Drupal: Configuration, access control and adding content

by Andres Baravalle

Drupal: Configuration, access control and adding content

  • Configuration and status report
  • Access control
  • Adding content

Configuration

Local and remote Drupal files

As part of your Drupal development activities, you may have to create folders, upload files etc. When working on files, you need to make sure that your local Drupal installation that is synch'ed with your remote installation.

You should never change any files in the root directory of Drupal - only in the /sites folder.

Activity #1

Use WinSCP to download a local copy of your Drupal web site on your desktop (Commands → Syncronize...). During the next activities (and in the next weeks) make sure that you keep a local copy of your Drupal files.

File and folder permissions

You will be normally using a remote file system in a multi-user environment. That implies that you may have to set the appopriate permissions for your folders.

You should be familiar with file permissions from your previous modules, but we'll review the basic concepts.

Each file and directory on your server is assigned access rights for the owner of the file, the members of a group of related users, and everybody else. Rights can be assigned to read a file, to write a file, and to execute a file (i.e., run the file as a program).

Users and groups

In the system you are using:

  • The web server is running under the user apache, in the group apache (we write it as apache:apache)
  • Your user is in the group sftpusers

File permissions

Here is a table of numbers that covers all the common settings. The ones beginning with "7" are used with programs (since they enable execution for the owner) and the rest are for other kinds of files.

Value Meaning
777

(rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting.

755

(rwxr-xr-x) The file's owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users.

700

(rwx------) The file's owner may read, write, and execute the file. Nobody else has any rights. This setting is useful for programs that only the owner may use and must be kept private from others.

666

(rw-rw-rw-) All users may read and write the file.

644

(rw-r--r--) The owner may read and write a file, while all others may only read the file. A common setting for data files that everybody may read, but only the owner may change.

600

(rw-------) The owner may read and write a file. All others have no rights. A common setting for data files that the owner wants to keep private.

Directory permissions

In most ways, the permissions scheme for directories works the same way as they do with files. However, the execution permission is used in a different way. It provides control for access to file listing and other things. Here are some useful settings for directories:

Value Meaning
777

(rwxrwxrwx) No restrictions on permissions. Anybody may list files, create new files in the directory and delete files in the directory. Generally not a good setting.

755

(rwxr-xr-x) The directory owner has full access. All others may list the directory, but cannot create files nor delete them. This setting is common for directories that you wish to share with other users.

700

(rwx------) The directory owner has full access. Nobody else has any rights. This setting is useful for directories that only the owner may use and must be kept private from others.

Standard file and folder permissions

Here are the most common settings:

Resource Value Meaning
PHP files 644

(rw-r--r--) The owner may read and write a file, while all others may only read the file.

sites/default/settings.php 777 during installation, 644 after

(rwxrwxrwx and rw-r--r--) The file needs to be writable by everyone during installation, and just by the file owner afterwards.

sites/default/files
sites/default/files/images
sites/default/files/tmp
777

(rwxrwxrwx) The Apache server should be able to read/write files from those folders; as the Apache server is not in your group, you need to allow every user read/write rights to your folder.

Users are not going to be really able to read/write in your folder as they are in an SFTP jail (they cannot leave).

Configuring Drupal

You should already be familiar on how to download and install Drupal and you should have completed a Drupal installation. In the next slides we are going to see how to configure Drupal effectively; all the operations assume that you are logged into Drupal.

We are now going to look at configuring Drupal; if you get stuck in any of the activities, refer to the Getting Started with Drupal 7 Administration guide from the Drupal web site.

Paths and overlay

All paths in the following slides are relative to your Drupal installation.

Administrative screens can be normally loaded as overlays, but a direct URL is also available.

For example, if your web root is http://mastodon.uel.ac.uk/~u1234567/drupal, and a path (in the next slides) is written down as /?q=admin/reports/status, you will find it at http://mastodon.uel.ac.uk/~u1234567/drupal/?q=admin/reports/status

You should be able to find all configuration settings under /?q=admin/config

Status report

Drupal's status report gives a short overview of the web site's parameters and of any problems detected during the installation.

Activity #2

Open the status report for your Drupal site; it's quite likely that you will find in the report an error referring to a problem with your temporary directory.

If that's the case, open the URL /?q=admin/config/media/file-system and set:

  • Public file system path: should be pointing to sites/default/files
  • Temporary directory: should be pointing to sites/default/files/tmp (you have to create this folder in the server first)

You may have to use your SFTP client to set the right permissions to the folders. What permission should you set?

Modules

You should not change Drupal core (unless you know what you are doing and you are aiming to push your changes to the Drupal project).

Instead, you can extend Drupal by using additional modules. Drupal core comes with a default set of modules (not all of which are installed) and more modules are available in the Drupal.org web site.

The Modules tab allows to enable/disable installed modules and to install/uninstall modules.

Installing modules

You can download extra modules from https://drupal.org/download or you can install them directly in /?q=admin/modules/install

Will will investigate this further in the next weeks.

Activity #3

Open the Modules settings and enable the Statistics and Forum modules. Explore the features of the modules, and create at least a forum for your web site.

Blocks

Blocks contain functionality or content that is available for a Drupal site; they are normally generated by modules, but can also be generated manually.

You can place your blocks in any of the page regions defined by your theme; we will learn more about themes in the next weeks.

Blocks are available under StructureBlocks.

Activity #4

Enable the Recent comments block and place it in your web site; it should be visible in all pages.

Create a (custom) Bio block and use it to include a few lines about yourself in the homepage only.

Blocks and page regions

 

Drupal configuration

The next slides describe settings in the configuration area of the Drupal backend (?q=admin/config).

Site Information

Drupal's site information settings allow to set the site name, the slogan, the administrator's email and the number of posts in the front page.

Performance

Drupal's settings allow to set the caching and file aggregation.

Caching and file aggregation should be disabled during development, and enabled for deployment (to improve performance by keeping files small and keeping the number of files down).

Clear the site's cache when making modifications to a site if you want to ensure that changes are definitively displayed.

Logging and errors

This page allows to set if Drupal should display error messages or not. Enable during development, disable for deployment.

Clean URLs

Enables clean URLs as example.com/user instead of example.com/?q=user. It should be always enabled and it's critical for Search Engine Optimisation (SEO) purpouses.

Activity #5

Open the settings forPerformance and Logging and Errors and ensure that all settings are correct.

Open the Clean URLs settings and enable clean URLs. Reload your web site and verify that clean URLs are now enabled.

Access control

Planning access control

When writing the requirements for a web site, think at who is going to contribute to the web site and how. You should be able to answer questions as:

  • Who will be creating the content?
  • Is there going to be any moderation to ensure the quality of the content in the web site?
  • Will anonymous users have the right to create content?

Roles

Roles in Drupal define what users can or cannot do.

Drupal comes with some pre-defined roles: anonymous user, authenticated user and administrator. Open /?q=admin/people/permissions/roles to create extra roles.

Permissions

Open /?q=admin/people/permissions to set permissions for all roles.

Common permissions for modules include:

  • Administer: gives the ability to change how a module operates
  • View: gives the ability to use a module without changing anything
  • Create: gives the ability to create some type of content
  • Edit any/own: gives the user the ability to edit any/own content
  • Delete any/own: gives the user the ability to delete any/own content

Activity #6

On your Drupal installation, create an extra role, named forum moderator and give all users with that role the right to edit all content in the fora.

Users

Users can be created by self-registration on the web site or from the back end (People → Add user).

Administering users

You can administer users from /?q=admin/people.

The page allows you to block/unblock a user, to cancel an account and to edit existing users. By editing existing users you are then able to add additional roles.

Activity #7

Create two users on your Drupal web site; two as standard user (authenticated user) and one to be a member of the forum moderator group that you created in the previous activity.

Block one of the users that you have created.

Adding content

Node types

Drupal includes a set of node types (types of content) enabled by default: article and basic page.

Additional node types are available through Drupal modules; the Forum module, for example, enables the Forum topic node type.

Creating content

You can create Drupal content through the Add content link in your Drupal installation.

By default, you would have to write all the HTML/CSS for your content. We will see later on how it can be facilitated.

Activity #8

Create a small selection of nodes for your website.

This work

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License

Creative Commons License