Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Pedro Martins Da Torre -
Number of replies: 7

While I was manually setting up Moodle 1.9.2 on a Windows Server 2003 machine with IIS6 I came across the http://docs.moodle.org/en/Installing_Moodle#Creating_the_data_directory article. It describes how to secure the moodle and moodledata folders, but most of the 'How To' info applies to Apache and Unix.

How do I configure IIS & Windows - what permissions must I set? And HOW do I set those permissions? blush

Moodle is running on d:\moodle which I've setup as a virtual directory in IIS.
My data folder is: d:\moodledata

The server is a dedicated inhouse machine - not shared space that I rent from a third-party host...

Average of ratings: -
In reply to Pedro Martins Da Torre

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Richard Enison -
PMDT,

The answer to the first question - what permissions must I set? - is the same as it is with Apache and Unix. As for the second question (how), that is another story.

I'm no expert on IIS, but from what I've read in the forums and elsewhere on the WWW, what you need to do is right click on moodledata in a folder window of d:\, and select properties. Then you need to select the tab that deals with sharing or security or such; I don't recall the exact name and I don't have that tab on my PC because I don't have a network. But the main thing is you need to be able to set permissions (or rights) like read, write, and execute. If you can't do that in the tab you're in, try another.

Now IIS needs to have full rights to moodledata, so you need to grant all three of the rights I've named to IWAM_computername (I think that's the user that would apply). Also, wiseguy hackers out there in internetland with browsers need to be excluded from any access to moodledata, so grant no rights to IUSR_computername.

Check with the IIS help screens and docs in case I got some detail wrong, but I think that's the basic idea. If that doesn't work, it might be necessary to go into IIS Manager to set the directory rights.

There are some documents on the web on IIS that have been mentioned in these forums. Unfortunately, none of them seem to have much to say about moodledata permissions. Here is a partial list:

http://moodlewindows.k-net.co.za
http://www.peterguy.com/php/install_IIS6.html
http://technet.microsoft.com/en-us/library/cc778778.aspx
http://excellence.qia.org.uk/page.aspx?o=ferl.aclearn.resource.id8811 (this one suggests using your ftp program to set file and directory permissions)
http://www.phplivesupport.com/documentation/viewarticle.php?aid=78&pid=8
http://www.filedropper.com/installingmoodleonwindowsserver2003-updated (click the big Download This File button)

But most of all, this Moodle forum discussion:
http://moodle.org/mod/forum/discuss.php?d=77868, especially the posts by RH, which is where I learned about IUSR and IWAM

RLE
Average of ratings: Useful (1)
In reply to Richard Enison

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Pedro Martins Da Torre -

Thank you. I will look at those resources...

Do I also have to set any permissions in the Moodle installation directory, or do permissions only have to be set for the Moodledata directory?

Average of ratings: -
In reply to Pedro Martins Da Torre

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Richard Enison -
PMDT,

While your subject line mentioned both folders, the content of your post seemed to concentrate on the data directory, so that's what I addressed. The answer is yes, both need to have the right permissions. The funny thing is that the installation instructions Installing Moodle talk about setting the permissions for the data directory but not the Moodle folder. There is some mention of the latter in Errors FAQ#Error:_.22500:Internal_Server_Error.22 (Unix-oriented of course!), which until recently was in Installation FAQ.

I just took a closer look at the first post by RH in the forum discussion I linked to at the end of my previous post,
http://moodle.org/mod/forum/discuss.php?d=77868#p346350, and I think he does a more thorough and probably more accurate job of describing both than I have, so I would refer you to that. The only caveat I would add is that at least one of the other Moodle installation guide links in my previous post suggests, for security reasons, not accepting IIS's default home directory, c:\inetpub\wwwroot, but putting Moodle in a totally different location, such as c:\moodle. RH mentions this concern also, but he still suggests putting it under c:\inetpub. I don't know whether that matters. So my suggestion is to look at all the links in my previous post; I think each one contains info about IIS that is not in the others, so when you put them all together you have a more complete picture than if you just read one.

RLE
Average of ratings: -
In reply to Richard Enison

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Luis de Vasconcelos -

Richard,

I agree with Roy Hickman, c:\inetpub is hackers paradise on Windows. It's the first place they look when they want to deface a website.

In the message by Roy Hickman that you referred to he did imply that it is ok NOT to use the c:\inetpub folder when he said: "Actually, I would prefer to see them on drive D:". I'm running Moodle outside the c:\inetpub directory and everything is fine.

He also says: "Keep drive C: for operating system only." That's very good advice! Running Moodle (and PHP) on the D: drive separates the application layer from the operating system layer (assuming the OS is on the C: drive)and that is a good thing.

Average of ratings: -
In reply to Luis de Vasconcelos

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Francisco Olano -
I have this problem.

Two web servers (IIS + PHP + FastCGI) which I want to use a single folder in a cluster fileserver.

I tried:
- creating a new user, giving all the permissions to de shared folder, authenticate the working process + app pool with this user. and i get the error ERROR: You need to create the directory \\mclusterfs\fileshare\moodledata with web server write access (in the config.php is \\\mclusterfs\fileshare\moodledata)

- I connect this path to a network unit (Y ) , and i'm still getting the same error.

Any suggestions?
Average of ratings: -
In reply to Francisco Olano

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Luis de Vasconcelos -

I don't know much about clustering and Moodle but have a look at the Moodle Clustering thread. Maybe it will help...

Average of ratings: -
In reply to Pedro Martins Da Torre

Re: Windows server: How to set Moodle & Moodledata folder permisions on Windows Server & IIS

by Khaled Hamadmad -

HI There,

I just having problem opening or downloading the uploaded files ( means i can upload files related to courses)

but the problem actually is when I try to click on it ( open or download),
e.g. myDomain.com/pluginfile.php/491/mod_folder/content
/1/MyFileName.png?forcedownload=1

when i try to request the uploaded file, it replies with '404 not found, The requested document was not found on this server'

so what do you think the solution for this problem, i did not touch anything related to the configuration.

P.S: I have my Moodle installed on a shared hosting (Plesk ), do you think this issue is related to the hosting it self, permission, or anything else.

please help ASAP

thanks in advance

Average of ratings: -