moodledata directory ownership

moodledata directory ownership

ved Leo Butler -
Antal besvarelser: 7

I have a fresh install of moodle 3.6 from the stable branch of the git repository. It is installed on (x)ubuntu 18.04 with the standard AMP packages from that distribution, plus the STACK plugin, also from its git repository. This install is on a VM sitting behind an apache reverse proxy (to expedite maintenance).

I have the document root /var/www/html with moodle in /var/www/html/moodle and

$CFG->dataroot  = '/var/www/moodledata';

Thus far, everything looks to be running smoothly, but there is a detail that is annoying me. The system user that runs apache (www-data) owns all the directories under dataroot, except for trashdir and muc (owned by root:root). And the permissions on each of the subdirectories are 0777.

I have 2 questions:

  1. why are those 2 directories root owned? (and do they need to be?)
  2. why are the permissions not more restrictive? What else might be writing to those directories?
I would like to change the subdirectory ownership to www-data:moodle, the permissions to 0770, and use the moodle group to control access. But, I would like to know the answer to those questions, beforehand...

Any help is appreciated.
Gennemsnitsbedømmelse: -
I svar til Leo Butler

Re: moodledata directory ownership

ved Howard Miller -
Billede af Core developers Billede af Documentation writers Billede af Particularly helpful Moodlers Billede af Peer reviewers Billede af Plugin developers

As there is no way that the web server created those directories with root permissions then the only other explanation is that the root user did. Possibly you? Was the site installed or upgraded from the command line as the root user (which you are advised NOT to do for this very reason)?

Regarding the permissions for newly created directories, then I can't do much better than the comments in config-dist.php...

//=========================================================================
// 4. DATA FILES PERMISSIONS
//=========================================================================
// The following parameter sets the permissions of new directories
// created by Moodle within the data directory.  The format is in
// octal format (as used by the Unix utility chmod, for example).
// The default is usually OK, but you may want to change it to 0750
// if you are concerned about world-access to the files (you will need
// to make sure the web server process (eg Apache) can access the files.
// NOTE: the prefixed 0 is important, and don't use quotes.
$CFG->directorypermissions = 02777;
Gennemsnitsbedømmelse:Useful (2)
I svar til Howard Miller

Re: moodledata directory ownership

ved Visvanath Ratnaweera -
Billede af Particularly helpful Moodlers Billede af Translators
If you want to follow a different line, say $CFG->directorypermissions = 02750, changing the dataroot permissions and ownership to your new values (chmod -R, chown -R) is OK.
Gennemsnitsbedømmelse:Useful (2)
I svar til Visvanath Ratnaweera

Re: moodledata directory ownership

ved Visvanath Ratnaweera -
Billede af Particularly helpful Moodlers Billede af Translators
Well, chmod should differentiate between files and directories. So the correct command is `find /path/to/moodledata -type f -exec chmod XXX {} \;` for files and -type d for directories.
Gennemsnitsbedømmelse: -
I svar til Howard Miller

Re: moodledata directory ownership

ved Leo Butler -
Gennemsnitsbedømmelse: -
I svar til Leo Butler

Re: moodledata directory ownership

ved Leo Butler -

The email filter removed the body of that reply. Here it is:


> by Howard Miller - Tuesday, February 5, 2019, 4:27 AM
> ---------------------------------------------------------------------
> As there is no way that the web server created those directories with root
> permissions then the only other explanation is that the root user did.
> Possibly you? Was the site installed or upgraded from the command line as
> the root user (which you are advised NOT to do for this very reason)?

No, the whole site was set up under opt by user moodle and root copied
things into place. I will guess that the ownership was not corrected for
those two directories.

> Regarding the permissions for newly created directories, then I can't do
> much better than the comments in config-dist.php...

Thanks for the pointer. RTFM, as always.

I changed the ownership and permissions on those directories and the
setting in config.php with apparent success.

Thanks,
Leo

Gennemsnitsbedømmelse: -