New to Moodle - Installation help

New to Moodle - Installation help

by Denver Williams -
Number of replies: 23
Hi all,

I'm new to the Moodle game and had some basic questions about installation.

Firstly, we will be using Moodle to provide online training packages to our customers. At this stage we are looking at setting up a website for the company and then want to have Moodle available to our clients from there so they can access the packages either by using Moodle or by downloading the packages for use on the client's preferred LMS.

So my question is, will I need to install a database on the hosted web server or will this be part of the Moodle install. I have read a few articles on installation and all of them say the database has to be created in advance before running the Moodle install. So my thinking is that I will need to have access to the server (at the OS level) to install the database and associated requirements?

Is my assumption correct?

Thanks in advance for your help.


Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Your assumption is correct.

Moodle is a server application so you *definitely* need access to the server to install it. You need to be able to create the database, create directories, load files and set ownership and permissions. Some of this is security critical too - so if this sounds mysterious allow time for learning it (not onerous) or find a/your server administrator wink

PS. The "one click" installers and scripts for evaluating Moodle on a personal PC are *not* suitable for server installation; in case you are tempted!

Average of ratings: -
In reply to Howard Miller

Re: New to Moodle - Installation help

by Denver Williams -
Thanks Howard,

Yes I figured out that I would need full "access" to the Server & OS etc. to manage all the requirements. I have just finished installing v3.0.2 on a CentOS VM within my local network. This has now confirmed that just having a domain hosted is not sufficient for what we need.

Thanks for the tip on the "one-click" installers, that is certainly good to know.

I'm not a novice in relation to Linux but far from being labelled a Linux Sysadmin.

Now to play around with things and see how I get on.

Cheers,
Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Denver Williams -

First snag... Moodle "installer" cannot create directory "/var/www/moodledata"

I manually created this directory with the following permissions:

chmod 777 /var/www/moodledata

*** this is owner has read/write/execute*** if I remember correctly???

then I ran...

chown -R apache:apache /var/www/moodledata
***this changes the 'owner' to the local "apache" account*** I think???

I did notice that on the moodle.docs site the recommendations for permissions were:

chown -R nobody:apache moodledata

"To change the permissions so that the owner has read,write and execute permissions, use something like this:"

chmod -R 0770 moodledata
I ran both these commands but still cannot progress further into the installation... what am I missing?

incidentally, to install moodle I followed the guide posted here.

Thanks again in advance.


Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Denver Williams -

These are the current permission settings on /var/www

I'm not too sure whether they are wrong or not?

Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
In detail these permission has a spectrum of possibilities depending on:
a) the Linux distribution
In one the owner of the Apache process is apache, in others www-data. Same with the group of "Apache".
b) How strict you want to have.
https://docs.moodle.org/en/Security_recommendations#Most_secure.2Fparanoid_file_permissions

Things become clear once you _understand_ what you are doing. They are very simple:
- the Apache process must be able to read, and only read, in $CFG->wwwroot
- the Apache process must be able to read and write $CFG->dataroot
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: New to Moodle - Installation help

by Denver Williams -

Hi Visvanath,

In the current scenario (on my local home network) I'm not really too worried about the permissions but I want to get them right so that I can actually run the Moodle install and have a working LMS. However, the purpose of me running Moodle at home is basically to test and validate a proof of concept which I will evenutally move to a hosted server available on the Internet. So I guess this could be considered as my "Development" environment.

So with that said (for the Internet based solution) I would assume that the following would be my requirements from an access perspective;

1) All system accounts and groups required to have a fully functional LMS should have the proper permissions and should adhere to best practise in terms of security for a Moodle system that is accesible via the Internet.

2) Users will not be allowed to login to the server (OS) instance as such. This will be reserved for system administrators only via the root account or other adminstrator privileged accounts.

3)Users will only be allowed to login to the "Moodle LMS" application for the purpose of accessing the various courses and packages etc. I would assume that for this to happen each user/group will need to be created for the various clients etc.

I am currently running CentOS 7 build 1511 with all the latest updates installed for the packages running on the server.

Thanks,

Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Hi

You wrote:
> In the current scenario (on my local home network) I'm not really too worried about the permissions but I want to get them right so that I can actually run the Moodle install and have a working LMS.

That is the (original) question you asked. My answer is above: https://moodle.org/mod/forum/discuss.php?d=328309#p1320610.

> I would assume that the following would be my requirements from an access perspective; ...

That is a new development. All these are basic Unix/Linux concepts, not really a part of Moodle community support. How experienced are you in Unix/Linux. I see you are mixing up system accounts, shell users (and probably) Moodle users/administrators.
Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

Denver, I too have struggled with the ownership and the rights of the moodledata folder.  I am not an expert, but I can tell you that I normally create moodledata when I am logged into my server as administrator.  Yes, I do a mkdir moodledata, then a chmod 777 moodledata.  But one can get tripped up.  Yes, you have tried changing the owner to apache and nobody, this might be correct, might not.

Here's what I suggest.  Go to the folder where you have moodle installed.  See who "owns" moodle, and what group moodle is in.  Then go back to where moodledata is installed.  Change its owner and group to the same as what you just observed for the moodle folder.  Give it a try, it might work.  No guarantees, but just brainstorming with you.

Average of ratings: -
In reply to Rick Jerz

Re: New to Moodle - Installation help

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Rick

What is the logic behind: 'Go to the folder where you have moodle installed. See who "owns" moodle, and what group moodle is in. Then go back to where moodledata is installed. Change its owner and group to the same as what you just observed for the moodle folder.' ?
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: New to Moodle - Installation help

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Because if the installer can see and recognize the moodle folder, then it is logical that applying the same permissions and ownership to the moodledata folder will also allow the installer to see that.

Average of ratings: -
In reply to Emma Richardson

Re: New to Moodle - Installation help

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Emma

Firstly, the question was clearly addressed to Rick, not you. Secondly, read carefully: Rick said, "Change its owner and group to the same as what you just observed for the moodle folder", you are talking about "applying the same permissions and ownership to the moodledata folder"!
sad

(In case you don't see the difference, your statement introduced the term _permissions_, which Rick didn't use.)
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: New to Moodle - Installation help

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

I think Denver has had success in whatever he has done.  In my install of moodle, the owner and group for the moodledata folder matches my moodle folder.  This is what I was attempting to say.  Permissions is something else.  For moodledata, I use 777.  For the moodle folder and files, I let the install take care of this.

Average of ratings: -
In reply to Visvanath Ratnaweera

Re: New to Moodle - Installation help

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

Probably no real logic, except weird history of what I experienced in the past.

A long time ago, I had tried using Plesk as my control panel to my VPS.  Somehow, I couldn't get Moodle to work on it.  I had noticed that Plesk had set up different ownership and rights on folders that I was creating.  Instead of trying to figure out exactly what was going on, I quickly switched to cPanel, did exactly the same things to install Moodle, and everything worked.  So the only thing that I noticed were differences in folder ownership and rights.

I am only trying to share my own experience in this discussion and clearly do not support it with any expert logic.  Sometimes this can help, and sometimes it doesn't.

Average of ratings: -
In reply to Rick Jerz

Re: New to Moodle - Installation help

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Hi Rick

"Empirical"? That is a different story!
wink

What I wanted to say to you is that the kind of Unix file permissions we are talking about is pretty simple. I spend 10 Min explaining it to out students and give them some exercises. That's it.

Find a tutorial which you like, and spend some time. Here's an example:http://www.perlfect.com/articles/chmod.shtml. It is an investment which you won't regret.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: New to Moodle - Installation help

by Marcus Green -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

I have been using Unix permissions since Xenix and Mark Williams Coherent and I am still a bit vague about it sad

Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Well, firstly, what does "cannot progress" actually look like?

I am not massively familiar with CentOS (Ken??), but if you do (as root)

mkdir /var/www/moodledata
chmod 0777 /var/www/moodledata

...then that will work in theory regardless of ownership. One thing that seems to repeatedly cause weird problems on CentOS is 'selinux'. Debian/Ubuntu seem to manage without it so I would turn the thing off myself - especially if you are getting unexplainable errors. 

Average of ratings: -
In reply to Howard Miller

Re: New to Moodle - Installation help

by Ken Task -
Picture of Particularly helpful Moodlers

Someone rattle my tree? ;)

If one looks at httpd.conf found in /etc/httpd/conf/ one can see that directories in /var/www/ have to have directives in the config for outside users to access those directories.   One is defined as alloweable ... that of /var/www/icons/ which has been there for years.   One will also find 'cgi-bin' at that location.  That too has been there for as long as I can remember.  Prior to PHP, Pearl used for interactive things and pearl scripts were located in cgi-bin.   Directory is NOT browseable.  Try it yourself: http://yoursite/cgi-bin/

IF all distros could decide and follow recommendations of LSB group, it would make life as systems admin easier.   Document root ... where moodle code will go is /var/www/html/    That gives 'wiggle room' above html in /var/www/ for 'special directories' that cannot be accessed directly via browser without specific setup in httpd.conf.

So it makes it easy to manually create moodledata as root user in /var/www/  Then make sure apache user and apache group as ownership and permissions.

cd /var/www/

mkdir moodledata

chown apache:apache moodledata -R

Since moodledata isn't directly accessible and it should be only the apache user from Moodle code writing to that directory, it's 'fairly safe' to grant all persmission to read/write/execute to moodledata.

That explanation for this:

chmod ugo+rwx /var/www/moodledata -R

u - is user (apache)

g - is group (apache)

o - others ... all others.

'fairly safe' - op has already described who will have access to server as root or user that can su to root, so the only other way to be 'worried' is in the case where another AMP stack app is run from the server ... two of the more popular and thus most attacked/hacked IF not maintained, WordPress and Joomla.

So now when the install is run, moodle code will access moodledata as the apache user and group and it will work. ;)

Tip for op: check out the scripts in moodlecode/admin/cli/

There are some time savers and other 'fix it' scripts in there well worth the time to use.

As far as preferences for which distro ... the following personal interpretation/experience ...

Ubuntu's goal was (still is) to replace Windows ... thus it likes to be 'bleeding edge'.  That has yin/yang if one wants stability.

CentOS, based upon RedHat Enterprise, thus following (somewhat) RedHat's direction: "we don't really care about engaging in any 'commercial war' (Mac vs PC vs Linux desktop).  All we're going to do is make RH better and better."   Thus CentOS is 'conservative'.   This to mean, even in CentOS 7 one might/eventually have to use reputable 3rd party repos for how OP wants the box to run.   PHP, MariaDB, other all have repos.

Won't comment on other Linuxes cept to say SuSIE (owned by Novell who has a 'special agreement' with Microsoft to be 'frenimies' hasn't bore the frutation promised or stated in the beginning of that 'agreement'.   SuSIE much more Windows like.

Absolutely no comment on Windows.  It's been said.

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: New to Moodle - Installation help

by Denver Williams -

@Rick - thanks sounds "logical" I will give that a go and see how things turnout.

@ Howard - I can't get past the page which shows the installation path... refer moodle03.jpg and I will look at disable "selinux" as well.

screen shot of installation process


Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Ken Task -
Picture of Particularly helpful Moodlers

@Denver ... short and sweet it is then ... as root user ...

manually create moodledata as root user in /var/www/  Then make sure apache user and apache group ownership and permissions.

cd /var/www/

mkdir moodledata

chown apache:apache moodledata -R

The web based installer can then see it and write to it as well set permissions the way it wants.

SELinux check:

/usr/sbin/sestatus
If it says 'enforcing' then ...

cd /etc/selinux
nano config

If, SELINUX= says enforcing change enforcing to permissive or disabled.

permissive will allow and log a 'complaint' in the logs that shows how to use SELinux tool to set proper SELinux permissions to the directories/files it was complaining about.  If setting to permissive, one could go back and 'harden' things then.   For now, probably best to set it to disabled.

Save the file.

This is one of the few times restart of server is advised.

reboot [ENTER]

After server has restarted, pick up where you left off on installing Moodle.

check if httpd started: ps aux |grep httpd

check if mysqld started: ps aux |grep mysqld

Your ready to go .... do! ;)

'spirit of sharing', Ken

Average of ratings: Useful (1)
In reply to Denver Williams

Re: New to Moodle - Installation help

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

The message in the blue box says that you are trying to put moodledata into a web accessible location, which shouldn't be done.  The red box seems to deny you making this mistake, but I was not aware that the Moodle installer might now be preventing users from making this mistake.

Is www the folder that is exposed to the Internet?

Is 192.168.1.150 a real URL?

I am not an expert about these issues, I am just trying to brainstorm a little with you.

Average of ratings: -
In reply to Rick Jerz

Re: New to Moodle - Installation help

by Denver Williams -

@Ken - As we say here in New Zealand "You're a bloody LEGEND mate!" - I redid the permissions and install was able to progress.

There were a few extra things I needed to do which weren't covered off in the guide I was using (refer to previous posts).

I created a moodle specific DB account, then had to find ot which port the db was using (3306 in this case).

Then lastly, the installer didn't have permisions to create the config.php file so I manually created this and then copied the PHP code provided into the config.php file and away it went.

Site is now up and running so very happy with the result.

@Rick - the URL is on my internal local LAN so not accessible to anyone except the users on my home network. From my limited knowledge I don't think the WWW folder would be accsessbile only the items in /var/www/html - I could be wrong.

Very happy with the result and I will probably blow the install away and start over now that I know what needs to be done.

Thank you to all the contibutors, this has been a great community and learning experience.

Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Ken Task -
Picture of Particularly helpful Moodlers

Great!  Glad to hear it.   Really!!!??? don't think I've ever been referred to as that!   But thanks!

As far as port for the DB ... yes, it needs to be open in the firewall, but ... if running the DB server on the same host as the moodle app, linux really uses a socket connection as opposed to talking to the port.   If it talked to the port, that would be looping to the NIC then back inside to the DB.  Un-necssary traffic on the NIC.

IF the DB was remotely hosted then yes, uses port.

Reasons for having the port open and restricting user access from outside the box ... you might find a client app that's nice and desire to work remotely on the DB.   Me, I prefer to keep it 'localhost' only.  Opened port not restricted is just one more poke and probe point one would have to watch.

'spirit of sharing', Ken

Average of ratings: -
In reply to Denver Williams

Re: New to Moodle - Installation help

by Ken Task -
Picture of Particularly helpful Moodlers

Since you are still in the testing mode ... how about installing via git?  Advantage ... whatever version you install is upgradable via command line and takes a lot less effort than any other method.

As root (still on CentOS box) and there is no previous moodle installation:

Install git: yum install git [ENTER] press 'y' [ENTER] after getting a look see at what will be installed.

mysql -u root -p[password]

at the mysql> prompt:  create database moodlegit character set utf8 collate utf8_general_ci;

quit mysql>: \q [ENTER]

cd /var/www/

mkdir moodledata

chown apache:apache moodledata -R

git clone git://git.moodle.org/moodle.git htmlnew

cd htmlnew

git branch --track MOODLE_39_STABLE origin/MOODLE_30_STABLE

git checkout MOODLE_30_STABLE

fgrep '$release' version.php (checks the version of code)

cd ../ (you are now located in /var/www/

mv html htmlold

mv htmlnew html

cd html

php admin/cli/install.php

* you will be prompted to fill in info about the site ... same info you saw in the web based install

When it finishes:

chown apache:apache * -R

Done!  Hit site with browser and login as the admin user you created in the CLI install.

When an update is available .. backup the DB using mysqldump.  backup the code directory by creating a tar ball of /var/www/html and save into something like /home/backup/

As root user:

cd /var/www/html/  (moodle code is here)

php admin/cli/cron.php

php admin/cli/maintenance.php --enable

git pull

To see version: fgrep '$release' version.php

To update:

php admin/cli/upgrade.php --non-interactive

When it finishes:

chown apache:apache * -R

php admin/cli/purge_caches.php

php admin/cli/maintenance.php --disable

Done!

Hit site with browser and check things out!

All check out?   Run a backup of the DB and the code as mentioned above only this time name the backups that indicate version number ... 302, etc..

All of the above could be put into one simple bash shell script ... the backup commands as well.

Upgrades within a series (like from 3.0.2+ to the next to be released 3.0.3 takes literally minutes.

'spirit of sharing', Ken

Average of ratings: -