Do I need to set up public files directory for multi-sites differently?

Berry Dingle

12/13/22, 11:17 PM

I had some Drupal installations which I merged into a multi-site installation.

When they were single installations, I created a files in the root directory and set the system permissions for the directory and its content to 755. When I ran the security review, I got no errors.

Now I set up them as multi-site; the files directory is still in the root folder, and inside there also the site1, site2, site3 directories used from the single sites. When I set the system permissions to 755 and run the security review, I get an error that about some files in my public files directory which are writeable by the server.

Those files have been always writeable by the server. Otherwise, CSS/JavaScript aggregation and file uploading wouldn't work.

When I set the files folder in the root directory as well as site1, site2, site3 to 555, the security review didn't report anything, but I got an error message from the Drupal status report because the public file system is not writeable from the server.

Do I need to set up the public files directory for multi-sites differently?

1 + 2

security

multi-sites

miststudent2011

12/14/22, 1:53 AM

have you tried chmod -R 755 files/site1 files/site2 ... ?

Berry Dingle

12/14/22, 2:11 AM

Thanks for your answer. Yes I did, but I didn't read very attentive. My files folder has 555 and the site1, site2, site3 have 755 -R. And it works like expected, as it spares out the own public folder. So, if I rund a security review in the backend of site 1, I still get the error. Because It tells me in the details, that it also found the public folders of site 2 and site3, which are also 755. So it seems to throw the error because there are other directories as well, that don't belong to this installation.

Score:1

Drupal

hoanns

12/14/22, 11:13 AM

To answer the question: no you do not need to set up those directories differently. The webserver obviously needs write access there for storing files. If the security_review module has a problem with the dirs of the other sites then it is probably a bug in that module.

Anyhow: first click on details, maybe you find out more information there.

Then I had a look at the code, this is the method that detects the error:

https://git.drupalcode.org/project/security_review/-/blob/8.x-1.x/src/Checks/FilePermissions.php#L48

It also tries to write a file in its own module directory (which it does not communicate to the user -> not nice), so have a look into there and see if there is a file called "file_write_test[...]" or if there is a warning inside "IGNOREME.txt". If that is the case you need to remove write access to the modules directories for the webserver user (usually www-data)

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Do I need to set up public files directory for multi-sites differently?

TH: ฉันจำเป็นต้องตั้งค่าไดเร็กทอรีไฟล์สาธารณะสำหรับหลายไซต์แตกต่างกันหรือไม่

RO: Trebuie să configurez diferit directorul de fișiere publice pentru mai multe site-uri?

RU: Нужно ли мне по-другому настраивать каталог общедоступных файлов для нескольких сайтов?

VI: Tôi có cần thiết lập thư mục tệp công khai cho nhiều trang khác nhau không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.