In the installations manual https://docs.moodle.org/403/en/Installing_Moodle
i find 2 different chown commands.
chown -R root /path/to/moodle
vs
chown www-data /path/to/moodle
Im logged in as root at a fresh installed ubuntu 22.04 cloud server.
What is the right command or what is the difference?
There are people who do this. I never give write permissions to the web server on anything in the DocumentRoot. For me 'chown -R root /path/to/moodle' is right.
P.S. I generally avoid 'root'. So in my case it will be 'chown -R me /path/to/moodle'. So that I don't have to work as 'root'. But that is a nuance.
But note that the web server needs read permissions. I would 'chgrp -R www-data /path/to/moodle' and see that files have 640 (rw-r----) and directories 750 (rwxr-x---) flags.
Absolutely *do not* give write permissions to the web server on a production system for the Moodle program files. There is a class of PHP "worms" that can rewrite your PHP files if they get in and have permissions.
It is, however, acceptable on a local test/development server where you might want to make use of the plugin installation and upgrades. Just to be clear I would definitely not set up a live Moodle site such that installing or updating plugins through the admin interface was allowed. A very bad idea.
It is, however, acceptable on a local test/development server where you might want to make use of the plugin installation and upgrades. Just to be clear I would definitely not set up a live Moodle site such that installing or updating plugins through the admin interface was allowed. A very bad idea.
The general rule is to always give the minimum permissions to get the job done.
root and www-data refer to the user who will own the files.
root is the main administrative account for the server. www-data is in this case the user that the web server (apache or nginx) runs as.
In the first case, the example is setting ownership and permissions of the Moodle code files so that www-data cannot modify them. This is a security precaution to prevent someone accessing your site via the web from altering the PHP code. When a user makes a request, the code runs on your server as the www-data user so you don't want that user being able to change the code that runs.
In the second case, you are setting ownership and permissions of Moodle's data directory so that www-data can modify them. This is where files uploaded by users will be stored, so the www-data need to be able able to write them to a directory.
Ok. Thanks. Here ist it explained right. https://docs.moodle.org/403/en/Upgrading
In the case of the next backup, that is also right? chown -R root:root /var/www/html/moodle
Or does in the backup process (after copying the new files and proceed the backup with the browser) /var/www/html/moodle other rghts?
Or does in the backup process (after copying the new files and proceed the backup with the browser) /var/www/html/moodle other rghts?
An the crontab entry is still right here? crontab -u www-data -e
1. chown -R root /path/to/moodle:
This command changes the owner of the /path/to/moodle directory and all its subdirectories and files to the root user.
2. chown www-data /path/to/moodle:
This command changes the owner of the /path/to/moodle directory and its contents to the www-data user. This is typically associated with web servers like Apache or Nginx on your Ubuntu.
So its it's recommended to use
chown -R www-data /path/to/moodle
This command changes the owner of the /path/to/moodle directory and all its subdirectories and files to the root user.
2. chown www-data /path/to/moodle:
This command changes the owner of the /path/to/moodle directory and its contents to the www-data user. This is typically associated with web servers like Apache or Nginx on your Ubuntu.
So its it's recommended to use
chown -R www-data /path/to/moodle
Here is more detail https://docs.moodle.org/402/en/Installing_Moodle_on_Debian_based_distributions .
Installing_Moodle_on_Debian_based_distributions#Step_5:_Create_a_data_directory_and_set_Moodle_directory_permissions is wrong - or at least lame - in the eyes of old school system administrators. Why? I explained in my previous reply and I have Howard's vote. 
Seriously, see Mark's post for a longer explanation.
@nobody in particular: Why is Unix file permissions an endless topic!
But from the document mentioned:
Secure the Moodle files: It is vital that the files are not writeable by the web server user.
Which is exactly what chown -R www-data /path/to/moodle chmod 0755 /path/to/moodle will do.
If the owner is set to root instead, www-data will have read and execute only as an "other".
Installing plugins will not a temporary permission change.
Secure the Moodle files: It is vital that the files are not writeable by the web server user.
Which is exactly what chown -R www-data /path/to/moodle chmod 0755 /path/to/moodle will do.
If the owner is set to root instead, www-data will have read and execute only as an "other".
Installing plugins will not a temporary permission change.
I'm going to stick with my usual advice - do NOT install plugins through the UI on a production server. There are lots of better ways.
The temptation / rookie mistake is to install an untested plugin AND to run the upgrade script without first taking a backup. Both of which might end in tears.
The temptation / rookie mistake is to install an untested plugin AND to run the upgrade script without first taking a backup. Both of which might end in tears.
We have a contradiction in our Moodle docs. Do we
- Advise the owner of Moodle code should be root
- Advise the owner of Moodle code should be www-data
- Explain under what circumstances root or www-data should be used
- Do nothing to our documentation because it is too difficult and cope with confused installers through describing Linux commands on this forum.
You're probably not going to be surprised by my response...
I don't believe we should "spoon feed" advice like this. We can give general guidance but if you are going to run a live Moodle site on the public Internet then you have some responsibility to know what you are doing. Advice is happily and freely given in these forums but it all depends on your circumstances and requirements.
Even taking somebody through a "click by click" installation for a particular OS isn't much better than just saying "use Softaculous, then". There's more to running a server than getting Moodle to work.
I don't believe we should "spoon feed" advice like this. We can give general guidance but if you are going to run a live Moodle site on the public Internet then you have some responsibility to know what you are doing. Advice is happily and freely given in these forums but it all depends on your circumstances and requirements.
Even taking somebody through a "click by click" installation for a particular OS isn't much better than just saying "use Softaculous, then". There's more to running a server than getting Moodle to work.
+20 to Howards honest response.
Will only add that it's a 'journey' .... fore-ever on-going ... and never really ending! 
And I don't claim my sites to be 100% secure either for those that would do harm to anything just because they can, are always ahead of the 'white hats' ... for a while!
Docs for Moodle ... OP needs to follow the ones meant for their operating system:
uname -an will get ya that!
Anyhoo ...
'SoS', Ken
One would hope that new moodle users/admins will choose a hosting providers package that has enough 'umph' to run a moodle. Unfortunately, not always the case, and, to make matters slightly worse, hosting provider won't go very deep or at all with installing applications (like Moodle) for such users.
Directions leave out a 'common' situation ... shared hosting (ugh!) - of the cheapest kind.
With such a setup/account, account user cannot use root nor www-data even if they have opted the 'most expensive' offering.
Even when hosting provider migrates customers account to a VPS they still find themselves (or their moodle code at least) in a 'user jail' ...
/home/accountlogin/publc_html/. They can, with some provirders, su to root via cPanel's terminal however. And even see/use/set up /var/www/ area for sites ...
Anyhoo, just thought I'd add 2 cents!
'SoS', Ken
Ok, while I agree to an extent with Howard and Ken, I am going to support James here. As someone who originally started to learn linux by setting up a moodle server from scratch (had never worked with linux before. had it up and running in a day), I think we could at least have some clarity in the docs...or at least explain the benefits/downsides to both options...yes, we are volunteers and the docs are a wiki editable by anyone, that does not mean that they should not be as helpful as possible. I remember that it took me way longer to gather up the courage to try than it did to actually get it done and it due to forum posts I had found that had solid step by step instructions. I still look for those kind of instructions when tackling something new with a server. I have enough knowledge now to know what commands are doing but it is still super helpful to have them listed out.
Thanks for all your information.
Forums like this helped me to learn from scratch
- to admin a php forum for my sales team
- switching from Windows to Linux Mint last year
- and last week i was so brave to ordered a cloud server on hetzner and was able to run Mautic (sales automatic system for e-mail newsletter and so on) and now Moodle runs. I'm proud of myself to were able to install this. Was not so easy as a newbie and took a long time to look the youtube tutorials or read the install docs.
I'm not programmer - i'm still a person, who likes independence and security for my data and my content.
i only was able because of help of people like you.
Thanks a lot.
Forums like this helped me to learn from scratch
- to admin a php forum for my sales team
- switching from Windows to Linux Mint last year
- and last week i was so brave to ordered a cloud server on hetzner and was able to run Mautic (sales automatic system for e-mail newsletter and so on) and now Moodle runs. I'm proud of myself to were able to install this. Was not so easy as a newbie and took a long time to look the youtube tutorials or read the install docs.
I'm not programmer - i'm still a person, who likes independence and security for my data and my content.
i only was able because of help of people like you.
Thanks a lot.
Can you explain (in detail) where the contradictory instructions are? I'd be happy to take a look. I'm not clear as it stands.
EDIT:
Ahh... spotted what you mean. I changed it so that they are both 'root' (in the 4.3 docs). I think that's "safe" but I would absolutely encourage you to understand the consequences of these choices for whatever hosting/OS you are using.
In the interests of keeping that page reasonably succinct, I'd be reluctant to get into a "discussion" about this. If you don't know, you can find out or ask. If this gets too long we'll just hit TL;DR