CiviCRM Community Forums (archive)

Hello, I'm installing CiviCRM from scratch as follows:

CiviCRM Version 2.1.beta6 Drupal PHP5
Ubuntu 8.04.1, Drupal 6.4, MySQL 5.0.51a, PHP 5.2.4-2ubuntu5.1

I am serving all files from my server over https.

On the CiviCRM Installer page (https://<drupal>/sites/all/modules/civicrm/install/index.php), one of the errors I get is as follows:

Is the sites/default folder writeable?

The user account used by your web-server - www-data - needs to be granted write access to the following directory in order to configure the CiviCRM settings file:
/var/www/drupal/sites/default

I'm not sure how to make the directory writeable (I must confess that most of my experience is in Windows rather than Linux).

I have tried:

sudo chown -R www-data:www-data /var/www/drupal/sites/default

followed by restarting ubuntu, but without success: the error message still appears.

Thanks for your help

Michael

I'm still on Drupal 5.x so I can't be 100% sure, but if this is a new Drupal 6 install. I think it is trying to create the "Files" folder under "drupal/sites/default" This is where Drupal uploads files that you create (images whatever). After "Files" is created I don't think that "drupal/sites/default" will have to be writable anymore. but the "Files" folder will be.

Since "drupal/sites/default" can also contain your added modules you would not generally want it to be writable after the install in complete.

The automatic creation of this folder (If missing) is a new feature in Drupal 6. Previously it just gave a msg asking you to create it.

Thank you both. I've learned a little about chown and chmod - as I understand it, only chmod affects permissions, so I was on the wrong track with chown. (I have re-run chown so www-data is no longer the owner).

You might actually want to keep www-data as the owner, as…

sudo chmod 777 /var/www/drupal/sites/default
sudo chmod 777 /var/www/drupal/sites/default/files

…this means both these directories are now world-readable and -writeable (i.e., any user on the system can read from and write to them). A better option would be to make the directories owned by www-data and make sure they’re readable and writeable by their owner.

Once the installation is complete, do you have any advice for what should I do to roll it back?

Will it be sufficient to remove write rights for the www-data user? Would it be advisable for security to remove write rights for everyone by running chmod 555 on the folders?

Definitely. If you want the most security, I’d go with something like the below (NOTE: NOT TESTED ON AN ACTUAL INSTALL):

sudo chown -R www-data:www-data /var/www/drupal/sites/default
sudo chmod u=rx,g=rx,o= /var/www/drupal/sites/default
sudo chmod u=rwx,g=rwx,o= /var/www/drupal/sites/default/files
sudo chmod u=r,g=r,o= /var/www/drupal/sites/default/*.php

i.e., make the www-data user and group the owner, make the default directory and the PHP config files in it readable only by www-data, and make the files subdirectory readable and writeable only by www-data.