Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.The reason it is more complicated when you need to upload files and/or images is because you are now operating the web server in a different way.
With standard HTML only Drupal configuration, Drupal is not creating any files on the web servers filesystem. When in that mode it runs like a standard web site - all the web server needs to do is read the files, it doesn't need to write anything. All the content you submit to the site is going into the database not the filesystem.
But to be able to upload files or images through the Drupal interface, now Drupal needs to be able to write files to the filesystem on the server.
This gets tricky because most of the time you don't want the webserver to be able to write files into your site directory. Just think what would happen if someone exploited a vulnerability in someone else's website on that server - they could now overwrite any of your website files very easily. Just think what you could get up to just by uploading PHP files if other peoples sites had wide open write access - no don't try this.
So generally web servers aren't allowed to write files in peoples websites. If you do want Drupal to be able to write files into a subdirectory - you will have to manually weaken the filesystem security to make it work.
This isn't a Drupal issue - any code (eg PHP, Perl, Python etc etc) run by the web server will need those permissions weakened if they are to be able to write files to part of your web directory.
You may also run into upload filesize problems that require changing settings like: memory_limit, post_max_size, upload_max_filesize etc. These settings are there to limit what any one website can do to overload the server. If these are too high, it allows one site to completely tie up the server causing trouble for all the other sites.
It's all just the nature of sharing a server with lots of other people. There will be security and resource limits put in place to stop a badly behaved user causing trouble for the others.
Your webhost is trying to strike a balance between ease of use and security. Different webhosts will draw the line in different places - that is why it is impossible to write detailed docs that cover all situations.
