Last updated November 13, 2013. Created by tgeller on August 4, 2009.
Edited by jmcejuela, craig.norris, LeeHunter, batigolix. Log in to edit this page.

Your Drupal download comes with a sample configuration file at sites/default /default.settings.php.

Before you run the installation script, you must copy the configuration file as a new file called settings.php file and then set some permissions.

Note: With Drupal 7.x, on some types of shared/local hosting, if PHP and Apache are run by the same user, Drupal will attempt to execute the first three steps for you. If you get errors referring to the "Settings file" during installation, you can perform these steps manually.

  1. Copy the default.settings.php file and save the new file as settings.php in the same directory. To do this, run the following command from the directory that contains your Drupal installation files:

    cp sites/default/default.settings.php sites/default/settings.php

    Note: Do not simply rename the file. The Drupal installer needs both files.

  2. To make the settings.php file writeable and to allow the installer to edit the file, use:

    chmod a+w sites/default/settings.php

    Several FTP tools like Filezilla, Transmit, and Fetch allow you to change file permissions, using a 'file attribute' or 'get info' command. In this case the file permission should be set to 666. If your FTP client has checkboxes for setting permissions, check both the Read and Write boxes for "Owner", "Group", and "Others" (but leave the Execute boxes unchecked).

    Note: Be sure to change the file's permissions back after you have run the installation script. Those permissions should be:

    chmod 644 settings.php
    chmod 755 ../default
  3. To let the files directory be created automatically, give the web server write privileges to the sites/default directory.

    chmod a+w sites/default

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

"NOTE: Do not forget to change permissions back after you have run the installation script."

Change back to what?

Change back the settings.php permission.
change settings.php permission to 755. (read only, to make protected)

step by step:
-copy file default.settings.php to settings.php (do not rename). Now you have both files.
-change file permission settings.php to read/write with chmod 644 settings.php
-continue the installation..
-after all installation finished, change file permission settings.php to read-only with chmod 755 settings.php

ꦱꦠꦽꦶꦪ

Hi,

How do you change the permissions of settings.php if you are installing Drupal on Windows XP home environment?
It does not allow this (there is no security tab).
In addition I tried the cacls program from the cmd - but (ACL) Access Control Lists apply only to files stored on an NTFS formatted drive and not on FAT 32.

Thanks

You just right-click and set it to read-only, that is the only thing Windoze can do.
But, why not switch to Debian Linux, it's easy, free, virus/spyware-free, no defrag needed, and will give all the granular perms you want.
You can easily have a dual-boot system if you really want to keep M$.

ckosloff

I have copied the default.settings.php file, renamed it to settings.php, now both default.settings.php and settings.php exists in the default folder, I didn't need to change file permissions since both already are 666. I then click the "proceed with the installation" link in the installer, but the page reloads with the same error, "The settings file does not exist." What am I doing wrong?

EDIT: I just made it work, the error I got was "Settings file The settings file does not exist.
The Drupal installer requires that you create a settings file as part of the installation process. Copy the ./sites/default/default.settings.php file to ./sites//settings.php. More details about installing Drupal are available in INSTALL.txt." When I put the settings file in the sites/ folder the installation went on, is this what the .sites// mean?

Why is it that my settings file should be in the sites folder and not in the default folder as stated in all the instructions I've read?

when i locate localhost in web brower then the Xampp page appears,,,

thats i don't want..

I want to install the drupal further.

tell me the way.....
s there any settings related problem????

Plz nyone reply soon....

~!G!~

All these problems are caused by using M$ Windoze.
XAMPP has a particular folder where sites should be placed, I think it is public_html.
Cannot tell you much about XAMPP coz I use Linux, no need of any Linux emulator, I use the real thing and no problem.

ckosloff

Hi,
I had the same problem - run drush make with my make file, all the files ware created instead the settings.php and files folder. I created the folder and the file from default.settings.php ut the drupal installation still insisted that the file and directory does not exists. Then I looked at the permissions and I saw that I created them with the root user :)
Then I executed the following commands:
chown root:apache settings.php
chmod ug+rw settings.php
which changed the group of the file to apache which is the user group of the apache web server on my host and gave it write permissions on this file. The same have to be done to the file directory too.
After that I refreshed the drupal installation screen and everything was fine

You need to do a bit more if you have SElinux enabled (a good idea):

chcon -t httpd_sys_content_rw_t settings.php

This will leave it writeable by the httpd daemon after the event as well.

------------
We are born naked, wet, and hungry. Then things get worse.

After installing Drupal 7, what should the file permissions be for

-setting.php
-default.settings.php
-default folder
-sites folder
-files folder

I have ready many different things on this, and it seems everyone has a different opinion. (from 000 to 444 to 644 to 555 to 755). Can someone set the record? What should those file permissions be so that they are a) Most secure b) Will not mess anything up?

I would like to know this also. I used Simple Scripts for installation and I'd like to check and make sure my permissions are correct.

rift-prophecy.com

am getting a problem in running the installation script,every time am sticking at the second step "verifying the requirements"
i dont know what is the problem while I followed the procedures in setting.php

I'd love to know this too:

----
Quote:
"After installing Drupal 7, what should the file permissions be for

-setting.php
-default.settings.php
-default folder
-sites folder
-files folder

I have ready many different things on this, and it seems everyone has a different opinion. (from 000 to 444 to 644 to 555 to 755). Can someone set the record? What should those file permissions be so that they are a) Most secure b) Will not mess anything up?
"
----

Does anyone have the final answer for this?

i installed drupal 7.8 on a server successfully but while i'm using the site like configuring modules or changing the settings of the themes the servers blocks my ip
when i tried to understand what is going on the server admin told me to adjust the files permissions and cookies usage for drupal
how can i do this?
Note: i 'm extracting the drupal files in the root directory (Public_html)

Helloy.
Help me.
It is permission?

Notice: Undefined index: minnelli in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.maintenance.inc on line 63

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 104

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 452

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 452

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 452

Notice: Undefined index: minnelli in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 1023

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 1035

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 1044

Notice: Undefined index: minnelli in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.maintenance.inc on line 216

Notice: Trying to get property of non-object in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.maintenance.inc on line 216

Warning: array_keys() [function.array-keys]: The first argument should be an array in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.maintenance.inc on line 219

Warning: Invalid argument supplied for foreach() in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.maintenance.inc on line 219

Warning: include(./themes/garland/maintenance-page.tpl.php) [function.include]: failed to open stream: No such file or directory in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 1078

Warning: include() [function.include]: Failed opening './themes/garland/maintenance-page.tpl.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/ruuser/data/www/fashionrelease.ru/includes/theme.inc on line 1078

Hi,
I don't know how exactly you ware able to accomplish this :)
Please give me more details on how you did the installation otherwise I cannot help you.
There maybe a problem with permissions because it cannot load maintenance-page.tpl.php

Why don't you start with new installation - Drupal checks for it's requirements and gives warnings if something is not ok

i have changed all the files and directories in drupal folder to 777 but why drupal still shows"The Drupal installer requires write permissions to ./sites/default/settings.php"...............

I had the same problem. SELinux was running and enforced.

Please can you help?, I have installed and properly configured Drupal 6.XX permissions, folder either (755) and file (644), but when accessing the Web site throws me the following message:

Forbidden
You don't have permission to access / on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

thanks you...

Rodrigo

If you have SELinux running turn it off. Check the error_log for the web server. It maybe that it is not able to read the .htaccess file

If you have SELinux running then see my reply earlier in this thread (May 2011).

------------
We are born naked, wet, and hungry. Then things get worse.

This covers settings.php during the initial install process. But what about during upgrades? What is the appropriate way to update/upgrade the settings.php file when doing a Drupal upgrade which may have changed some of the content in the default.settings.php file? Is there any standard practice on this? Will Drupal "update" upgrade the file based on the new default.settings.php file, or is it a case of needing to make those changes by hand? A link to any "best practices" would be appreciated.

From the Drupal upgrade.txt file:

Sometimes an update includes changes to default.settings.php (this will be noted in the release notes). If that's the case, follow these steps:

  • Make a backup copy of your settings.php file, with a different file name.
  • Make a copy of the new default.settings.php file, and name the copy settings.php (overwriting your previous settings.php file).
  • Copy the custom and site-specific entries from the backup you made into the new settings.php file. You will definitely need the lines giving the database information, and you will also want to copy in any other customizations you have added.

This was from D7.14, so I guess I answered my own question. It does change, but the updates need to be made manually.

The mark of the beast 666 is the file extension. No way. I have serious issues with this.

Brian Patrick Fromme

If you don't want to type:

chmod 666 sites/default/settings.php

...you can type:

chmod a+w sites/default/settings.php

instead. They do the same thing.

---
Tom Geller * tomgeller.com * Oberlin, Ohio
See my lynda.com videos about Drupal

My host has the file at 555

I installed via fantastico.

I have installed ckeditor and finder, and it appears to have been successful.

However, when I click on the browser server button to be able to go to the area to upload an image, the next thing I see is this message:

The file browser is disabled for security reasons. Please contact your system administrator and check the CKFinder configuration file.

I have read the article, and adjusted my security settings according to what is stated. But I am still getting this message.

I am running Drupal 7, and nothing else fancy at this point. I have very little content on my site at this point other than a few pieces of test content. Because this is such a huge part of what I need for other content to be put in place.

Any thoughts? I can upload screen shots, and if necessary provide access.

Thank you,

In fact, granting rights for "others" and the "group" is not needed, nor desirable.

In a shared hosting environment, which effectively is a single-user environment, this is ok, but as soon as you go out to a root server, where other users (that you might seem to trust) have access to, you will want to protect your installation to not see anything of it. Only the user running the webserver should be able to read the files, so I suggest to restrict the files appropriatley.

These commands, fired off on a system where drupal resides in /var/www/drupal and the running user is www-data, restrict access to all the files to that exact user and allow write access in sites/default/files:

chown -R www-data. /var/www/drupal
chmod -R u=rX,go= /var/www/drupal
chmod -R u+w /var/www/drupal/sites/default/files

Adjust to your needs, YMMV.

Do not EVER use XX4 or XX6 rights, as almost NEVER the group of "other" user need access to any of your files, nor does the group of the webserver (in most cases). To be precise: a chmod 644 something should always be a chmod 640 something to prevent anyone from reading your files.

Hope this helps.

Rob

Do we need to update settings.php with each new drupal core update/upgrade?

Usually, when I update core, the first thing I do is delete the sites folder, which contains the default.settings.php.

Until recently, I decided to look at drupal 7.20's default.settings.php and noticed some changes. Should I be updating my settings.php to the new code found in default.settings.php? What's the best practice for this?

Securing file permissions and ownership

On the page http://drupal.org/node/244924 there's a thorough explanation on permissions settings.

On that page is a comment with all the numerical values off the permissions you have to set for files and directories: http://drupal.org/node/244924#comment-2689024

And if you're short in time you'll find a summary of that comment a wheelscroll deeper or click here: http://drupal.org/node/244924#comment-3651134.

Succes.
Kurt

De gustibus et coloribus non disputandum
www.mediaha.be, the aha in multimedia

The instructions are quite detailed and excellent if the user has access to a terminal ON THE SERVER. For most of us, we depend on popular and efficient host tools, which do not allow terminal mode. I am offering to help Drupal build a tmED type of instructions. But I need to have contact with a collaborator which is an expert on Drupal. Anyone there? We could make all the difference in the world for an easy installation and site build up.

humberto

I tried several times to run Drupal on localhost but I have a problem.
when I create the database on root user and copy the both "default.settings" and "settings" files on the proper folder, I set "write" permission to "settings.php" file in Security tab to this names: IIS_IUSRS and IUSR afterwards.
then after writing database information down in the form (at localhost) I get "Fatal error: Maximum execution time of 30 seconds exceeded in C:\xampp\htdocs\drupal\includes\database\database.inc on line 2168" error.

Can anyone help to solve this problem.

find php.ini file in xamp folder (or subfolder), change maximum execution value to 300 second or more.

ꦱꦠꦽꦶꦪ