Back to top

Drupal Fun at the Shell

So, if you have Drupal installed and maybe even configured and now you're saying hey, what database do all of my installations use? Are my settings files secure?

Well, you already know that I love DreamHost because of the shell access and why?

Well, fun stuff like this!

Drupal's Scripts

There's a few fun examples in the base directory of your drupal install in the scripts folder. will get rid of backup files and clean up the code. There are also examples of scripts to use to call the site's cron script (you are doing that, aren't you? here's why you should) Lots of fun examples in that scripts directory.

A little database security

Let's say you have a bucket of domains hosted on the same account so they are all in the same home directory and you just realized that your settings.php files are readable by other people with shell access (permissions of 644) which is necessary on many shared hosting accounts because of the way they run PHP, but not necessary on DreamHost using php running as your user. If someone has the information in your settings.php file, they could get into your mysql database with some decent privileges. Yikes! So, just use this one liner to find those files, and chmod them down to something more reasonable like 600.

Find the files and list the permissions:

find ./ -name 'settings.php' -exec ls -l {} \;

And then to tighten down those permissions:

find ./ -name 'settings.php' -exec chmod 600 {} \;

Great! Security, and only one line of commands.

To break down what's happening in that line, I use the find command to find files. ./ is expanded by the shell to look for anything in the form {stuff}.{stuff} such as "" so that it looks in all the directories that correspond to domains. I have lots of other directories in my home folder, but I know I don't need to search those so I don't want to waste my computer's time. Next, I use the -name flag to only look for the file called "settings.php". Fair enough. Then, I use the "exec" command to call chmod.

Now, lots of people talk about using xargs instead of exec. Using "-exec" will call the command once for each file that is found. Using "xargs" will pass all of the results of find to the xargs command. xargs can be more efficient. Generally, I'm not dealing with situations where I invoke the command thousands of times and xargs can run into problems with "funny" file names. So I just use -exec.

Who is pointed at what?

Next, let's say you're like me and you've got 20 databases that you've created and 15 sites and man what the heck is going on? Well, you can use find again and a little grep-fu magic to see which database each one is pointed at:

find ./ -name 'settings.php' -exec grep -H '^$db_url' {} \;

To break that command down, the find part of it is the same as the last examples, but the grep part is a little fun. I'm using -H so grep will print the file name and then using '^$db_url' so that grep will match beginning of line (^) followed by $db_url which is the line where the database information is stored.

That's it. Hopefully this will be useful to other folks.

People Involved: