Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I can not figure out what Drupal 6 did to these files. I was testing Drupal 6, decided to uninstall it. These are the only two files I am unable to clean up. Most annoying.
I have installed / reinstalled / removed Drupal 5.x many times, and have not run into this sort of thing with Drupal 5.x.
u40009095:~/sites/test.org/www/sites/default > ls -al
total 24
dr-xr-xr-x 2 u4000909 ftpusers 4096 Jul 18 07:43 .
drwxr-xr-x 3 u4000909 ftpusers 4096 Aug 31 21:58 ..
-rwxrwxrwx 1 u4000909 ftpusers 6418 Jul 27 11:03 default.settings.php
-rwxrwxrwx 1 u4000909 ftpusers 6430 Jul 18 07:43 settings.php
u40009095:~/sites/test.org/www/sites/default > rm -f *
rm: cannot unlink `default.settings.php': Permission denied
rm: cannot unlink `settings.php': Permission denied
u40009095:~/sites/test.org/www/sites/default >
Comments
Comment #1
JirkaRybka CreditAttribution: JirkaRybka commentedHow about permissions on the directory 'default'?
Comment #2
mdlueck CreditAttribution: mdlueck commentedNot sure anymore... I contacted tech support at my hosting provider to get the files blown away as I was thinking to install Drupal 5.2 on this domain again. Sorry.
I guess I could do a test installation of Drupal 6 current again and see if it happens again.
Comment #3
JirkaRybka CreditAttribution: JirkaRybka commentedAnother tip, just to say all I have: If unable to access as root user (remote hosting), I usually remove such files with small temporary php scripts. If the file was created by user Apache (Drupal), then it's easiest to remove also as user Apache. There are quite a few useful scripts around the web, somewhere I even found automated php-tool for whole directory-tree removal.
As for Drupal 6, I also see a problem on my local machine: The file settings.php is created by Drupal (from default.settings.php), so owner of the file is Apache process, and I'm unable to delete it. Testing the install process multiple times, I removed temporarily by renaming parent directory and create new one, later logging in as root user and cleaning up... But this seems to be a different issue, and is no bug - the file SHOULD be protected due to security matters.
Comment #4
mdlueck CreditAttribution: mdlueck commentedIn our case, the file seems to be owned by our userid at the hosting provider.
Good thought on rigging a method to have Apache delete the "undeletable" files. I will give that a try.
Except in this case both files seem to be under our userid's ownership: u40009095. (shrug)
I will plan on setting up Drupal 6 soon, see if it happens again, etc... If it does, it is a rather nasty difference between Drupal 5 and Drupal 6, and likely to become a support nightmare of sorts.
Comment #5
mdlueck CreditAttribution: mdlueck commentedReinstalled, same thing, can not delete those two files...
The as-is perms are as follows:
I changed the perms on the files, still can not delete them...
So, it seems to be a Drupal 6 thing. Most annoying! ;-)
Comment #6
royal007 CreditAttribution: royal007 commentedi also thought i would try out drupal 6 and now can not delete these 2 files. i changed all permissions and it still says permission denied when i try to delete the files. i have managed to change the directory names, but those 2 files still can not be delete. any idea how i can do this? thanks
Comment #7
JirkaRybka CreditAttribution: JirkaRybka commentedLooking at the listings above, I noticed that the 'default' directory itself is not writable (which really IS attempted to set this way in the code!), so you should probably CHMOD also the 'default' directory, not only just files inside.
In my case, unfortunately, I'm not owner of the file 'settings.php' (owner is Apache = Drupal scripts), so I can only remove it as root user, or via small php-script.
Comment #8
VM CreditAttribution: VM commentedUsing a hosts admin panel, or file manager they delete fine.
I'd have to test this again, but It seems they delete, if the DB tables are removed first.
Comment #9
JirkaRybka CreditAttribution: JirkaRybka commentedI can't find the source of this anymore, but still have the helper script on my system:
Just edit the path to match your system, place the whole inside some .php file, and open it from browser - it removes directories as Apache user, so will be able to remove what you can't (and vice versa). After use, immediately remove this .php file!
Comment #10
mdlueck CreditAttribution: mdlueck commentedJirkaRybka: You seem to have noticed the critical thing...
SUCCESS!!!
I will do one more test install to make sure it really works. Stay tuned...
Comment #11
mdlueck CreditAttribution: mdlueck commentedI just did a test install of Drupal 6 Beta 1 and indeed the above workaround solves the cleanup problem. Maybe it belongs in an FAQ somewhere???
Comment #12
eferraiuolo CreditAttribution: eferraiuolo commentedmdlueck, that worked for me... I was having the same issues people were talking about here.
Comment #13
annsera CreditAttribution: annsera commentedI think some of the information herein isn't exactly correct.
mdlueck and others who are able to issue chown or chgrp from the command line directly are doing so with some kind of super-user power, or are at least using a user that is in the same group as the file. Note that it's possible that the shell access program was given high privileges or web server group privileges.
MisUnderstood says that it can be done from the file manager at cpanel (I'm paraphrasing), but that's true only if the hosting service gave super-user or at least web-group privileges to that file manager application (not unlike mdlueck getting those privileges when logging in for shell access).
Then, mdlueck uses a program that focuses on removing a directory that has hidden files. The "hidden files" part is only one aspect of what is happening here, the program will still run under the privileges of whomever ran it. If the program is running under apache, then it usually runs as user "nobody" and user "nobody" is typically given very few file system privileges.
Bottom line: I think you folks have found 3 ways that your hosting services have let you exploit SU or www-group privileges you probably shouldn't have been able to access. The rest of us might be left with undeletable files.
I'm working on a solution, but right now, I think this is a valid bug in 6.
Comment #14
mdlueck CreditAttribution: mdlueck commentedThank you.
As our hosting provider is a large one, I assume they lock down the SSH accounts as best they can. I dare say we are not running around with group "nobody" or the like. Also they seem to utilize a multi-tear hosting architecture. The box we SSH/FTP to is a different one than Apache sits on. (Different kernel string and version).
If we did not have a package with SSH (*gasp!!!*) then I assume using an FTP client to manually adjust the perms of files to 0777 would be equally successful.
BTW: If you untar the Drupal installation files on the server and them "rm -rf" it will successfully delete all of the files. Just when the installer has been run, and the installer modifies the perms of files in the sites/ directory.
All files show up as being owned by our SSH ID. Even when we unpack the Drupal tar file, the server sets our ID as the owner of the files.
Comment #15
mdlueck CreditAttribution: mdlueck commentedI just noticed one error in what you wrote. I issued a chmod, not chown / chgrp.
Comment #16
Anonymous (not verified) CreditAttribution: Anonymous commentedShouldn't this be a bug report? If the install system creates a directory or file then there needs to be an uninstall system to remove them since the owner of those files ends up being the web server user and as is being discussed there might be some users who would be left with the inability to easily remove all of the package.
Comment #17
Anonymous (not verified) CreditAttribution: Anonymous commentedAnd it then becomes an install system issue.
Comment #18
mdlueck CreditAttribution: mdlueck commentedRefer to comment #15...
I did not chown / chgrp. I was still the owner of the files in question.
Comment #19
Anonymous (not verified) CreditAttribution: Anonymous commented@mdlueck: I don't understand what you're trying to say. If the web server creates the directory then the directory is owned by the web server user. If I as web administrator then try to remove the entire installation then that directory isn't removable by me without becoming root. If I can then there is a bug with the OS or there is some privilege given to the web administrator that isn't normal.
Comment #20
cburschkaNope. Some hosts (Dreamhost, for example) run PHP as the normal user, not the Apache user. All files PHP then creates are owned and removable by the normal web admin.
Comment #21
Anonymous (not verified) CreditAttribution: Anonymous commented@Arancaytar: Some !== all. The issue still exists.
Comment #22
cburschkaBut the behavior described by mdlueck is expected assuming that his server is configured like I said. This does not solve the issue, but it does explain what you did not understand in #19.
Comment #23
Anonymous (not verified) CreditAttribution: Anonymous commented@Arancaytar: Sorry, I thought you were putting up an argument by beginning with
I understand what you were trying to tell me now.
Comment #24
mdlueck CreditAttribution: mdlueck commented@Arancaytar: My hosting provider does run PHP as a CGI, and they give a choice of 4.x or 5.x I am guessing by the fact that they run it as a CGI that is even an option.
From time to time at another provider one client was hosting at, files ended up root:root from time to time, and it was necessary to work through those issues with the hosting support people. This provider did run Apache as a mod. Maybe the difference is that our current provider does run it as a CGI rather than an Apache mod.
Comment #25
chx CreditAttribution: chx commentedYou basically need to figure out how you can remove webserver created files -- ask your ISP. This is not a bug.
Comment #26
Anonymous (not verified) CreditAttribution: Anonymous commentedNo! If Drupal creates the file system then Drupal needs to remove it with an uninstall Drupal option. Also, in that uninstall option all (core and contrib) Drupal database tables created need to be removed.
Comment #27
Anonymous (not verified) CreditAttribution: Anonymous commentedI agree that it isn't a bug, per se, it is more a feature request.
Comment #28
Kit_Hally CreditAttribution: Kit_Hally commentedset all to full permission site file and one by one whats in it then set default and settings php to 0755 and you can remove all of it one by one then when its empty worked your way back can delete the main one
worked for me
Comment #29
gpk CreditAttribution: gpk commentedFeatures definitely (and bug fixes, in the first instance, for that matter) go in 7.x.
TBH the bigger problem is usualy the files directory, if subdirectories are created and owned by the Apache process you may not be able to remove them without either webhost intervention or a helper script.
Comment #30
krizak CreditAttribution: krizak commented0755 works fine also for me, thx :-)
hosting: web4u.cz
http://www.krizak.cz/phpinfo.php
Comment #31
ximo CreditAttribution: ximo commentedNow that this is a feature request.. what about including an uninstall.php (for superuser only, like update.php) that completely removes Drupal from the webserver? One could even select which parts to keep, such as the /sites directory or the database tables. That would make it a breeze to uninstall Drupal. Or is this a horrible suggestion with regards to security?
Comment #32
Anonymous (not verified) CreditAttribution: Anonymous commentedximo: Sounds like the correct way to go. I would suggest that symlink paths not be followed but the symlink removed. I would also suggest that only the default DB connection tables be removed and not named DB connections.
Comment #33
jonfhancock CreditAttribution: jonfhancock commentedThis is broader than just uninstalling.
This is a bug with the Drupal 6 installer.
Since settings.php is owned by nobody, and read only. I can't edit it at all, either via SSH or a web interface.
So, say I want to install bjaspan's Persistent Login module. I have to edit session.cookie_lifetime to 0 in settings.php. That is not possible now, because I can't edit settings.php without getting tech support involved (I'm sure they're going to love that).
Also, the status report complains that sites/default/files is not writable. Unfortunately, since I don't own that directory, I can't change the perms. Then I have to go back the old school method of a files directory in the document root.
Seriously though, Drupal creates these files and folders in an effort to make installation easier for the average user. I can get around this, but the guy who walked off the street and decided to try Drupal probably can't.
This was a great idea, and is not a problem on dedicated servers, but for a shared hosting environment (and let's face it, that's the majority), this is a nightmare.
This doesn't need to be put off for 7.x, it needs to be fixed in 6.
Comment #34
mdlueck CreditAttribution: mdlueck commentedjonfhancock: Your battle stories are much worse than mine! I think it will be a long LONG time before I think about moving from my current hosting provider! They run PHP as a CGI, and support two PHP versions - PHP 4.x by default, and you can specify PHP 5.x for the entire site.
At another provider that ran PHP as an Apache mod, I kept running into files that I could not delete. It has been a while, but I think certain files ended up root:root. (head shaking) NO GOING BACK! ;-)
Comment #35
magicflea CreditAttribution: magicflea commentedI'm hosted at 1and1. I am new at Drupal and the entire LAMP thing. I am experimenting with Drupal and got to the point of removing the installation and re-installing (from scratch) only to be unable to delete the settings.php file. As pointed out by at least one person, I temporarily changed the permissions of the default folder to 755 and then I was able to delete the settings.php file. All is well now and I have a clean new installation with a new database.
Comment #36
ximo CreditAttribution: ximo commented@ jonfhancock #33:
You're right - there are modules that require you to alter the settings.php file, so this is beyond simply deleting the files. But this is also beyond fixing in D6. It would require a rewrite of the installation process into what we had in D5, which would be a step back in terms of usability. For D7 is possible, but I hope we can find another way to solve this..
@ magicflea #35:
I don't think what you describe will work for everybody. You would have to be able to chmod (change permissions of) the
default
folder, and a lot of shared hosts simply won't let you do that. Still, we should document this as a possible solution in the handbooks - if it's not already there?Comment #37
Joining CreditAttribution: Joining commentedSettings.php does not delete, even if I CHMOD sites or default folder to 755, settings.php still won't delete.
Comment #38
Anonymous (not verified) CreditAttribution: Anonymous commented@Joining: If you don't own settings.php (probably owned by the Apache user) then you need to
chmod 777 sites/default/settings.php
to give full privilege to the file. Then you should be able to remove it.Yes, there are other ways to do it; but we are really interested in just getting rid of the file.
Caveat: I am assuming that you have standard UNIX ACL and there are not added security features that may also prevent you from removing a file.
Comment #39
gpk CreditAttribution: gpk commentedAnd if settings.php *is* owned by the webserver process you will probably need to use a PHP script (which would run with the user ID of the webserver/PHP user) in order to change the permissions on it (only the owner or root can chmod a file). (The other option is to ask your webhost for assistance.)
Create a new file called e.g. fixsettings.php something like this:
(or 0777) and visit www.example.com/sites/default/fixsettings.php. Or you might be able to use a PHP-based command line emulator like this http://mgeisler.net/php-shell and then run "chmod a+w settings.php" from the prompt.
Comment #40
tedece CreditAttribution: tedece commented#9 Thanks a lot !
Comment #41
catchMarking as duplicate of http://drupal.org/node/225880 which should fix this issue for new installs.
Comment #42
pwolanin CreditAttribution: pwolanin commentedSee also these PHP snippets which can be used: http://drupal.org/node/34028
Comment #43
mrgoltra CreditAttribution: mrgoltra commented@7 works.
Comment #44
discursives CreditAttribution: discursives commented#7 also worked for me. I have had several issues with this over time.
It is counterintuitive to think that changing the permissions, recursivel, on the parent directory, would then effect the permissions on the included files, when changing the permissions on those files directly fails. Nevertheless it does.
Example:
(in directory mysite.com)
chmod 0777 settings.php
rm -rf settings.php *fails*
from www (above sites folder)
chmod -R 0777 sites
cd sites/mysite.com
rm -rf settings.php *success*
Comment #45
brianbrown CreditAttribution: brianbrown commentedHi!
I am using Bluehost/Hostgator. I have discovered that if you login to your site using SFTP/SSH (I am using either FileZilla or WinSCP), you CAN change permissions that are denied using regular FTP.
I hope that this helps someone.
Regards,
Brian Brown, Ph.D.
brian(at)brianbrown.net
Comment #46
ramones79 CreditAttribution: ramones79 commentedYou can edit or delete these files using your cPanel's Legacy File Manager
Comment #47
ChrisStumph CreditAttribution: ChrisStumph commentedYeah, very weird.
777 did not work for me.
755 did. *scratches head*
Comment #48
nihonsei CreditAttribution: nihonsei commentedI wasted around 2 hours to delete 'sites folder'. Finally, I have got a solution.
Need to follow these steps or contact to your Rental Server Provider.
Step 1. Create or install any new php applicaton in root or in a sub-directory. (In my case, I installed counter application through control panel (C-Panel) provided by my server provider.
Step 2. Re-login to FTP or refresh (F5) FTP.
Step 3. Delete sites folder.
If site is hosted on Bluehost:
Step 1. Give 777 permission to sites folder and subfolders.
Step 2. Delete sites folder.
Nihonsei
Comment #49
wbzial CreditAttribution: wbzial commented@7 worked for me
Comment #50
mjlF95 CreditAttribution: mjlF95 commented#7 worked for me too (needed to change permissions on default folder). Thanks!
Comment #51
bevanr01 CreditAttribution: bevanr01 commented#39 was a lifesaver! Thanks!
Comment #52
psych0hans CreditAttribution: psych0hans commented@7 That worked perfectly for me... Cheers!!!
Comment #53
jedaffra CreditAttribution: jedaffra commented#39 worked great for me! Thanks!
Comment #54
psych0hans CreditAttribution: psych0hans commentedI managed to do it using filezilla by checking the "apply settings to all directories and files" and then deleting using filezilla.
Comment #55
Charles51 CreditAttribution: Charles51 commentedIf you are just trying to update the contents, you will find that using your File Manager provided by your ISP the easiest solution is to edit the contents, rather than deleting and replacing.
Comment #56
dibya CreditAttribution: dibya commentedit is working perfectly to me otherwise I was struggling
Comment #57
flexiblemirror CreditAttribution: flexiblemirror commentedJust started using D7 and my first istallation used the 'default' folder. Then I learned about multi site and created my 'example.com' folder where I installed the site again. Not needing the 'default' folder contents anymore I deleted it (apart of default_settings.php) but realised there not all is gone. An empty 'files' folder and 'settings.php' were still there, playing with permissions did not help. I went into searching drupal.org and unfortunately came across various threads related to D6 and Apache ownership of the files. This confused me even more. Ultimately it was the 'default' folder permissions that had to be altered, not just the permissions of files inside AS SUGGESTED BY #7
If you are using Drupal 7 it is likely this is your solution so don't waste time like I did :)
Comment #58
annam CreditAttribution: annam commentedI had the same problem, very frustrating. I managed to delete the drupal folder from the c-panel by usling the Legacy File Manager - using this method also allows you to delete the file from "trash". It worked for me, good luck.
Comment #59
j-dh CreditAttribution: j-dh commentedc-panel, Legacy File Manager worked for me too. Thanks, annam, for the tip!
Comment #60
alexdb CreditAttribution: alexdb commentedty! it worked!!! @39
Comment #61
cinetik CreditAttribution: cinetik commentedHi there,
Haven't bee through the whole threads list, but giving 777 to the whole sites/ directory including subfiles, then deleting files/directory worked for me.
Cheers.
Comment #62
Seroslav CreditAttribution: Seroslav commentedHi, I'm not a programmer but programming noob.
If this solution works as You write, can You write step by step where and how to put it?
"u40009095:~/sites/test.org/www > chmod -R 0777 sites/
u40009095:~/sites/test.org/www > rm -rf sites/
u40009095:~/sites/test.org/www >"
I tried Drupal 7.22 but the problem is exactly the same and now I'm blocked, I cannot delete files, I cannot instal Drupal.