Someone rattle my tree? ;)
If one looks at httpd.conf found in /etc/httpd/conf/ one can see that directories in /var/www/ have to have directives in the config for outside users to access those directories. One is defined as alloweable ... that of /var/www/icons/ which has been there for years. One will also find 'cgi-bin' at that location. That too has been there for as long as I can remember. Prior to PHP, Pearl used for interactive things and pearl scripts were located in cgi-bin. Directory is NOT browseable. Try it yourself: http://yoursite/cgi-bin/
IF all distros could decide and follow recommendations of LSB group, it would make life as systems admin easier. Document root ... where moodle code will go is /var/www/html/ That gives 'wiggle room' above html in /var/www/ for 'special directories' that cannot be accessed directly via browser without specific setup in httpd.conf.
So it makes it easy to manually create moodledata as root user in /var/www/ Then make sure apache user and apache group as ownership and permissions.
cd /var/www/
mkdir moodledata
chown apache:apache moodledata -R
Since moodledata isn't directly accessible and it should be only the apache user from Moodle code writing to that directory, it's 'fairly safe' to grant all persmission to read/write/execute to moodledata.
That explanation for this:
chmod ugo+rwx /var/www/moodledata -R
u - is user (apache)
g - is group (apache)
o - others ... all others.
'fairly safe' - op has already described who will have access to server as root or user that can su to root, so the only other way to be 'worried' is in the case where another AMP stack app is run from the server ... two of the more popular and thus most attacked/hacked IF not maintained, WordPress and Joomla.
So now when the install is run, moodle code will access moodledata as the apache user and group and it will work. ;)
Tip for op: check out the scripts in moodlecode/admin/cli/
There are some time savers and other 'fix it' scripts in there well worth the time to use.
As far as preferences for which distro ... the following personal interpretation/experience ...
Ubuntu's goal was (still is) to replace Windows ... thus it likes to be 'bleeding edge'. That has yin/yang if one wants stability.
CentOS, based upon RedHat Enterprise, thus following (somewhat) RedHat's direction: "we don't really care about engaging in any 'commercial war' (Mac vs PC vs Linux desktop). All we're going to do is make RH better and better." Thus CentOS is 'conservative'. This to mean, even in CentOS 7 one might/eventually have to use reputable 3rd party repos for how OP wants the box to run. PHP, MariaDB, other all have repos.
Won't comment on other Linuxes cept to say SuSIE (owned by Novell who has a 'special agreement' with Microsoft to be 'frenimies' hasn't bore the frutation promised or stated in the beginning of that 'agreement'. SuSIE much more Windows like.
Absolutely no comment on Windows. It's been said.
'spirit of sharing', Ken