freemode.net

Drupal install    [ Software ]

Worked on installing Drupal as a web forum/discussion board thingy for my lab project. [removed link 20031123 edobbs]

Why Drupal?   I haven't really worked with it before, but it looks interesting and seems to have some nicer customization features above and beyond what phpBB or Post-Nuke has, and doesn't seem to suffer from the same extent of security issues that those two packages do.   Plus, it's in the Debian package repository, so I can 'apt-get upgrade' between releases on whatever hardware I want to run it on.

I did run into some gotchas during the install, so I documented the steps I took below so that the next unlucky victim can learn from my mistakes.

First problem:

I was reading through the docs in /usr/share/doc/drupal/README.debian like a diligent administrator should, and they give this crazy suggestion of using the MySQL root password for connectivity to the database:

"In this case also, you should put this password on $dbpass in
/etc/drupal/conf.php , and this file SHOULD REMAIN in 640 mode,
belonging to root:www-data. This means that the user www-data may read the
root mysql password, so stay alert."

Ummm, no.   Not gonna happen.   Thankfully, the author comes to his senses in the next paragraph:

"Another and probably better solution is to make drupal database belong to
other mysql user ("drupal" mysql user for example), and changing
/etc/drupal/conf.php accordingly ($dbuname and $dbpass). Refer to
mysql-doc package documentation on how to do this, and/or the support give in
http://www.drupal.org"

Ach, lazy author.   Shouldn't even mention the first case, and should provide some docs for those too lazy to look up the instructions.   Oh well, here's one way to do it:

# mysql -p mysql
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.13-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>
mysql> GRANT USAGE ON *.* TO drupal_user@localhost;
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT CREATE,DROP,SELECT,INSERT,UPDATE,DELETE ON drupal.* TO
-> drupal_user@localhost IDENTIFIED BY 'drupal_password';
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye

And then edit /etc/drupal/conf.php to use:

$db_url = "mysql://drupal_user:drupal_password@localhost/drupal";

Make sure to not use any characters in the password that parse_url() will barf on.   Despite the dire warnings in the config file against using nonalphanumerics, '%' and '&' and other non-reserved characters should be okay - if in doubt, read the PHP documentation for the function call.

Oh and yeah, make sure to keep the permissions at least 440 (-r--r-----) with root:www-data as owner and group, respectively.   Anything more permissive than that for www-data is just asking for trouble.   If you're checking the file in and out of RCS (like me), you'll probably have to do a 'chgrp www-data conf.php' and 'chgrp www-data RCS/conf.php,v' to set the correct group ownership for the file.

Second problem:

So the app's installed, and I fire up my browser, point it to http://my.machine/drupal and it barfs with a:

"Fatal error: call to undefined function: mysql_pconnect()"

error.   Woo-hoo!   A bit of googling for mysql_pconnect() turns up a potential problem with php.ini not having an "extension=mysql.so" line present.   Since I remember other MySQL apps working without a problem, I'm a bit dubious, but I check it out and wallah! no mysql.so in the /etc/php/php.ini config file.

So I edit /etc/php/php.ini, append "extension=mysql.so" line, restart Apache, and all's well.   Now I can actually start playing with the app!

Posted by edobbs at November 4, 2003 03:06 PM