- Identify the web server user: Find out the user that your web server is using. This can be different based on your system, such as www-data, www, apache, httpd, etc.
-
Set the web server user as owner.
-
On Ubuntu/Debian (Apache): usually www-data
-
On CentOS/RHEL: usually apache
chown -R www-data:www-data /var/www/html/moodle
-
Directory Permissions
sudo find /var/www/html/moodle -type d -exec chmod 755 {} \;
File Permissions
sudo find /var/www/html/moodle -type f -exec chmod 644 {} \;
Config.php file (Extra Security)
chmod 640 /var/www/html/moodle/config.php
Summary of the above:
-
Directories: 755
-
Files: 644
-
config.php: 640
-
moodledata: 770 (not web-accessible, only web server user can write)
-
Owner: www-data:www-data
For Moodledata
sudo chown -R www-data:www-data /var/www/moodledata
sudo find /var/www/moodledata -type d -exec chmod 770 {} \;
sudo find /var/www/moodledata -type f -exec chmod 660 {} \;
Extra Security Config:
Make sure moodledata is outside your web root.
So; in your Apache (in your site config):
<Directory /var/www/moodledata>
Deny from all
</Directory>
NGINX
location /moodledata {
deny all;
return 403;
}
These commands are executed in the terminal and assume you have the necessary permissions (sudo). Make sure to replace “/path/to/” with the actual path to your Moodle directories.