#79018 by pwolanin, catch, Morbus Iff: document how can one hide CHANGELOG.txt, etc. to improve security a slight bit

1 files changed, 19 insertions, 1 deletions

diff --git a/INSTALL.txt b/INSTALL.txt
index 8d279626f..e91884356 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -136,7 +136,7 @@ INSTALLATION
    running FastCGI can run into problems if the $base_url variable is left
    commented out (see http://bugs.php.net/bug.php?id=19656).
 
-6. REVIEW FILE SYSTEM STORAGE SETTINGS
+6. REVIEW FILE SYSTEM STORAGE SETTINGS AND FILE PERMISSIONS
 
    The files directory created in step 4 is the default file system path used
    to store all uploaded files, as well as some temporary files created by Drupal.
@@ -181,6 +181,24 @@ INSTALLATION
    unexpected problems on an existing site. If you modify the file system path
    on an existing site, remember to copy all files from the original location
    to the new location.
+   
+   Some administrators suggest making the documentation files, especially
+   CHANGELOG.txt, non-readable so that the exact version of Drupal you are
+   running is slightly more difficult to determine. If you wish to implement
+   this optional security measure, use the following command from a shell or
+   system prompt (while in the installation directory):
+
+          chmod a-r CHANGELOG.txt
+
+   Note that the example only affects CHANGELOG.txt. To completely hide
+   all documentation files from public view, repeat this command for each of
+   the Drupal documentation files in the installation directory, substituting the
+   name of each file for CHANGELOG.txt in the example.
+
+   For more information on setting file permissions, see "Modifying Linux, Unix,
+   and Mac file permissions" (http://drupal.org/node/202483) or "Modifying
+   Windows file permissions" (http://drupal.org/node/202491) in the online
+   handbook.
 
 7. CRON MAINTENANCE TASKS