Re: Sympal script / module Fetcher as profile enhancement

> * when the user approves the updates, a privileged cron
script  
> performs the updates at the next scheduled time. This
script could  
> also be run manually, but the idea would be that if you
ever invoked  
> it via drupal, you'd have to specify credentials.

Hi,
this is unacceptable, because most of the users running
shared hosts
don't have access to privileged cron scripts.

I personally think that Drupal should not even run when any
of the
system directories (sites, modules, themes?) are system-wide
writable.
What about this approach?

- Chmoding any of the system directories writable will take
Drupal web
offline (maintenance mod) immediately
- Admin user is still able to log in to site, so he goes to
administration, perform neccessary installations from the
web and then
put the web back online by settings modules/ directory
not-writable.

So the common practice will be:
1) chmod 777 modules (or ./scripts/start-install.sh)
2) log in to drupal administration (system is offline, but
accessible to
admin user)
3) perform installation
4) chmod 555 modules (or ./scripts/stop-install.sh)

The question is: will this be easier to users than
downloading modules
directly? 
Jakub

Op dinsdag 27 maart 2007 18:48, schreef Jakub Suchy:
> > * when the user approves the updates, a privileged
cron script
> > performs the updates at the next scheduled time.
This script could
> > also be run manually, but the idea would be that
if you ever invoked
> > it via drupal, you'd have to specify credentials.
>
> Hi,
> this is unacceptable, because most of the users running
shared hosts
> don't have access to privileged cron scripts.
>
> I personally think that Drupal should not even run when
any of the
> system directories (sites, modules, themes?) are
system-wide writable.
> What about this approach?

There is another way, and AFAIK Karoly (aka chx) already did
some work for it. 
Stolen from how Joomla! does it:
  
http://we
bschuur.com/publications/blogs/2007-01-16-stor_of_a_drupal_b
eleiver_installing_joomla_1_5_beta 
is the idea explained
  http://drupal.org/node/
110141
is the issue for it.

This adds system load to every single page for little
benefit. The check
could just as well be done on a scheduled basis (cron jobs)

----- Original Message ----- 
From: "Jakub Suchy" <jakubrtfm.cz>
To: <developmentdrupal.org>
Sent: Tuesday, March 27, 2007 6:48 PM
Subject: Re: [development] Sympal script / module Fetcher
as
profileenhancement


[...]
> What about this approach?
>
> - Chmoding any of the system directories writable will
take Drupal web
> offline (maintenance mod) immediately
[...]

On Mar 27, 2007, at 9:48 AM, Jakub Suchy wrote:

>> * when the user approves the updates, a privileged
cron script
>> performs the updates at the next scheduled time.
This script could
>> also be run manually, but the idea would be that if
you ever invoked
>> it via drupal, you'd have to specify credentials.
>
> Hi,
> this is unacceptable, because most of the users running
shared hosts
> don't have access to privileged cron scripts.
>

Is this statement still true if you think of a
"priviliged cron  
script" as simply one that isn't run by apache and
therefor has write  
access to the drupal directories?  I wasn't talking about
root here.   
My provider certainly allows this.

The FTP approach also has possibilites, but I'm not sure how
well it  
would work given our packaging systems.  I'd love to figure
out how  
drupal can have a hook that "prompts  for
credentials" and then runs  
a process as a different user.  I'll continue to be trying
to figure  
out a way to make this work...

Dave