In the Sitecore SDN Forums, Michael Lumpp just asked a very interesting question: “Do I have to have the ‘sitecore’ folder on the runtime server?” (i.e. does the running website need any files in the /sitecore folder)
I’ve been working with Sitecore for quite a while now and my first though on this reply was “Of course you cannot remove the Sitecore folder, because…” – well because what? So my second though was “Dammit i’ll try it out” – and…
System.Xml.XmlException: “The root element is missing”
To be frank, I’ve not once though to remove the Sitecore folder even from some of the major solutions I’ve been on – and it makes perfect sense. There really should be no runtime specific data in the /sitecore folder – well at least not in the /sitecore/admin, /sitecore/debug, /sitecore/login, /sitecore/shell, /sitecore/testing (actually /sitecore/testing sound like it should not have been released at all), and the folders not mentioned here sound like they at least could be removed on some projects. So why does it fail?
It seems one runtime file has snuck its way into the /sitecore folder – to be more precise: sitecore/shell/Security templates.xml. Because security is such a low level part of Sitecore and affects all reading of data via the API, and since all data in Sitecore are based on templates – even security data – initializing the templates for Users, Roles must be done before all data access through the normal API can begin (a genuine catch 22). The templates for security are therefore specified in a file – Security templates.xml.
Luckily this file – along with its path – is specified in the web.config and can therefore be moved (two changes are necessary – to find them search for the path), and – hey presto – the /sitecore folder can be removed with out exceptions being thrown.
Please note that there are other links in the web.config file which must be changed, e.g. /sitecore/nolayout.aspx which is used to show a pretty error page when a layout is not present on an item. But these should be fairly simple.
Also note that this is Sitecore 5.3 only – Sitecore 6 has an entirely different security architecture and therefore none of the above is probably valid.
Happy /sitecore deleting 🙂