Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Following a discussion with chx, it seems it could be an interesting addition on the checklist (currently at admin/logs/status) to check whether the server is allowed to write its own directories.
Such writing needs to be allowed to the files area, but is probably not useful elswhere.
It might also be checked during the install.
Comments
Comment #1
chx CreditAttribution: chx commentedadmin.module is gone for quite some time now.
Comment #2
PasqualleComment #3
cafuego CreditAttribution: cafuego commentedThe installer will not currently not allow the user to continue if the files/ directory and settings.php aren't writeable.
As for writing elsewhere, I don't think you can or should check each subdirectory for write permission. It'll take a while and in some cases (say a shared host with suPHP) it might not be possible for the user to make other directories not writeable.
Perhaps a "security check" contrib module that checks whether there are any writeable files or directories (that shouldn't be) is a better idea.
Comment #4
chx CreditAttribution: chx commentedNot every subdir. If we can write modules/node, I bet we can write modules/user.
Comment #5
fgmWow, things changed a lot since 2007 !
These days, one symptom I often notice in dev environments is the case of mixed drush/web work with improper perms, where some files under sites/(site)/files/* are not writable by the web host because someone ran a drush command which created improperly permissioned files which the web version can no longer modifiy/remove, like image(cache) derivatives or aggregated JS/CSS files.
And the sites directory/settings.php writable in such situations is still altogether too common after initial install, for much the same reasons.