Fedora and Drupal, Part 2

Now we are going to deploy Drupal core. Most of the installation problems with drupal, come not from dependencies, but from file permissions. You shouldn’t consider my way, as the right one, but as one which is tested and working, with the less complaints from drupal. There might be a better way, a safer one presumably, but I found in blogs various methods that either focus only on a minimum installation, which won’t allow themes and modules installation from within drupal, or sometimes even risky permission alterations which could end to an exploitable vulnerability. Well… I ‘ll be creating some of those as well, so don’t feel safe after following this tutorial. Just test, and test, and keep testing…

Before we start, I test Drupal Core 7.17 in a Fedora Core 17 machine, with SELinux targeted policy enabled. I also find it convenient running the following commands as root, but you can use sudo if you are going to broadcast from the machine you ‘ll be testing.

Ok, lets start. First change the apache root folder permissions like this:

chmod 765 /var/www/html/

If you are going to deploy Drupal core in the apache root subdirectory, create it now. I will create one, “drupal_test”

mkdir /var/www/html/drupal_test

Now, lets download Drupal core. I ve worked with version 7.17 and 7.16 and they both seem to respect the same permissions. I presume the same permissions will be suitable for all version 7 cores. CEither download it manually from the site, or use the commands:

curl http://ftp.drupal.org/files/projects/drupal-7.17.tar.gz | tar zx -C /var/www/html/drupal_test --strip-components=1

This is part of a script of mine, so i usually embed this system call. If you dont have curl, just donwload the tarball, extract its contents, and paste the extracted subfolders to the folder you intend to use as drupal root folder. Notice the “–strip-components=1” argument which will strip the first level of parent directory of your downloaded tarball. Now, change the owner for all the folders and files of drupal folder, to the one, you ll be using to write and modify your drupal site. Let’s call him “drupalfreek”:

chown -R drupalfreek.drupalfreek /var/www/html/drupal_test/

We also need to change the ownership of the modules and themes folder, so you can download any theme or module from within drupal, just by pasting its url. For this, you ll need to find out the username your apache service uses. In FC17 and some RedHat machines it is “apache”. If you ‘re not sure, just try this:

echo "<?php phpinfo(); ?>" > /var/www/html/info.php

visit from your browser the page localhost/info.php, look for the section Configuration apache2handler and beside the User/Group you ll find the username of your apache service. Of course you should delete it as soon you find out the apache user, or you could initially create a random page, like this:

echo "<?php phpinfo(); ?>" > /var/www/html/random0ada0sfadfww0rw4251w651fsd.php

and visit this instead. But i presume, you know some basics about apache and php already. Now lets change some ownerships and permissions:

chmod -R 770 /var/www/html/drupal_test/sites/all/modules
chmod -R 770 /var/www/html/drupal_test/sites/all/themes
chown -R apache /var/www/html/drupal_test/sites/all/modules
chown -R apache /var/www/html/drupal_test/sites/all/themes

The above permissions, will give full access to the apache service and your user, to these folders, however, unless you intend to do something tricky or you are concerned about security, perhaps you would want to try “660” permissions, so that no executables can be run. Next we go the sites/default directory and we make some modifications, necessary for the drupal installer to run successfully.

cd /var/www/html/drupal_test/sites/default/
cp default.settings.php settings.php
chown $username.apache settings.php
chmod 660 settings.php
install -d -m 775 -g apache files

Above, we created the settings.php file, necessary for the drupal installer, we gave to it read and write access for the apache service and we also create a folder files for which drupal, tends to whine a lot with full access for the apache. Next we move one level up and we change ownership for default folder for apache:

cd ..
chown apache.apache default/

That’s about it. The only thing before you run the drupal installer, left to do, is to created a mysql database. These settings, for me, gave no error with drupal. You can at least use them for a testing site, where there no security issues, having a fully operationa drupal site, to test and build.

Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: