File Permissions after upgrade to 3.9

File Permissions after upgrade to 3.9

by Dennis Fulton -
Number of replies: 2

I upgraded to Moodle 3.9 at the same time I create a new VPS running CentOS 8 (I know, not the smartest thing to do changing two things at the same time.)  My old system was running Moodle 3.8 on CentOS 7.  I was surprised to see the different requirements for file permissions.  Don't know if anyone ran into this or not:

3.8 on CentOS 7
  -- moodledata  apache:apache 755
  -- moodle root:root 755

3.9 on CentOS8
  -- moodledata apache:apache 777
 -- moodle root:root 755

Moodledata would not run without 777.  I had to change /moodle/mod and /moodle/themes  to 777 to install a theme and some plugins.

Don't like the idea of 777 file permissions; but I am up and running.



Average of ratings: -
In reply to Dennis Fulton

Re: File Permissions after upgrade to 3.9

by Ken Task -
Picture of Particularly helpful Moodlers

selinux is still present in CentOS 8.

As long as moodledata is in /var/www/ and you do NOT have any apache configuration granting access then it's 'safe' (or as safe as anything can be on the web these days).

As an assurance?   One could use an .htaccess file in moodledata root.  I just installed a fresh 3.9 on  CentOS 7 and that file was present by default.

cat .htaccess
deny from all
AllowOverride None
Note: this file is broken intentionally, we do not want anybody to undo it in subdirectory!

Realize this is hind sight .... and probably 2 cents, but ....

'SoS', Ken


Average of ratings: -
In reply to Ken Task

Re: File Permissions after upgrade to 3.9

by Dennis Fulton -

Great idea on the .htaccess file.   Thanks!  3.9 is looking pretty good.

Average of ratings: -