Security and privacy

File permissions on webroot vs installing plugins

 
Picture of Tom Smith
File permissions on webroot vs installing plugins
 
Hi
In the installation guidance [https://docs.moodle.org/33/en/Installation_quick_guide], it says

Check the permissions and make sure that the web server does not have permissions to write to any of the files in the Moodle code directories (a very common root cause of sites being hacked).


I am interpreting this as the /var/www/moodle directory which is the webroot for our 3.4 installation on Ubuntu 16.04. If I set this directory to be read-only to the Apache2 user (www-data), surely installing plugins etc will not work? And thus upgrading existing plugins won't work?

Not sure how these two clash. Any advice appreciated.

THanks


 
Average of ratings: -
Picture of Ken Task
Re: File permissions on webroot vs installing plugins
 
Average of ratings: -