Drupal Server Settings

5 views
Skip to first unread message

esteinborn

unread,
Jul 16, 2014, 3:22:58 PM7/16/14
to nys-drup...@googlegroups.com

Looking for best practices for user roles on a Drupal server (server, not Drupal itself).

How best to set up user roles?

Who owns what files?

What should be off limits?

How do you manage adding modules/libraries etc?

Things of that nature.


Our dev group consists of 3 people, mostly front-end people but a couple will have access to the backend. 

Thanks! 

 

- Eric

Marshall, Gregg (ITS)

unread,
Jul 16, 2014, 3:28:12 PM7/16/14
to esteinborn, nys-drup...@googlegroups.com

I posted a variant of this on Yammer, but my input:


In general no one other than a trusted developer (or two) responsible for core updates, no developer should be doing anything outside the sites directory.

If I had my druthers, I wouldn't even allow access to most of that directory, ideally everything except sites/default/files would be controlled by a GIT master.

We don't let any users access via FTP, etc. They upload files via the UI, if necessary add a content type called uploaded file.

For large files, like video, which we shouldn't really have on our servers, then some limited FTP access to a directory inside sites/default/files might be required.

I think it is hard to have files not be owned by who uploads them. We have a group Apache that all our developers and Apache belong to that gives Drupal access. There is a whole slew of permissions variables, Zak has adapted a permission script, you might reach out to him.


I would suggest some review process to add modules/libraries. If the permissions are set correctly the update manager makes it possible via the UI, but that breaks any GIT control. I'd say have a lead developer add them via GIT is a better solution.


The front end people shouldn't need much more than access to the sub-theme CSS, perhaps theme images (I waffle on that) and sites/default/files, maybe depending on big files. And the theme CSS is likely the one part of a Drupal site (actually the whole sub-theme) that really needs to be under GIT control since it tends to represent most of the "coding" for a site.


Gregg Marshall
Consultant/Contractor, Drupal Development
NYS ITS Web Services
gregg.m...@its.ny.us
From: nys-drup...@googlegroups.com <nys-drup...@googlegroups.com> on behalf of esteinborn <estei...@gmail.com>
Sent: Wednesday, July 16, 2014 3:22 PM
To: nys-drup...@googlegroups.com
Subject: Drupal Server Settings
 
--
You received this message because you are subscribed to the Google Groups "NYS Forum Drupal Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nys-drupal-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages