Temporary file folder

Quentin · October 18, 2025, 2:21pm

Hi

I’m using Backdrop CMS (fork of Drupal 7).
It needs a temporary directory that is normally added to the root.
I know it is not possible here on a free server.
The folder must not be accessible from the web.
Any ideas what I can do?

siglo_ph · October 18, 2025, 3:35pm

Hello. I do not use Backdrop CMS and I do not know what you intend to do, so I do not guarantee if this will work. But if you are asking for a folder not accessible directly from the web: Create a folder outside your htdocs from your domains. If you open the filemanager.ai, just click the big icon pointing upward. Create a new folder in that location. The new folder, say “secret“, can be accessed in the htdocs by address of “../secret/“. It can read files but I’m not sure if there is a write access or if it is even permitted. Do you need write access? Can’t see permissions.

Meishin · October 18, 2025, 11:03pm

It will not work, anything outside the corresponding htdocs folder cannot be accessed (neither read nor write) by your website code

lovebug · October 19, 2025, 1:08am

I think if you password protect your temporary directory this will prevent external access to its content but your internal server php code will still be access the directory

Quentin · October 19, 2025, 11:36am

Going to close this topic.
I have a lot of experience with Drupal7/Backdrop, and I can see it will not work here.
Also, files generated by the CMS are always saved as readable only on infinityfree (600), even if the directory is set to read and write (777).
Thanks for your help all.

Admin · October 19, 2025, 1:58pm

If you don’t want the folder to be web-accessible, you can simply create the folder in your htdocs dierctory, and inside of it, create a file with the name .htaccess with the contents Require all denied. That makes everything in the folder inaccessible too.

There are a couple of things I want to clarify:

The permissions 600 mean does not make files read-only. It makes the files readable and writable to only the owner, and inaccessible to everyone else.
This is something your CMS does, not something we do. By default, any files created from any program are created with permissions 644. If the permissions are any different, it means that something deliberately created these files with different permissions.
The permissions of a directory only determine if you can create files in that directory, it has no effect on the permissions of the files created within.

We really don’t do anything special with individual file permissions. The only thing we do is block access to files outside of htdocs directories, but that’s it.

Quentin · October 22, 2025, 3:53pm

Thank you, Admin, for your suggestions.
I worked on it a bit, and realised that this CMS still needs a private server.
Nothing wrong with InfinityFree. I’m still using you with other stuff.

system · October 29, 2025, 3:54pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.