If you have your moodledata in the public web folder, I think you cannot get rid of the message unless you manage to move moodledata elsewhere, outside the web root.

You could try to create manually the moodledata folder outside the web space, then assign the web server user as the owner. Moving the moodledata involves updating config.php to reflect the new location.

Theis is a permissions/ownership issue in your data directory.  The best policy is probably to create the moodledata directory manually if you can.  You'll need to give the web server write permission to the directory to get moodle to work correctly you have 3 options:

1) Directory is owned by web server: 750

2) Directory is part of the web server group: 770

3) Directory is owned by you and part of your group: 777

The last one is obviously the least desireable, normally you want to use option #2.  That way you maintain ownership of the directory but the web server can also write to it.  You may need to contact your web host to get them to help you change group ownership on the directory.

I couldn't install moodle 2.0 R (and, as i can see, the problem is the same for 1.9.9 onwards).

My host (using PLESK IIS)  only let me to create folders inside httpdocs, but install.php couldn't continue: Dataroot location is not secure.

It is imposible to access root directory in my host, and I couldn't change the provider (so I HAVE to install the data directory inside the "public" folder or stop to use moodle).

As my server is windows, the .httpaccess don´t fix the security risks, I have to chage permissions. Now the "only" who have permission to access that folder is the Plesk IIS User (IUSR_Mydomain). This would be enought to have a secure access, right?. But  nothing changes and it is impossible to follow with the installation.

Has anybody have success installing moodle in ISS servers (all the ideas I found to fix my problem were for LINUX)?

It is possible to configure the config.php manually?

Thanks,

Quick way out of the moodledata security impasse! 

This has taken up the past EIGHT hours of my day and below is how I quickly solved the problem, with the help of my hosts 1and1.  Hopefully this will save others the sheer torment of an installation that will not proceed!!  I am on a linux shared server and do not have access to levels above my webroot (i.e. I can get into, but cannot see above, my htdocs/public_html folder).  I am not alone because I've been reading all the posts!

Skippable-rant: The web is full of people frustrated with Moodle and with their hosts because of this particular installation impasse.  It is utterly ridiculous that Moodle is configured to install in a way that will be defeated by most of the cheaper web hosts where access beyond the webroot is disallowed. Especially when the solution below is so simple.  Why on Earth is it not mentioned in the installation instructions!  

First, I had tried all the other offered solutions which have worked for some people but not for me: changing moodledata permissions to 750, 755, 700 etc; creating a .htaccess file etc.  No good.

My hosts 1and1 responded quickly (less than one hour) with the following suggestion which I am certain would also work on other hosts:

Regarding your Moodle installation, please change the destination of your [mydomain.co.uk] domain to "/moodle" to resolve the problem in the moodledata folder section. After changing the destination of the domain, please give it about 3-5 minutes for the server to refresh and after that, proceed with the installation. To change the destination of the domain, please follow the steps provided in the link below.

http://faq.1and1.co.uk/domains/domain_admin/domain_dest/2.html

As I say, this worked, and would work similarly for other hosts I am sure.  I chose to point my domain at moodle, as they suggested.  Obviously, this will not be the solution everybody wants.  But there is the option to create another folder for the domain to point at, and put moodledata alongside it and moodle itself (and any other sites using the same domain) inside it.  This creates a level of invisibility above the moodle folder that satisfies the installer!

This would work (with your domain configured to point here *) if you want to run your moodle as http://yourdomain.com/moodle:

1. /htdocs (no access above this point)
   1. /magicfolder1*
      1. /moodle
      2. /otherwebsite1
      3. /otherwebsite2
   2. /moodledata

In my case, my moodle is now to be found at http://mydomain.co.uk/ which works fine for me:

1. /htdocs (no access above this point)
   1. /moodle*
   2. /moodledata

Kind of obvious when we think about it!  So somebody with the permissions please add it to the installation instructions!

Paul

I had the same problem using Plesk; I could not write to a folder outside the website root.  Rather than play around with config files on my server (as suggested in other threads), I simply modified the installer script (install.php) to skip the data root check.

To do so, open install.php in a text editor.  Search for the following line of code (on my Moodle 2.3 install it was line 305):

}elseif(is_dataroot_insecure()){

 Change it to the following:

}elseif(FALSE){

Save it, upload to your server, and run the installer.  The script will now skip this check and you can proceed.

Of course, do this at your own risk; the check is there for a reason. At a bare minimum, set your data directory permissions to 770; this should provide a reasonable amount of security.

This same check existed in 1.x, but you had the option of ignoring it.  I would suggest displaying a stern warning and bringing this option back.

Good luck!