I have a fresh install of moodle 3.6 from the stable branch of the git repository. It is installed on (x)ubuntu 18.04 with the standard AMP packages from that distribution, plus the STACK plugin, also from its git repository. This install is on a VM sitting behind an apache reverse proxy (to expedite maintenance).
I have the document root /var/www/html with moodle in /var/www/html/moodle and
$CFG->dataroot = '/var/www/moodledata';
Thus far, everything looks to be running smoothly, but there is a detail that is annoying me. The system user that runs apache (www-data) owns all the directories under dataroot, except for trashdir and muc (owned by root:root). And the permissions on each of the subdirectories are 0777.
I have 2 questions:
- why are those 2 directories root owned? (and do they need to be?)
- why are the permissions not more restrictive? What else might be writing to those directories?