| | 1 | = When you say we are using a "central, shared" installation of Drupal, what does that mean? = |
| | 2 | |
| | 3 | May First/People Link has one installation of Drupal on each of our shared servers. All sites running Drupal have the option of using this single copy of Drupal. The advantage of this approach is that when a security patch is released for Drupal that fixes a vulnerability, we can apply the patch in one place and everyone who is using our single copy of the Drupal source will immediately benefit from the patch. |
| | 4 | |
| | 5 | How does it work? |
| | 6 | |
| | 7 | Drupal has a method for running more than one web site using the same core Drupal source. It's called "multi-site." Using multi-site - you can place as many directories in your Drupal sites directory as you want, each one named after the domain name of the separate site you want to create. |
| | 8 | |
| | 9 | We do not use this approach for two reasons: |
| | 10 | |
| | 11 | * It means everyone has to use the same DocumentRoot - you cannot, for example, add your own robots.txt file or decide you want to customize your .htaccess file |
| | 12 | * It does not work with suPHP - a security mechanism that restricts the permissions of your Drupal installation to just your account. When using multi-site, a vulnerability in one site can be used to do damage to another site on the same server. |
| | 13 | |
| | 14 | In short, the multi-site approach is both restrictive and insecure. |
| | 15 | |
| | 16 | Our approach uses symlinks instead. It is designed to work with suPHP, in which the PHP process running runs with the privileges of the user who owns the file. |
| | 17 | |
| | 18 | Using our approach, every member has their own web directory, which they control. The web directory contains symlinks to all the top level directories in Drupal core (includes, misc, etc.) except for the files and sites directories - these are real directories under the control of the user. In addition, each top level file (index.php, cron.php, etc) is symlinked in the user's web directory, but with the name index.drupal.php, cron.drupal.php. Finally, every top level file is created and owned by the user with the original Drupal name (index.php, cron.php) and with a simple one line of php code which includes the Drupal symlink. For example, index.php contains: "require_once('index.drupal.php');". An example web directory listing looks like this: |
| | 19 | |
| | 20 | {{{ |
| | 21 | 0 jm@chavez:web$ ls -l |
| | 22 | total 28 |
| | 23 | lrwxrwxrwx 1 mayfirst mayfirst 34 2007-11-17 04:14 cron.drupal.php -> /usr/local/share/drupal-5/cron.php |
| | 24 | -rw-r--r-- 1 mayfirst mayfirst 38 2007-11-17 04:14 cron.php |
| | 25 | drwxr-xr-x 4 mayfirst mayfirst 4096 2008-03-11 03:58 files |
| | 26 | lrwxrwxrwx 1 mayfirst mayfirst 34 2007-11-17 04:14 includes -> /usr/local/share/drupal-5/includes |
| | 27 | lrwxrwxrwx 1 mayfirst mayfirst 35 2007-11-17 04:14 index.drupal.php -> /usr/local/share/drupal-5/index.php |
| | 28 | -rw-r--r-- 1 mayfirst mayfirst 39 2007-11-17 04:14 index.php |
| | 29 | lrwxrwxrwx 1 mayfirst mayfirst 37 2007-11-17 04:14 install.drupal.php -> /usr/local/share/drupal-5/install.php |
| | 30 | -rw-r--r-- 1 mayfirst mayfirst 41 2007-11-17 04:14 install.php |
| | 31 | lrwxrwxrwx 1 mayfirst mayfirst 30 2007-11-17 04:14 misc -> /usr/local/share/drupal-5/misc |
| | 32 | lrwxrwxrwx 1 mayfirst mayfirst 33 2007-11-17 04:14 modules -> /usr/local/share/drupal-5/modules |
| | 33 | lrwxrwxrwx 1 mayfirst mayfirst 34 2007-11-17 04:14 profiles -> /usr/local/share/drupal-5/profiles |
| | 34 | lrwxrwxrwx 1 mayfirst mayfirst 33 2007-11-17 04:14 scripts -> /usr/local/share/drupal-5/scripts |
| | 35 | drwxr-xr-x 3 mayfirst mayfirst 4096 2007-11-17 04:14 sites |
| | 36 | lrwxrwxrwx 1 mayfirst mayfirst 32 2007-11-17 04:14 themes -> /usr/local/share/drupal-5/themes |
| | 37 | lrwxrwxrwx 1 mayfirst mayfirst 36 2007-11-17 04:14 update.drupal.php -> /usr/local/share/drupal-5/update.php |
| | 38 | -rw-r--r-- 1 mayfirst mayfirst 40 2007-11-17 04:14 update.php |
| | 39 | lrwxrwxrwx 1 mayfirst mayfirst 36 2007-11-23 11:16 xmlrpc.drupal.php -> /usr/local/share/drupal-5/xmlrpc.php |
| | 40 | -rw-r--r-- 1 mayfirst mayfirst 40 2007-11-17 04:14 xmlrpc.php |
| | 41 | 0 jm@chavez:web$ |
| | 42 | }}} |
