By kewlguy on

I am trying to locate ONLY the files directory outside of the drupal directory.

It is my understanding that it is more secure to store ones files 'outside' of public_html so this is what I am attempting to do.

EXAMPLE: Files in home/~user/files versus home/~user/public_html/sites/www.example.com/files or home/~user/public_html/DrupalFolder/sites/www.example.com/files

Can this be done? I am somewhat of an experienced user of drupal and have my own web host manager as well as my own cpanel for my domain account. I can use SSH, not real well, though, I can create symbolic links etc.

At the moment I am developing a couple of websites off of one drupal 6.8 code base and have had little difficulty operating the sites with exception of having my uploaded files that are stored outside of my drupal directory DISPLAYED...sigh! Sorry for screaming.

Anyone have any ideas of how I may accomplish this.

Categories: Drupal 6.x

Comments

cog.rusty’s picture

cog.rusty commented

Files stored outside the web root don't have an URL, so they can't be accessed directly from the web.

If you use a symlink from inside the web root to access them, then they obtain an URL and become accessible from the web, which makes the whole thing meaningless.

By using Drupal's "private downloads" method in admin/settings/file-system, drupal can access the files internally and *conditionally* supply them with a virtual URL of the form system/files/file-name, depending on drupal permissions. Of course that has a processing cost.

When using "private downloads", you can set the file path to /home/~user/files, or /home/~user/files/site-alias if you have many sites. These paths won't be accessible from the web, but the virtual path system/files will be.

kewlguy’s picture

kewlguy commented

Thank you for your clear and effective explanation on the files outside of drupal directory folder.

Here is where I went to find out exactly how to change the setting for 'download method' http://drupal.org/node/22240

My problem now, lol, is that the check boxes are gone from the admin/settings/file-system page....sigh!

So, now I have two choices

1) go into the database through my phpadmin and change the setting myself, as well as, to follow the steps in this article http://drupal.org/node/344806 to ensure that the paths are set correctly on my files.

2) Chase down which module has eliminated the setting 'display' for me, without my knowledge, and make a report in the applicable module issue que. I know that the download method is set to 'public' from my admin/reports/status page results.

I have done much research on the many file modules looking for a decent combination of security as well as ease of use, though I admit, I am a user not a developer of any kind.

My site has ended up with many modules that influence file uploads, being that it is a development site with no user data, you would be welcome to look around 'as an admin' though not as user 1, if you like.

FYI - Here is what I see in my admin/reports/status page:
Drupal 6.8
Access to update.php Protected
Array Array
Configuration file Protected
Cron maintenance tasks Last run 18 hours 30 min ago
You can run cron manually.
Database updates Up to date
Drupal core update status Up to date
File system Writable (public download method)
Flowplayer 3.0.2
GD library bundled (2.0.34 compatible)
IMAP Enabled
Mailhandler requires that PHP's IMAP extension is enabled in order to function properly.
Module and theme update status Out of date
There are updates available for one or more of your modules or themes. To ensure the proper functioning of your site, you should update as soon as possible. See the available updates page for more information.
MySQL database 5.0.51a
PHP 5.2.8
PHP memory limit 96M
PHP register globals Disabled
Performance logging APC Disabled
Performance logging on live web sites works best if APC is enabled.
Performance logging APC memory size
APC has been configured for , which is less than the recommended 48 MB of memory. If you encounter errors when viewing the summary report, then try to increase that limit for APC.
RDF library ARC2 2008-11-18
SimplePie Parser Installed correctly
The current installed version of SimplePie is 1.1.3
Unicode library PHP Mbstring Extension
Update notifications Enabled
Web server Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 PHP/5.2.8 mod_perl/2.0.4 Perl/v5.8.5
XSPF player Installed
jQuery UI 1.6rc2
jQuery Update 1.2.6

** The above report 'confirms' that the setting is 'public'.

In researching the file upload and downloads dream I have ended up with many modules related to files in my site.

FYI: Here is my module list from the updates page.
Drupal core
Up to dateok
Drupal 6.8
Includes: Aggregator, Block, Blog API, Book, Color, Comment, Contact, Database logging, Filter, Forum, Help, Menu, Node, OpenID, PHP filter, Path, Ping, Poll, Profile, Pushbutton, Search, Statistics, Syslog, System, Taxonomy, Throttle, Tracker, Trigger, Update status, Upload, User
Modules
Up to dateok
ACL 6.x-1.0-beta2
Includes: ACL
Up to dateok
Active Tags 6.x-1.1
Includes: Active Tags, Active Tags Popular
Up to dateok
Advanced help 6.x-1.1
Includes: Advanced help
Up to dateok
AHAH helper 6.x-1.0
Also available: 6.x-6.x-dev (2008-Nov-20)
Includes: AHAH helper
Up to dateok
Backup and Migrate 6.x-2.x-dev (2008-Sep-29)
Includes: Backup and Migrate
Update availablewarning
Bitcache 6.x-1.0-alpha2
Recommended version: 6.x-1.0-alpha3 (2008-Dec-01)
Includes: Bitcache
Up to dateok
Blockquote 6.x-1.0
Includes: Blockquotes
Up to dateok
Bookings API 6.x-1.0-alpha1
Includes: Bookings API
Up to dateok
Browscap 6.x-1.0
Includes: Browscap
Up to dateok
Calendar 6.x-2.0-rc6
Includes: Calendar, Calendar Popup, Calendar iCal
Up to dateok
CCK Fieldgroup Tabs 6.x-1.x-dev (2008-Oct-01)
Includes: CCK Fieldgroup Tabs
Up to dateok
Checkall 6.x-2.0
Includes: Checkall
Up to dateok
Checkout (content locking) 6.x-2.2
Includes: Checkout
Up to dateok
Content Management Filter 6.x-1.4
Includes: Content management filter
Up to dateok
Color Scheme API 6.x-1.0
Includes: Color Scheme API
Up to dateok
Colorpicker 6.x-1.x-dev (2008-Dec-01)
Recommended version: 6.x-1.0-beta1 (2008-Nov-29)
Includes: Colorpicker, Colorpicker Example, Colorpicker Widget
Up to dateok
Content Construction Kit (CCK) 6.x-2.1
Includes: Content, Content Copy, Content Permissions, Fieldgroup, Node Reference, Number, Option Widgets, Text, User Reference
Up to dateok
Content Profile 6.x-1.x-dev (2008-Nov-24)
Recommended version: 6.x-1.0-beta2 (2008-Jun-20)
Includes: Content Profile, Content Profile User Registration
Up to dateok
Dash Media Player : a media player built for Drupal CMS 6.x-1.2
Includes: DASH Player, Tagging Service
Up to dateok
Date 6.x-2.0-rc6
Includes: Date, Date API, Date Copy, Date Popup, Date Repeat API, Date Timezone
Up to dateok
DAV 6.x-1.0-alpha3
Includes: DAV file system
Up to dateok
Devel 6.x-1.x-dev (2008-Dec-24)
Recommended version: 6.x-1.12 (2008-Oct-09)
Includes: Devel, Devel node access, Macro, Performance Logging
Up to dateok
DHTML Menu 6.x-3.2
Includes: DHTML Menu
Up to dateok
Diff 6.x-2.0
Includes: Diff
Up to dateok
Dynamic Help 6.x-1.0
Includes: Dynamic Help
Up to dateok
Edit term 6.x-1.0
Includes: Edit term
Up to dateok
Email Field 6.x-1.1
Includes: Email
Up to dateok
Fasttoggle 6.x-1.3
Includes: Fasttoggle
Up to dateok
Favicon 6.x-1.0
Includes: Favicon
Up to dateok
FeedAPI 6.x-1.5
Includes: Common syndication parser, FeedAPI, FeedAPI Inherit, FeedAPI Node, SimplePie parser
Up to dateok
Feed Element Mapper 6.x-1.0-beta3
Includes: FeedAPI Mapper
Up to dateok
FeedAPI RDF processor 6.x-1.0-alpha2
Includes: FeedAPI RDF
Up to dateok
File Framework 6.x-1.x-dev (2008-Dec-18)
Recommended version: 6.x-1.0-alpha2 (2008-Jun-16)
Includes: Antivirus, Archives, Attachments, Audio files, Browser, CCK, Converters, Documents, Embed, File, Gallery, Images, Restrictions, Slideshows, Spreadsheets, Texts, Videos, Views
Up to dateok
Services 6.x-1.x-dev (2008-Oct-05)
Includes: File Service, Menu Service, Node Service, Search Service, Services, System Service, Taxonomy Service, User Service, Views Service, XMLRPC Server
Up to dateok
File Server 6.x-1.0-alpha3
Includes: File taxonomy server
Up to dateok
getID3() 6.x-1.1
Includes: getID3()
Up to dateok
Helpers 6.x-1.1
Includes: Helpers, Helpers_database, Helpers_form, Helpers_node, Helpers_taxonomy, Helpers_theme
Up to dateok
IMCE 6.x-1.1
Includes: IMCE
Up to dateok
jQ 6.x-1.2
Includes: jQ, jQ Bridge
Up to dateok
jQuery UI 6.x-1.2
Includes: jQuery UI
Up to dateok
jQuery Update 6.x-1.x-dev (2008-Dec-16)
Recommended version: 6.x-1.1 (2008-Jun-23)
Includes: jQuery Update
Up to dateok
Javascript Tools 6.x-1.0
Includes: Javascript tools
Up to dateok
Live 6.x-1.0
Includes: Live
Up to dateok
Mail to Web 6.x-1.0-beta1
Includes: Mail to Web
Up to dateok
Mailhandler 6.x-1.5
Includes: Mailhandler
Up to dateok
Messaging 6.x-1.0
Includes: Messaging, Messaging Mime Mail, Messaging PHPMailer, Messaging Privatemsg, Simple Mail, Simple messaging
Up to dateok
Mime Mail 6.x-1.x-dev (2008-Sep-21)
Includes: Mime Mail
Up to dateok
Module Filter 6.x-1.1
Includes: Module filter
Up to dateok
Navigate 6.x-1.0-beta3
Includes: Navigate, Navigate Custom, Navigate Favorites, Navigate Menu, Navigate Search
Up to dateok
Notifications 6.x-1.0
Includes: Content Notifications, Notifications, Notifications Autosubscribe, Notifications Lite, Notifications UI, Taxonomy Notifications
Up to dateok
iCal feed parser 6.x-1.0
Includes: iCal parser
Up to dateok
Pathauto 6.x-2.x-dev (2008-Dec-13)
Includes: Pathauto
Up to dateok
Privatemsg 6.x-1.0-rc2
Includes: Block user messages, Private messages, Privatemsg filter
Up to dateok
Printer, e-mail and PDF versions 6.x-1.0
Includes: PDF version, Printer-friendly pages (core), Send by e-mail
Up to dateok
Project administration category 6.x-1.1
Includes: Project admin category
Up to dateok
Public Bookings 6.x-1.x-dev (2008-Oct-01)
Recommended version: 6.x-1.0-alpha1 (2008-Jul-08)
Includes: Public Bookings
Up to dateok
Resource Description Framework (RDF) 6.x-1.x-dev (2008-Dec-04)
Recommended version: 6.x-1.0-alpha3 (2008-Jun-13)
Includes: RDF API, RDF Schema
Up to dateok
Secure Site 6.x-2.1
Includes: Secure Site
Up to dateok
Session API 6.x-1.1
Includes: Session API
Up to dateok
Session Restore 6.x-1.1-beta
Includes: Session restore
Up to dateok
Site notes 6.x-1.2
Includes: Sitenotes
Up to dateok
Storm 6.x-1.19
Includes: Storm, Storm Attribute, Storm Expense, Storm Invoice, Storm Invoice item, Storm Knowledge base, Storm Note, Storm Organization, Storm Person, Storm Project, Storm Task, Storm Team member, Storm Ticket, Storm Timetracking
Up to dateok
jQuery UI Tabs 6.x-1.0
Includes: Tabs
Up to dateok
Taxonomy Manager 6.x-1.0-beta2
Includes: Taxonomy Manager
Up to dateok
Token 6.x-1.11
Includes: Token, Token actions
Up to dateok
Transliteration 6.x-2.0
Includes: Transliteration
Up to dateok
Username originality AJAX check 6.x-1.2
Includes: Username AJAX check
Up to dateok
userplus 6.x-2.1
Includes: Userplus
Up to dateok
Vertical Tabs 6.x-1.x-dev (2008-Dec-16)
Includes: Vertical Tabs
Up to dateok
Views 6.x-2.2
Includes: Views, Views UI, Views exporter
Up to dateok
WebDAV for Drupal 6.x-1.0-rc6
Includes: Drupal WebDAV, Drupal WebDAV for attachements, Drupal WebDAV for file systems, Drupal WebDAV for nodes
Up to dateok
Wysiwyg API 6.x-0.5
Also available: 6.x-1.x-dev (2008-Dec-26)
Includes: Wysiwyg

The above information is for information purposes only, I expect nothing in response, though, I appreciate any efforts to assist me in resolving this.

After, I figure out what has gone on, I will report this as an issue in the applicable 'issue' que for whichever module has removed the settings from display.

kewlguy’s picture

kewlguy commented

I went through quite the adventure trying to change my 'download method' to private from public, the settings disappeared from my admin/setttings/file-system page.

After 'disabling' ALL of my file related modules and clearing my cache, my settings for download method returned. Upon enabling each of my modules one at a time, I find that the Bitcache 6.x-1.0-alpha2 removed the radio check boxes from my admin/settings/file-system page.

Hope this helps some other lost soul that has found their settings have been removed.

**The shortcut to simply change the download method to private is to change the variable for file_download the 1 setting is for public, and the 0 setting is for the private download method.

Don Moody