Hello!
Would anyone be so kind to help me understand "Secure the Moodle files" section of "Installing Moodle" instruction?
First of all it says that it is "vital that the files are not writeable by the web server user" and suggests to make them (moodle core files) to be read-only for anyone except root user.
But then, literally few srtrings later, it says that "If you want to use the built-in add-on installer you need to make the directory writable by web server user". So it comes out that it is no so VITAL "that the files are not writeable by the web server user". Or did i miss something?
Question two: the same section suggests of using ACL's instead of simple UNIX file permissions. I know almost nothing about ACL's and hoping there is still a way to secure the Moodle files with good-old chown&chmod. Is it true?
Great thanks in advance!
Roman.
P.S. English is not my natural language, so i am sorry for all mistakes i made and will appreciate any corrections.