Index: includes/file.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/file.inc,v
retrieving revision 1.226
diff -u -p -r1.226 file.inc
--- includes/file.inc	22 Aug 2010 13:52:58 -0000	1.226
+++ includes/file.inc	30 Aug 2010 16:46:05 -0000
@@ -826,6 +826,23 @@ function file_unmanaged_copy($source, $d
 }
 
 /**
+ * @todo Document
+ *   Consolidate and summarize the wisdom from http://drupal.org/node/225880
+ *   and http://drupal.org/node/418302 to explain what we're checking here.
+ *
+ * @todo
+ *   This doesn't handle stream wrapper URIs?
+ *
+ * @param $source
+ *   A source file or directory.
+ * @param destination
+ *   A destination file or directory. This must already exist.
+ */
+function file_safe_to_copy($source, $destination) {
+  return fileowner($source) == fileowner($destination);
+}
+
+/**
  * Given a relative path, construct a URI into Drupal's default files location.
  */
 function file_build_uri($path) {
Index: includes/install.core.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/install.core.inc,v
retrieving revision 1.27
diff -u -p -r1.27 install.core.inc
--- includes/install.core.inc	22 Aug 2010 15:31:18 -0000	1.27
+++ includes/install.core.inc	30 Aug 2010 16:46:05 -0000
@@ -1550,7 +1550,7 @@ function install_check_requirements($ins
     $exists = FALSE;
     // Verify that the directory exists.
     if (drupal_verify_install_file($conf_path, FILE_EXIST, 'dir')) {
-      // Check to make sure a settings.php already exists.
+      // Check if a settings.php file already exists.
       $file = $settings_file;
       if (drupal_verify_install_file($settings_file, FILE_EXIST)) {
         // If it does, make sure it is writable.
@@ -1569,6 +1569,23 @@ function install_check_requirements($ins
         'description' => st('The @drupal installer requires that the %default-file file not be modified in any way from the original download.', array('@drupal' => drupal_install_profile_distribution_name(), '%default-file' => $default_settings_file)),
       );
     }
+    // If default.settings.php is readable and settings.php does not exist yet,
+    // we can try to copy it.
+    // @todo We should probably be using something like file_unmanaged_copy($default_settings_file, $settings_file, FILE_EXISTS_ERROR))
+    //   here, but it doesn't work at the moment.
+    elseif (!$exists && drupal_verify_install_file($conf_path, FILE_EXIST|FILE_WRITABLE, 'dir') && @copy($default_settings_file, $settings_file)) {
+      // If the copy was successfully performed and safe to do, make sure the
+      // settings file is writable.
+      if (file_safe_to_copy($default_settings_file, $settings_file)) {
+        $writable = drupal_verify_install_file($settings_file, FILE_READABLE|FILE_WRITABLE);
+        $exists = TRUE;
+      }
+      // If the file copy was not safe, delete the settings file; the user will
+      // have to create it on their own.
+      else {
+        file_unmanaged_delete($settings_file);
+      }
+    }
 
     // If settings.php does not exist, throw an error.
     if (!$exists) {
Index: modules/update/update.manager.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/update/update.manager.inc,v
retrieving revision 1.24
diff -u -p -r1.24 update.manager.inc
--- modules/update/update.manager.inc	29 Jul 2010 02:27:43 -0000	1.24
+++ modules/update/update.manager.inc	30 Aug 2010 16:46:05 -0000
@@ -416,7 +416,7 @@ function update_manager_update_ready_for
     // trying to install the code, there's no need to prompt for FTP/SSH
     // credentials. Instead, we instantiate a FileTransferLocal and invoke
     // update_authorize_run_update() directly.
-    if (fileowner($project_real_location) == fileowner(conf_path())) {
+    if (file_safe_to_copy($project_real_location, conf_path())) {
       module_load_include('inc', 'update', 'update.authorize');
       $filetransfer = new FileTransferLocal(DRUPAL_ROOT);
       update_authorize_run_update($filetransfer, $updates);
@@ -593,7 +593,7 @@ function update_manager_install_form_sub
   // trying to install the code, there's no need to prompt for FTP/SSH
   // credentials. Instead, we instantiate a FileTransferLocal and invoke
   // update_authorize_run_install() directly.
-  if (fileowner($project_real_location) == fileowner(conf_path())) {
+  if (file_safe_to_copy($project_real_location, conf_path())) {
     module_load_include('inc', 'update', 'update.authorize');
     $filetransfer = new FileTransferLocal(DRUPAL_ROOT);
     call_user_func_array('update_authorize_run_install', array_merge(array($filetransfer), $arguments));