If a Moodle admin configures automated backup with the default Save to: value, i.e., the backup files are stored in the course directory, then members of a course (including students) can access the backups. Perhaps either this should not be a default, or the automated backup configuration page should warn of the risks involved? A possible risk is that students could download a backup and view sensitive information about the course -- information they would normally not be authorized to view.
I think perhaps there should be no default whatsoever, and when configuring automatic backup or running a backup for the first time, the user is forced to enter a location, and is told the consequences of where they put the file. You can't have a default that would be outside the Moodle directory because for each installation the user might want it in a different place.
Hi N!
One problem is there is no "Help" button on the backup page. Therefore, directions are sparse. I chose default because every other path I chose seem to be a problem. Instructions are needed so Admins/Teachers would know how to backup into safe (protected) directories within or outside of the Moodle directory. [I think this would be safer??]
If anyone knows how to have files backed-up into a secure directory would they please outline the procedure here. It would be appreciated.
Thanks in advance.
WP1
One problem is there is no "Help" button on the backup page. Therefore, directions are sparse. I chose default because every other path I chose seem to be a problem. Instructions are needed so Admins/Teachers would know how to backup into safe (protected) directories within or outside of the Moodle directory. [I think this would be safer??]
If anyone knows how to have files backed-up into a secure directory would they please outline the procedure here. It would be appreciated.
Thanks in advance.
WP1
Hi WP -- The procedure depends on a number of variables: the Moodle
host operating system; who has access to the host filesystem; the
permissions under which the backup process runs; which parts of the
host filesystem are served up by the host's web server software; etc.
For instance, the following would work if: the Moodle host is Unix-based; you have access to a command shell on the host with root permission and no untrusted people do; the backup process (initiated by cron) runs with root permission; the host's web server software is configured such that the following directory and its contents are not servable.
[in a command shell on the host with root permission]
# mkdir /moodle-backups
# chown root.root /moodle-backups
# chmod 700 /moodle-backups
[then, as Moodle admin, set Save to: on the backup configuration page to /moodle-backups]
As you can see, ideally the Moodle admin should be -- or should be working together with -- an experienced system administrator of the host operating system.
For instance, the following would work if: the Moodle host is Unix-based; you have access to a command shell on the host with root permission and no untrusted people do; the backup process (initiated by cron) runs with root permission; the host's web server software is configured such that the following directory and its contents are not servable.
[in a command shell on the host with root permission]
# mkdir /moodle-backups
# chown root.root /moodle-backups
# chmod 700 /moodle-backups
[then, as Moodle admin, set Save to: on the backup configuration page to /moodle-backups]
As you can see, ideally the Moodle admin should be -- or should be working together with -- an experienced system administrator of the host operating system.