* when the user approves the updates, a privileged cron script performs the updates at the next scheduled time. This script could also be run manually, but the idea would be that if you ever invoked it via drupal, you'd have to specify credentials.
Hi, this is unacceptable, because most of the users running shared hosts don't have access to privileged cron scripts. I personally think that Drupal should not even run when any of the system directories (sites, modules, themes?) are system-wide writable. What about this approach? - Chmoding any of the system directories writable will take Drupal web offline (maintenance mod) immediately - Admin user is still able to log in to site, so he goes to administration, perform neccessary installations from the web and then put the web back online by settings modules/ directory not-writable. So the common practice will be: 1) chmod 777 modules (or ./scripts/start-install.sh) 2) log in to drupal administration (system is offline, but accessible to admin user) 3) perform installation 4) chmod 555 modules (or ./scripts/stop-install.sh) The question is: will this be easier to users than downloading modules directly? :) Jakub