moodledata directory ownership

moodledata directory ownership

by Leo Butler -
Number of replies: 7

I have a fresh install of moodle 3.6 from the stable branch of the git repository. It is installed on (x)ubuntu 18.04 with the standard AMP packages from that distribution, plus the STACK plugin, also from its git repository. This install is on a VM sitting behind an apache reverse proxy (to expedite maintenance).

I have the document root /var/www/html with moodle in /var/www/html/moodle and

$CFG->dataroot  = '/var/www/moodledata';

Thus far, everything looks to be running smoothly, but there is a detail that is annoying me. The system user that runs apache (www-data) owns all the directories under dataroot, except for trashdir and muc (owned by root:root). And the permissions on each of the subdirectories are 0777.

I have 2 questions:

  1. why are those 2 directories root owned? (and do they need to be?)
  2. why are the permissions not more restrictive? What else might be writing to those directories?
I would like to change the subdirectory ownership to www-data:moodle, the permissions to 0770, and use the moodle group to control access. But, I would like to know the answer to those questions, beforehand...

Any help is appreciated.
Average of ratings: -
In reply to Leo Butler

Re: moodledata directory ownership

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

As there is no way that the web server created those directories with root permissions then the only other explanation is that the root user did. Possibly you? Was the site installed or upgraded from the command line as the root user (which you are advised NOT to do for this very reason)?

Regarding the permissions for newly created directories, then I can't do much better than the comments in config-dist.php...

//=========================================================================
// 4. DATA FILES PERMISSIONS
//=========================================================================
// The following parameter sets the permissions of new directories
// created by Moodle within the data directory.  The format is in
// octal format (as used by the Unix utility chmod, for example).
// The default is usually OK, but you may want to change it to 0750
// if you are concerned about world-access to the files (you will need
// to make sure the web server process (eg Apache) can access the files.
// NOTE: the prefixed 0 is important, and don't use quotes.
$CFG->directorypermissions = 02777;
Average of ratings: Useful (2)
In reply to Howard Miller

Re: moodledata directory ownership

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
If you want to follow a different line, say $CFG->directorypermissions = 02750, changing the dataroot permissions and ownership to your new values (chmod -R, chown -R) is OK.
Average of ratings: Useful (2)
In reply to Visvanath Ratnaweera

Re: moodledata directory ownership

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Well, chmod should differentiate between files and directories. So the correct command is `find /path/to/moodledata -type f -exec chmod XXX {} \;` for files and -type d for directories.
Average of ratings: -
In reply to Howard Miller

Re: moodledata directory ownership

by Leo Butler -
Average of ratings: -
In reply to Leo Butler

Re: moodledata directory ownership

by Leo Butler -

The email filter removed the body of that reply. Here it is:


> by Howard Miller - Tuesday, February 5, 2019, 4:27 AM
> ---------------------------------------------------------------------
> As there is no way that the web server created those directories with root
> permissions then the only other explanation is that the root user did.
> Possibly you? Was the site installed or upgraded from the command line as
> the root user (which you are advised NOT to do for this very reason)?

No, the whole site was set up under opt by user moodle and root copied
things into place. I will guess that the ownership was not corrected for
those two directories.

> Regarding the permissions for newly created directories, then I can't do
> much better than the comments in config-dist.php...

Thanks for the pointer. RTFM, as always.

I changed the ownership and permissions on those directories and the
setting in config.php with apparent success.

Thanks,
Leo

Average of ratings: -
In reply to Leo Butler

Re: moodledata directory ownership

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

RTFM is dead easy when you already know the info is there somewhere wink

Average of ratings: -