On Wed, May 4, 2011 at 7:38 PM, Gordon Messmer yinyang@eburg.com wrote:
On 05/04/2011 12:49 PM, Johan Martinez wrote:
Thanks for the suggestions Richard and Kenneth. I installed drupal here and it requires user running apache to have write access on filesystem. Otherwise it complains: 'The directory sites/default/files is not writable'. The content editors/developers need write access to theme/pictures folders. So it seems like I can't avoid giving write access to apache user. Any hacks or tips here?
Tip 1: Your files and directories can have different permissions. Rather than your original setup, try:
chown -R apache:contenteditors /var/www/html find /var/www/html -type f -exec chmod 0464 {} + find /var/www/html -type d -exec chmod 2575 {} +
or:
chown -R apache:apache /var/www/html find /var/www/html -type f -exec setfacl -m g:contenteditors:rw {} + find /var/www/html -type d -exec setfacl -m g:contenteditors:rwx {} +
Tip 2: Don't install drupal in /var/www/html. Generally, /var/www/html should be used only for static content. Web applications should be installed outside the document root to prevent a misconfiguration from allowing remote clients from downloading files that might contain configurations, passwords, or other sensitive information. See the rpm packaged drupal for an example of how this is done.
Tip 3: If your application says that it needs write access to "sites/default/files", then add write access only for that directory. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks for the suggestions everyone. I am using following config for now.
* Moved drupal install outside document root and used alias for the namespace mapping. * Filesystem ownership: apache:contenteditors * Filesystem permissions: u=rx, g=rwx, group with sticky bit set. Exception of 'sites/default/files' on which apache has write permissions.
jM