Contrib.social

Move default.settings.php somewhere that it's unlikely to be accidentally tampered with by newbies

Open on Drupal.org →
Created on 28 September 2008, over 16 years ago
Updated 19 March 2025, 19 days ago

Problem/Motivation

It's easy for a newbie drupal dev to try installing drupal, accidentally berk the default.settings.php file and then not be able to install drupal. They may give up and never come back.

Proposed resolution

There are currently two proposed resolutions:

1. Hardcode an md5 of the "right" file - leads to maintenance overhead every time we change default.settings.php
2. Move default.settings.php somewhere that a newbie would not be encouraged to mess with it - slightly less foolproof

Remaining tasks

Decide on an approach and create patch.

User interface changes

None, or potentially a warning displayed to users during installation if they have damaged default.settings.php

API changes

None

Original report by @CorniI

Hi,
catch about #312144: Install fails when default.settings.php is not present

It's got a couple of interesting side-effects which we should deal with in the md5 followup patch.

So, if I do

$ mv default.settings.php settings.php
$ cp settings.php default.settings.php

- the error message goes away and everything proceeds as normal.

If I do

$ mv default.settings.php settings.php
$ touch default.settings.php

The error message goes away and I can install Drupal, but I get a settings.php with just the database connection information. That's what the md5 patch will attempt to deal with, I don't think we should concern ourselves about it here - since we're only helping people who aren't really following the instructions here anyway.

That's what the problem, but how to fix?
We can just add another check, for default.settings.php's md5. A patch for this is attached. But this is not easy to just say let's commit this, there's the drawback that whenever someone changes default.settings.php because it's needed, HEAD install will break until another patch is committed which adjust the md5sum which the file is compared against it. Also, this doesn't allow the user to define default values for all his installations with his (accordingly modified) version of default.settings.php. I'd like to hear some opinions on this before it gets committed/discarded, the patch itself is trivial. It's dependant on #3121444: Declare Drupal 9 compatibility which is atm RTBC, so it should be in fast.

Feature request
Status

Postponed: needs info

Version

11.0 🔥

Component

install system

Created by

🇩🇪Germany CorniI

Live updates comments and jobs are added and updated live.
  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 19 days ago
    🇺🇸United States smustgrave

    Thank you for sharing your idea for improving Drupal.

    We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024