Walter,
I would love to hear more form others as I have a number of sites set to private where the folder is above the root web and I need to convert back to public with files in sites/default/files.
Anyway, I do know that it is a good idea to make sure the files folder is about the root web our out of there when using private files setting. If you don't, someone who knows the correct file name can go directly to the file. If a private file is called via a drupal node, drupal will only stream the file out to the client if they have the proper permissions.
Thanks! Mark
On Mar 19, 2008, at 8:08 AM, Walter Garcia-Fontes wrote:
I know that the file system is very hard to move from the root of drupal once your site is mature, but I have tried it anyway (not on my live site, but on a clone of it). I have tried to read also as much as I could about this both in the drupal.org search and doing a general google search.
So I'm telling the list what I did and what didn't work, just in case anybody can give me any hints to understand a little bit better how things work with the file system.
My site is Drupal 5.7. I have full access to the server, database, you name it (it must be almost impossible to do this without full access). Server is linux with standard tools.
My previous setup was file system set to "private" but located in the root of drupal, in a "files" directory.
So I created a directory out of the webserver root and put my "files" directory there, with write permissions and owned by apache owner and group. Then I changed the path in admin/settings/file-system to the new path, and erased my old "files" directory at the root.
I use fckeditor to upload files and images to nodes, so these get an initial path of "/files/file" and "/files/image". Now these paths have to be moved to "/system/files/file" and "/system/files/image" once the files are out of the root. I changed this searching for all tables which contained these strings with the "search" feature of phpmyadmin, and then substituting the strings with the mysql command line (UPDATE table SET column = REPLACE(filepath,"/files/file", "/system/files/ file");) I tried this of course on a sandbox install and database, and will get all the backups if I try to mess around with my actual database. There are not so many tables that contain references to files, so this can be done in about half an hour.
In any case, after adjusting a couple more things related to fckeditor seeing the new file system, everything seemed to work until I logged out. The anonymous user was unable to access the files in the new file system. Also strangely some roles could access them but some others could not, and in particular I have two roles which look very similar in terms of permissions but one can access it and the other not. I also tried giving the remaining permissions to the role whith no access, but no result, no matter what I tried.
So now I have a lot of questions: 1) is the "private" file system outside of the root always inaccessible for anonymous users? 2) Which is the permission that gives access to this type of private file system? 3) What is the effect of having "private" chosen, but the file system in the root? This seems to give access to everybody to the files and images that are referred in nodes, despite the fact of setting it as "private". 4) And how come I have such a disparate behavior of different roles, what determines which ones can access the outside private file system?
Thanks for any hints on this.
-- Walter Garcia-Fontes Barcelona
-- [ Drupal support list | http://lists.drupal.org/ ]