[development] Sympal script / module Fetcher as profile enhancement

Jakub Suchy jakub at rtfm.cz
Tue Mar 27 16:48:26 UTC 2007

> * when the user approves the updates, a privileged cron script  
> performs the updates at the next scheduled time. This script could  
> also be run manually, but the idea would be that if you ever invoked  
> it via drupal, you'd have to specify credentials.

this is unacceptable, because most of the users running shared hosts
don't have access to privileged cron scripts.

I personally think that Drupal should not even run when any of the
system directories (sites, modules, themes?) are system-wide writable.
What about this approach?

- Chmoding any of the system directories writable will take Drupal web
offline (maintenance mod) immediately
- Admin user is still able to log in to site, so he goes to
administration, perform neccessary installations from the web and then
put the web back online by settings modules/ directory not-writable.

So the common practice will be:
1) chmod 777 modules (or ./scripts/start-install.sh)
2) log in to drupal administration (system is offline, but accessible to
admin user)
3) perform installation
4) chmod 555 modules (or ./scripts/stop-install.sh)

The question is: will this be easier to users than downloading modules
directly? :)

More information about the development mailing list