A Drupal Module (Module: Filedepot) requires us to set up and configure a Private File system path to set up a directory to (safely) store private documents on our EC2 Bitnami Cloud Server. Files that can not be directly accessed by your web server but can be accessed by Drupal.
The private file system should be located outside of the website's public html directory to provide a far more secure file repository since the files can not be accessed directly by a URL and there is no need to use other filesystem security like .htaccess.
We read: "The default way to securely add a private directory for your files is to use a directory that can not be accessed directly by your web server, but can be accessed by Drupal. Ideally this directory should be located outside of your Drupal root folder."
Also: "Ideally this directory should be located outside of your Drupal root folder." "It's not for certain you can choose a directory located outside of your Drupal root folder (or actually outside your web root) if you are on a shared host. If you do have access though, you can choose a private directory which will be on the same level as your web root directory (often called public_html or www or similar)"
Some more explanation on Drupal files can be found at: http://drupal.org/documentation/modules/file
Our file route on EC2 Bitnami Drupal looks like: opt/bitnami/apps/drupal/htdocs/sites/mydomain.com/ with sub-folders: ..com/files/ ...com/htdocs/ and ...com/themes
So where on our server should we create this folder - confused as we are with the above and the Bitnami Cloud specifics - which folder/file ownership and folder/file permissions are necessary ?
What if we want to create a secure private folder(s) (1) only for a certain domainname site like /mydomain.com/ or (2) alternatively for two domainname sites /mydomain.com/ and /mydomain2.com/ on our Drupal Multi site configuration ?
Or should we create one private folder directory with sub-domains etc ?
Which changes to .htaccess or other files are needed ?
Thanking you in advance for you assistance
P.S. I just came across the following weblink with instructions on private folder creation:
"In Drupal 7 create the "files" and "private" directories, set permissions and ownership:
sudo mkdir -p /var/www/www.example.com/sites/default/files/private
sudo chown root.www-data /var/www/www.example.com/sites/default/files
sudo chmod 775 /var/www/www.example.com/sites/default/files
sudo chown root.www-data /var/www/www.example.com/sites/default/files/private
sudo chmod 770 /var/www/www.example.com/sites/default/files/private
Question remains whether this creates the needed 'secure private folder" and how 'private folders' can be created for separate domainnames in the Drupal Multisite set up ?