Hey, it worked!
I tried adding “files” to the directory string and it after clearing cache everything started working. Glad this worked and I didn’t need to do the wide open permission option.
1 Like
Now getting these errors in the status reports, despite uploads working fine:
File system - Writable (public download method)
The directory sites/default/private/files is not writable. You may need to set the correct directory at the file system settings page or change the current directory’s permissions so that it is writable.
Private files directory - Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the private:// directory to help protect against arbitrary code execution.
Hooray!
Huh that’s weird. And you’re sure you can upload files to logs and assets?
OK yea it sounds like the private files directory is NOT writable. Drupal will automatically write a .htaccess file to it if it is, and this message will disappear (along with the other one). The .htaccess file has Apache rules in it to prevent anyone from snooping files if they know their path or filename.
What do you see when you navigate to /admin/config/media/file-system in your browser? That page will summarize the public, private, and tmp directories that Drupal uses.
Yep, files are uploading fine, when I go to the private files, it shows me the date the assets were added and the files contain both pictures and file uploads that I can view. Inside farmOS I can also view the files I’ve uploaded. Despite it saying it is not writeable, the files are getting uploaded. It worked on both an asset and a log test upload.
Below is a copy/paste of that admin page.
File system
Public file system path
sites/default/files
A local file system path where public files will be stored. This directory must exist and be writable by Drupal. This directory must be relative to the Drupal installation directory and be accessible over the web. This must be changed in settings.php
Public file base URL
http://localhost:port/sites/default/files
The base URL that will be used for public file URLs. This can be changed in settings.php
Optimized assets file system path
sites/default/files
A local file system path where optimized assets files will be stored. This directory must exist and be writable by Drupal. This directory must be relative to the Drupal installation directory and be accessible over the web. This must be changed in settings.php
Private file system path
sites/default/private/files
An existing local file system path for storing private files. It should be writable by Drupal and not accessible over the web. This must be changed in settings.php
Temporary directory
/tmp
A local file system path where temporary files will be stored. This directory should not be accessible over the web. This must be changed in settings.php.
Default download method
Public local files served by the webserver.
Private local files served by Drupal.
This setting is used as the preferred download method. The use of public files is more efficient, but does not provide any access control.
Well that’s good! Strange that you would still have an error in the status report saying otherwise…
Question: when you open a file that you uploaded, and look at it’s path, is it something like /system/files/...? The /system bit indicates that it’s being served from the private filesystem (and is protected). If it’s /sites/default/files then it indicates that it’s being served from the public filesystem (and is open to the public).
http://localhost:port/system/files/farm/asset/2024-01/filename.jpg
Great! That’s what you want!
Can’t tell you why you’re still seeing messages about it in the status report though… that’s very odd.
If you are hosting this locally (and it isn’t exposed on the public internet), then there’s nothing to worry about. If you are hosting it publicly, then the risk is that someone who knows the URL of a private file would be able to see it by going directly to the URL. Also pretty unlikely… depends on how paranoid you are. 
I am still curious why you’re seeing the messages though…
What operating system are you hosting Unraid on?
“Unraid is a proprietary Linux-based operating system designed to run on home media server setups that operates as a network-attached storage device, application server, and virtualization host”
It manages communication between the different applications as if they were on their own network and assigns IPs and ports internally as if the localhost was a router and each app is it’s own computer. I interact with the apps web UI by going to a designated port on the unraid computer, which port forwards all communication to the app designated with that port.
Very similar to the docker image setup. So its a nesting doll of networks all the way down. Ultimately, it is Linux.
edit: Obviously, I’m not an expert and this is my amateur interpretation of what I know so far. Quotation was pulled from wikipedia.
edit edit: my server boots from a USB stick holding the unraid os and license.
1 Like
Awesome good to know!
Well @Mick if you want to take a look together live sometime feel free to join the weekly farmOS dev call! We’re a bunch of friendly geeks who love getting nerd-sniped by little problems like this. I’m sure we could get to the bottom of it! 
1 Like