrapper is initially set to FALSE, of course.
Comment #25
pwolanin CreditAttribution: pwolanin commented@aaron - that misses the changes for the temporary files directory.
Also - do we really need a setting?
I think we could make this change much simpler with an empty string as the default directory. I'm also wary of the menu rebuild and toggling 'system/files' in an out of existence.
Also, what does PHP do if we reference a non-registered stream wrapper?
Comment #26
pwolanin CreditAttribution: pwolanin commentedHere's what I mean - think I got most of it, though possible tests fail due to missing stream. Tested install and configure.
We should probably rethink the files form and its validation (rather than use the after build trick?)
Also, quick test - trying to use a non-registered wrapper gives this notice:
Comment #27
pwolanin CreditAttribution: pwolanin commenteddoh, my test hack was still in index.php
Comment #29
pwolanin CreditAttribution: pwolanin commentedLooks like we'd need to fix up a lot of tests.
Can we put #12 in as a stepping stone to fixing this? At the least it allows you to install with only have one files dir present.
Comment #30
Bojhan CreditAttribution: Bojhan commentedCan we perhaps use our lovely conditional AJAX-Y thing? When you check, it exposes the field to enter a path? :) We have it in there, so lets use it.
you can find the code in menu's I think, if you add a menu by node/add - you get the same trick
Comment #31
pwolanin CreditAttribution: pwolanin commented@Bojhan - I have no idea what you are talking about in this context. You mean w.r.t. aaron's patch to add an additional setting?
Comment #32
moshe weitzman CreditAttribution: moshe weitzman commentedHe refers to the #states feature that we added to FAPI which lets you easily make form elements be dependant on each other. #557272: FAPI: JavaScript States system
Comment #33
pwolanin CreditAttribution: pwolanin commented@moshe - ok, but I don't think that's relevant if we use the approach in my patch.
Comment #34
aaron CreditAttribution: aaron commented#30 wouldn't work anyway, because we'd get form validation errors before we even began because the directory probably won't exist at first.
Comment #35
pwolanin CreditAttribution: pwolanin commentednote I opened this related issue for a more general problem with the stream wrapper API: #685074: (Tests needed) Some stream wrappers need to be hidden or read-only
We can possibly merge that with this fix if we come to any quick consensus there.
For the #27 patch - a quick and dirty trick to make the most tests pass would be to set a private files path like 'file/private' at the start of the tests so that they have a writeable directory to work with.
Comment #36
Dries CreditAttribution: Dries commentedI reviewed this patch and I'd support the approach taken here. My only comment was whether we still need the variable 'file_temporary_path'? It seems like we might be able to always use sys_get_temp_dir(), but that is a minor comment at this stage.
and by extension
might be removed?
Comment #37
pwolanin CreditAttribution: pwolanin commentedI think it's useful to be able to set some other temporary file path - e.g. for the testbot or for cases where you are on shared hosting and not allowed to access /tmp. The latter case was the original motivation for putting the default temp file locaiton under the docroot.
Comment #38
Bojhan CreditAttribution: Bojhan commentedBack to needs review, it seems Dries his comment was responded to by pwolanin. Can anyone see why its failing so many test, somewhat hesitant to retest - since our bot was broken so many times.
Comment #39
pwolanin CreditAttribution: pwolanin commented@Bojan - we need to either fix the tests or define the private files path.
Comment #40
Bojhan CreditAttribution: Bojhan commented/me trows up a coin, fix the tests it is! Please, lets get these critical issues fixed.
Comment #41
c960657 CreditAttribution: c960657 commentedDebian Etch shipped 5.2.0. It was superseded by Debian Lenny about a year ago but is still supported with security updates.
In D6, file_directory_temp() did something like sys_get_temp_dir() in PHP 5.2.1. I think it's a pity to drop support for 5.2.0 when there is an easy workaround.
Missing space before
(
.Comment #42
pwolanin CreditAttribution: pwolanin commentedI'd rather narrow the number of supported PHP versions if possible.
Also, even security patchs for Debian Etch are now over, so it's unsupported and past it's EOL date:
Security Support for Debian GNU/Linux 4.0 to be terminated on February 15th
Comment #43
bsherwood CreditAttribution: bsherwood commentedCame here from issue #722510: Private directories should default to a directory outside of the webroot that I created today. Now set to duplicate.
I think we should either do:
1). If the installer can create the directories, we can set it up like 'WEBROOT/../drupalprivate/[site name]/files' and 'WEBROOT/../drupalprivate/[site name]/temp'. This keeps the /sites/[sitename]/files setup we have for public directories.
2). If the installer can't do it automatically (meaning not on most web hosts), I think we should leave it like it is in D6 and just send a message that it can be done with a link to the file system config page. This informs the user of the feature but keeps the installer uncluttered. Most users will still use the public method and the private file system is not required to get drupal to run.
Comment #44
Bojhan CreditAttribution: Bojhan commentedSo can I get screens, and is there a RTBC'able patch given the directions given by webchick
Comment #45
drewish CreditAttribution: drewish commented#27: files-dirs-551658-27.patch queued for re-testing.
Update: Looks like #685074: (Tests needed) Some stream wrappers need to be hidden or read-only conflicts with this patch.
Comment #46
pwolanin CreditAttribution: pwolanin commentedThe patch conflicts or the approach?
Comment #48
pwolanin CreditAttribution: pwolanin commentedComment #49
drewish CreditAttribution: drewish commentedpatch conflicts... it seems pretty minor.
Comment #50
pwolanin CreditAttribution: pwolanin commentedComment #51
catchPatch no longer applies.
Comment #52
drewish CreditAttribution: drewish commentedRerolled around the conflicts. Also made one addition to the docs explaining why we don't create the private files directory by default.
Comment #53
Island Usurper CreditAttribution: Island Usurper commentedLooks good to me. No errors during install, no option to set the default file system to private until a path was set, no problems creating the path I specified, and no problems using it once it was set.
Comment #54
webchickYay! :D Awesome. Awesome awesome awesome. I think this makes SO much more sense!
A couple of weird things in my testing:
After entering a private file path, a second radio appears, so this isn't worth holding the patch up. Just thought it was a bit strange.
The tmp directory though does look odd. In my Drupal 6 site, this gets set to "/Applications/MAMP/tmp/php". What's up with that?
Comment #55
pwolanin CreditAttribution: pwolanin commented@webchick - the sweet merciful crap is a Mac OS thing - on a "normal" system like linux it would be something like "/tmp"
Maybe makes sense avoid showing a single radio - you'll see two radios if you configure a private files path.
Comment #56
drewish CreditAttribution: drewish commentedthe "/Applications/MAMP/tmp/php" is a MAMP thing not an OS X thing.
look at the image toolkits form for a pattern of how to do the radio buttons.
Comment #57
drewish CreditAttribution: drewish commentedwait ignore my temp directory comment.
Comment #58
webchickI don't think it's a Mac or a MAMP thing... it's a D6 vs. D7 thing. Like I said, in D6 the tmp directory is a human-readable string and in D7 it's some wack-ass weird thing.
I'm not necessarily going to not commit it because of this, but it does point to something very different being done under the hood and I want to make sure that there isn't a bug somewhere here.
Comment #59
pwolanin CreditAttribution: pwolanin commentedMy Mac gives me like
/var/folders/Yy/YyjK01R92Rabfk+BYqOrF++++TM/-Tmp-/
for sys_get_temp_dir() regardless of whether I use MAMP or the system PHP. In contrast, linux gives me:/tmp
. So even though /tmp works on the Mac, for some reason it's not what the system wants you to use.Comment #60
pwolanin CreditAttribution: pwolanin commentedhttp://api.drupal.org/api/function/system_image_toolkit_settings/7 is a nearly criminal abuse of the API (variable_set() in a form builder).
Comment #61
pwolanin CreditAttribution: pwolanin commentedthe bit about the access callback for the private files path is wrong. That would prevent any other module (not file) from implementing an alternative system of private downloads.
Comment #62
pwolanin CreditAttribution: pwolanin commentedI rolled this with a removal of the singe radio, but in IRC webchick didn't like the screenshot so much, so this patch just has other fixes but omits any UI refactoring.
Comment #63
aaron CreditAttribution: aaron commentedwe weren't using sys_get_temp_dir() http://php.net/manual/en/function.sys-get-temp-dir.php before now, as that function wasn't introduced in php until 5.2.1. previously, unless you were in windows, it was usually set to /tmp manually with http://api.drupal.org/api/function/file_directory_temp/6 . sys_get_temp_dir() should be safer to use, even if your system does something weird: afaik, mac creates a symlink from /tmp to the same folder.
Comment #64
aaron CreditAttribution: aaron commentedonly problem i see is that it silently breaks if you create a folder named 0 and set it as the private folder. seems a really odd and edge case though, not enough to stop this from happening. :D
Comment #65
webchickOk, cool. Then this looks good to go. Committed to HEAD!
Comment #66
asimmonds CreditAttribution: asimmonds commentedJust a small followup, INSTALL.txt should state that PHP 5.2.1 is the minimum version now as well.
Comment #67
aaron CreditAttribution: aaron commentedgood catch!
Comment #68
arianek CreditAttribution: arianek commentedJust in case this is useful information to anyone, (apparently) as a result of this patch going in, I got this error in the "verify requirements" step of the install when I did a fresh D7 install the other day.
The directory /var/folders/3I/3IfJxJtFFrWrCXQPxLjD8++++TI/-Tmp- is not writable.
From what I gathered with the help of chx and some others on IRC, it seems it likely has something to do with me having 2 copies of Apache on my computer (one in MAMP and one that came with my macbook). I never did get it figured out yet, and just chmod'ed the perms on that folder to get my install to complete so I could get on with things.
Not sure whether I should file an issue for this or if it's just me and a bad setup.
Comment #69
droplet CreditAttribution: droplet commentedClients always confuse the different between:
Public local files served by the webserver / Drupal
they thought all served by SERVER
Comment #70
webchickI have a question about that, actually. Why is it that we switched to sys_get_tmp() or whatever, given that:
1. I've never heard complaints about the hard-coding we've been doing of that value since the dawn of time
2. It forces us to raise our minimum PHP requirement up a point release post-post-post-post code freeze.
3. It's going to cause no end of headaches in the support forums/issues from Mac users who rightfully boggle at that long, non-sensical string where "/tmp" used to be
4. It seems to be causing issues in at least one major contributor's set up?
I don't see anywhere in this issue where it was explained why this change was required to re-jigger the private file uploads to work this way. Can someone elaborate? If it's not a critical change that must be there or else things break, and is instead a "nice to have/clean-up", I think we should back it out and try again in D8, when hopefully we can have a different PHP minimum version that doesn't have this weird Mac problem.
If it is critical and required, please explain why.
Comment #71
pwolanin CreditAttribution: pwolanin commented@webchick - I was hoping that this would allow success in installing on any platform withot hard-coding a list of possible dirs - also is more compact.
However, I'd also be open to rolling that part back.
Comment #72
Bojhan CreditAttribution: Bojhan commentedI don't fully understand all the technical arguments but that this is critical should be crystal clear. Currently new users are faced with way too many steps; added by the private map. One typically has to go through 4/5 steps before one gets to having the correct directions setup.
This patch is to solve this issue, that prevents people from installing Drupal 7. I would definitely mark this very very critical.
Comment #73
webchickBojhan, that patch already got committed. Or do you have a problem with the current (as of April 29), opt-in way the private file stuff works..? If so, could you elaborate? I'm confused.
Peter, thanks for the explanation. Let's go ahead and remove those temp changes, I think. It's a bit too major of a change for this late in the release cycle, esp. if it's causing problems on Mac localhosts... a non-trivial percentage of our contributors. ;)
Comment #74
moshe weitzman CreditAttribution: moshe weitzman commentedI disagree rolling back the temp dir stuff. php offers an .ini setting where sites configure this stuff. is drupal supposed to just ignore that and say 'we know better. use /tmp until you do a drupal specific configuration for something that php already offers'?
FWIW, I use mac localhost and am not having any trouble.
Comment #75
webchickWell, that's what we've been doing for the past 9 or so years, and no one seems to have complained?
Versus this was in core about 24 hours before we started getting questions about it, both here and on IRC. I'm not saying we shouldn't do it. I'm just saying it's a really big change to make when you're theoretically done making big changes, except when they fix extraordinarily broken stuff, which this doesn't.
Comment #76
moshe weitzman CreditAttribution: moshe weitzman commentedI have no strong feelings on this. My .02 is that using sys_get_temp_dir() is not a major change, and it is a bug fix.
Comment #77
Bojhan CreditAttribution: Bojhan commented@webchick Heh, I think you confused me too. I was thinking you where proposing a full rollback. If not all fine :)
Comment #78
jbrown CreditAttribution: jbrown commentedI think this patch might be causing a problem with testing.
On my setup I am getting exceptions if the host does not have private:// configured:
file_exists(): Unable to find the wrapper "private" - did you forget to enable it when you configured PHP?
Try testing cron run.
Comment #79
Everett Zufelt CreditAttribution: Everett Zufelt commentedI don't know how many people are, or are not, using Debian Etch. I use it on my dev server and it would be a pain for me, and perhaps others, to upgrade to php 5.2.1+. I'm not saying it's right, just that it is a fact, and this could degrade impressions of d7.
If the 5.2.1 requirement is going to stay, then we need an actual UI to explain this in the installer. Currently after selecting language I get
Comment #80
Everett Zufelt CreditAttribution: Everett Zufelt commentedSee also:
#807622: Fatal error calling sys_get_temp_dir() in installer - pHP 5.2.0 and earlier
Comment #81
Heine CreditAttribution: Heine commentedThe use of sys_get_temp_dir assumes this temporary directory is writable. Is this a correct assumption? On IIS the system temp dir is not writable for the php process, instead, one is supposed to use per-application pool temporary directories, distinct from the system temp dir. I can imagine this is a problem with Unices as well.
The change needs some additional documentation IMO (eg How to change the reported path with lowlevel access rights.)
Comment #82
dhthwy CreditAttribution: dhthwy commentedThe use of sys_get_temp_dir by default is a mistake. Web hosting providers can change PHP's upload_tmp_dir setting on a per user/website basis and if set Drupal should be using it. Security conscious users might also want to set their own upload_tmp_dir for Drupal to use.
sys_get_temp_dir ignores the upload_tmp_dir setting and returns the default temp directory instead.
So it really should go something like this I think: First check if upload_tmp_dir is set. If it is, use it. If it isn't, use sys_get_temp_dir.
Comment #83
cog.rusty CreditAttribution: cog.rusty commentedMakes sense. At least that is what the late http://api.drupal.org/api/function/file_directory_temp/6 used to do.
Comment #84
cog.rusty CreditAttribution: cog.rusty commentedHmm... not really. Looking at http://php.net/manual/en/function.sys-get-temp-dir.php, this function should return PHP's temp directory.
But looking at the comments on the php.net page, it seems either unreliable or easy to misuse.
Comment #85
pwolanin CreditAttribution: pwolanin commentedOk, looks like we should pull that Drupal 6 code forward to Drupal 7.
Comment #86
catchSee also #807622: Fatal error calling sys_get_temp_dir() in installer - pHP 5.2.0 and earlier.
Comment #87
manimejia CreditAttribution: manimejia commentedAlpha 5 will not install for me!!
I have the SAME setup and issue as [#68], and CANNOT get past the install screen. For some reason my Mac's default TMP directory is not writable by the MAMP web server. I understand that there are workarounds such as chmoding the rather cryptic TMP directory, or setting Drupal's "upload_tmp_dir" variable, but workarounds are not solutions.
If "sys_get_temp_dir()" is being used to get this directory, and we cannot install on MAMP because of it, then I really think this is not acceptable code for a Drupal release. Even if we assume MAMP is only used on local dev servers, and not for production, this bug would still cause irritation (at least) for a large number of developers.
IMHO we're back to critical (cause Drupal won't install now, where before it would), and 7.0-alpha5
M.M.
Comment #88
catchResetting version, all bugs are against dev.
Comment #89
manimejia CreditAttribution: manimejia commentedBTW ...
the Drupal variable to set as a workaround is "file_temporary_path", not "upload_tmp_dir" as I stated above. I set this variable in my settings.php file, and all is well.
$conf['file_temporary_path'] = '/tmp';
M.M.
Comment #90
idmacdonald CreditAttribution: idmacdonald commentedWith the latest dev version of D7, I ran into this temp directory problem as well. I couldn't proceed with the install because '/tmp' could not be written to (because of open basedir restrictions). On shared Linux hosting, letting PHP applications use the '/tmp' directory is riddled with security issues. Because of that, on our systems each web account has it's own temp directory. In apache, we have the following PHP variables set:
"upload_tmp_dir" "/var/www/web254/phptmp/"
"session.save_path" "/var/www/web254/phptmp/"
From my perspective, Drupal should use the value of 'upload_tmp_dir' if it's set, then fall back to the value of sys_get_temp_dir(), which hopefully returns a fairly sane result.
In any case, I heeded manimejia's advice and added
$conf['file_temporary_path'] = '/var/www/web254/phptmp'
to my settings.php file in order to allow the installation to proceed.-Ian
Comment #91
pwolanin CreditAttribution: pwolanin commentedHere's a more or less straight forward port of the Drupal 6 code.
Turns out there was a totally pointless test case too.
I now get the MAMP php temp dir on a fresh install:
Comment #92
arianek CreditAttribution: arianek commentedjust testing this and i still has the fail described in comment 68 http://drupal.org/node/551658#comment-2919160
screenshot http://skitch.com/arianek/d8ees/requirements-problem-drupal
Comment #93
arianek CreditAttribution: arianek commentedfwiw yoroy just tested on the same env. and it installed fine, so it seems to be something specific to my setup. booo.
Comment #94
pwolanin CreditAttribution: pwolanin commenteddiscussing with arianek in IRC - I have the same version of MAMP and it works ok, plus it works for yoroy, so I suspect there is something broken in her setup.
Comment #95
cog.rusty CreditAttribution: cog.rusty commentedStrange, why did is_writable() let that directory be selected in the loop and then it was reported as non-writable. Is that a temp name or something.
What does
print ini_get('open_basedir');
say?Comment #96
marcoka CreditAttribution: marcoka commentedwill this file api change be backportet to d6?
Comment #97
cog.rusty CreditAttribution: cog.rusty commentedNo, new APIs and API changes are never backported. But this issue here is only about default settings and file positions.
Comment #98
catchPatch looks good, I don't have a mac to test on but other people do, RTBC.
Comment #99
webchickCool, thanks for this follow-up.
Committed to HEAD, with small adjustment to bootstrap.inc to set our minimum PHP version back down to 5.2.0.
Comment #100
Stevel CreditAttribution: Stevel commentedShouldn't the minimum php version be 5.2.1, as sys_get_temp_dir() does not exist in earlier versions, but it is used in includes/file.inc and modules/system/system.install?
Comment #101
webchickOh, blargh. I thought this reverted all instances of sys_get_temp_dir().
Why are those using sys_get_temp_dir() and not file_directory_temp()?
Comment #102
Stevel CreditAttribution: Stevel commentedin file.inc, it is used in the definition file_directory_temp(), so it certainly shouldn't be replaced by a call to file_directory_temp(), since that would cause an infinite loop. We could add a check to see if sys_get_temp_path() exists before using it to get another potential temp path.
In system.install, it is used in system_requirements. file_directory_temp() can't be used here as it requires a database connection to save the variable file_directory_temp to the database, which is not yet available during the requirements checking phase of the install.
I've included a patch which addresses these issues, but these are rather hacky.
Comment #103
pwolanin CreditAttribution: pwolanin commentedWhy do we even need to check for this during the install? I don't think Drupal 6 does.
Adding the function_exists() call, we can keep the min PHP version back down at 5.2.0, though I'd honestly rather leave it at 5.2.1 to narrow a little the range of buggy PHP versions we pretend to support.
Comment #104
arhak CreditAttribution: arhak commentedIMO sys_get_temp_dir is not a strong reason enough to require 5.2.1, it is just a really minor version
and function_exists with a fallback behavior wouldn't be that bad
Comment #105
Stevel CreditAttribution: Stevel commented@pwolanin: The installer tries to create the directories, and gives an error message if this fails, telling the user to create the directory automatically. This prevents the user having finished the installation and immediately receiving an error message about the temp path.
I agree with arhak on the version. It would be a pity requiring php 5.2.1, but only using the functionality it adds during install.
Comment #106
cog.rusty CreditAttribution: cog.rusty commentedWhy "immediately receiving an error message about the temp path"?
There are always things to configure after installation, when you want to use the feature. In D6 this was one of them.
Comment #107
Stevel CreditAttribution: Stevel commentedI'm not sure why. The private path is not checked (unless it is in settings.php), but the temporary path is. pwolanin changed the private path checking behavior in the patch in #551658-62: Figure out what to do about new private/public file separation, so maybe he knows the rationale behind this?
A guess is that file_directory_temp() might otherwise return a temporary directory which can't be used? There are some remarks about this in the first few comments of this issue.
The temporary stream wrapper is used in includes/updater.inc (update system?). That may be an important difference between the temporary and the private path, which isn't used in core by default.
Comment #108
cog.rusty CreditAttribution: cog.rusty commentedThere is a usability gamble here.
- If everything goes smoothly it is a plus.
- If it fails, the user is given no option except fixing the suggested directory, if possible at all.
- If the user was given an option (a) that would delay a successful installation and (b) would rush the user to take action outside any context that would help to make an informed decision.
Comment #109
pwolanin CreditAttribution: pwolanin commentedI kind of feel as though we should remove the temp directory check from the install requirements for the sake of simplicity. We could leave it in the runtime requirements, for example, so you'd see an error if it's not working, but much Drupal functionality does not need a temp dir so it should not block installation, and almost everyone is going to get a working temp dir with no effort (sorry Ariane).
Comment #110
arianek CreditAttribution: arianek commentedi be cursed! ...will get someone to help me fix it eventually (if it's just me, no point in messing with things!)
Comment #111
arhak CreditAttribution: arhak commented#109 makes sense, and also brings the chance to provide better guidance/help/choices without making the installation process embroiled (as cog.rusty points out @#108)
(that was the reason to leave private directory to post-installation setup)
Comment #112
webchickI love that idea. The fewer glaring red errors during install, the better. ;)
Comment #113
Stevel CreditAttribution: Stevel commentedHere is a new patch based on the comments above. Removed from the requirements at install time, but still in the requirements at runtime. This also removes the need to check for install phase in file_directory_temp.
Comment #114
pwolanin CreditAttribution: pwolanin commentedNot sure about the formatting of the code comment. Otherwise looks good.
Comment #115
Stevel CreditAttribution: Stevel commentedChanged the comment a bit
Comment #116
Stevel CreditAttribution: Stevel commentedAnother comment change, after discussion with pwolanin on irc
Comment #117
Stevel CreditAttribution: Stevel commentedWe still need to include file.inc in the patch.
Comment #118
Stevel CreditAttribution: Stevel commentedAnd get rid of a trailing space in the comment, this should be the last one :)
Comment #119
catchJust "Do not check" is code style I think.
Missing a full stop.
I think it's fine otherwise.
Comment #120
Stevel CreditAttribution: Stevel commentedAnother reroll. My eye fell on some other small code/comment style issues in file_directory_temp, so I'm slightly abusing this patch to fix these as well :)
Comment #121
Stevel CreditAttribution: Stevel commentedComment #122
catchCNR for the bot, looks ready to go when it comes back green.
Comment #123
yoroy CreditAttribution: yoroy commentedrtbc because others said so :)
Comment #124
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks.
Comment #125
arianek CreditAttribution: arianek commentedit lives! i had no idea whether that change would fix my crazy issue, but i just updated to HEAD and my install completed. happyday. :-)
Comment #127
sunhm, these changes created quite some major weirdness, #866756: file_directory_path('private') returns FALSE by default
Effectively, I'm not really sure what the benefit here is.
Before: Drupal installed with a private files directory by default. Modules are able to use that. Users can configure and reconfigure.
After: No private files directory exists by default. Modules should be using what-exactly to store their private files now? Fall back to 'public'? What's the idea behind that? :)
I can understand that, when using advanced/other stream wrappers, it's a module's responsibility to check whether
file_directory_path('awesome')
actually returns something valid to store in, but I absolutely expect and actually have to expect thatfile_directory_path('private')
works at any time.I'm tempted to re-open this issue and request a complete rollback, but we can discuss first.
Comment #128
jrchamp CreditAttribution: jrchamp commentedThe minimum PHP version was set to 5.2.4 in #938614: Downgrade required PHP version to 5.2.4. As far as I can tell, sys_get_temp_dir() is defined in all versions of PHP >= 5.2.1. It would seem that a function_exists() check is wasteful if that situation, but problems were reported in this issue. webchick's comment from http://drupal.org/node/938614#comment-3620386 indicates that a possible Mac OSX issue exists. Now that the minimum PHP version is 5.2.4, has the OSX issue resurfaced?
Comment #129
jonhattanjrchamp: I think the OSX issue is because of directory returned by
sys_get_temp_dir()
is not writable in some scenario. It is addressed byfile_directory_temp()
as it checks if it is writable. So function_exists() is useless, and the comment about 5.2.0 obsolete.Comment #130
Anonymous (not verified) CreditAttribution: Anonymous commentedWell I'm one of the 2%. I'm creating a "private" site and I'm new to Drupal. Where might I find the instructions on how to install this feature as it was eliminated from the "easy install" process?