By default, Drupal Commons stores uploaded files as public files, which can be downloaded by all users. If you want to limit access to these files to certain roles or accounts, you must configure the private file settings for your server.
To configure your website's private file settings:
- In the admin menu, go to Configuration > File system.
- In the Private file system path field, enter a local directory used for private files.
You should set your files directory to exist outside of the document root for your Drupal Commons installation (for example, not in
Be sure that Drupal can read from and write to the directory, but that the directory can't be accessed remotely.
- Click Save configuration.
After you save your settings, note that Drupal Commons displays an additional Default download method.
Select the default method you want Drupal Commons to use with uploaded files, and then click Save configuration.
If you plan on restricting access to user-uploaded files in the future, you should set the download method to Private in order to avoid broken links at that time. If you set your download method to Private, until you configure file permissions, users can download other users' uploaded files as if the Public download method were selected for use.