moodledata directory ownership

moodledata directory ownership

yazan Leo Butler -
Yanıt sayısı: 7

I have a fresh install of moodle 3.6 from the stable branch of the git repository. It is installed on (x)ubuntu 18.04 with the standard AMP packages from that distribution, plus the STACK plugin, also from its git repository. This install is on a VM sitting behind an apache reverse proxy (to expedite maintenance).

I have the document root /var/www/html with moodle in /var/www/html/moodle and

$CFG->dataroot  = '/var/www/moodledata';

Thus far, everything looks to be running smoothly, but there is a detail that is annoying me. The system user that runs apache (www-data) owns all the directories under dataroot, except for trashdir and muc (owned by root:root). And the permissions on each of the subdirectories are 0777.

I have 2 questions:

  1. why are those 2 directories root owned? (and do they need to be?)
  2. why are the permissions not more restrictive? What else might be writing to those directories?
I would like to change the subdirectory ownership to www-data:moodle, the permissions to 0770, and use the moodle group to control access. But, I would like to know the answer to those questions, beforehand...

Any help is appreciated.
Puan ortalaması: -
Leo Butler yanıt olarak

Re: moodledata directory ownership

yazan Howard Miller -
Core developers 'ın resmi Documentation writers 'ın resmi Particularly helpful Moodlers 'ın resmi Peer reviewers 'ın resmi Plugin developers 'ın resmi

As there is no way that the web server created those directories with root permissions then the only other explanation is that the root user did. Possibly you? Was the site installed or upgraded from the command line as the root user (which you are advised NOT to do for this very reason)?

Regarding the permissions for newly created directories, then I can't do much better than the comments in config-dist.php...

//=========================================================================
// 4. DATA FILES PERMISSIONS
//=========================================================================
// The following parameter sets the permissions of new directories
// created by Moodle within the data directory.  The format is in
// octal format (as used by the Unix utility chmod, for example).
// The default is usually OK, but you may want to change it to 0750
// if you are concerned about world-access to the files (you will need
// to make sure the web server process (eg Apache) can access the files.
// NOTE: the prefixed 0 is important, and don't use quotes.
$CFG->directorypermissions = 02777;
Puan ortalaması:Useful (2)
Howard Miller yanıt olarak

Re: moodledata directory ownership

yazan Visvanath Ratnaweera -
Particularly helpful Moodlers 'ın resmi Translators 'ın resmi
If you want to follow a different line, say $CFG->directorypermissions = 02750, changing the dataroot permissions and ownership to your new values (chmod -R, chown -R) is OK.
Puan ortalaması:Useful (2)
Visvanath Ratnaweera yanıt olarak

Re: moodledata directory ownership

yazan Visvanath Ratnaweera -
Particularly helpful Moodlers 'ın resmi Translators 'ın resmi
Well, chmod should differentiate between files and directories. So the correct command is `find /path/to/moodledata -type f -exec chmod XXX {} \;` for files and -type d for directories.
Puan ortalaması: -
Howard Miller yanıt olarak

Re: moodledata directory ownership

yazan Leo Butler -
Puan ortalaması: -
Leo Butler yanıt olarak

Re: moodledata directory ownership

yazan Leo Butler -

The email filter removed the body of that reply. Here it is:


> by Howard Miller - Tuesday, February 5, 2019, 4:27 AM
> ---------------------------------------------------------------------
> As there is no way that the web server created those directories with root
> permissions then the only other explanation is that the root user did.
> Possibly you? Was the site installed or upgraded from the command line as
> the root user (which you are advised NOT to do for this very reason)?

No, the whole site was set up under opt by user moodle and root copied
things into place. I will guess that the ownership was not corrected for
those two directories.

> Regarding the permissions for newly created directories, then I can't do
> much better than the comments in config-dist.php...

Thanks for the pointer. RTFM, as always.

I changed the ownership and permissions on those directories and the
setting in config.php with apparent success.

Thanks,
Leo

Puan ortalaması: -