Moodle LMS is an advanced, feature-rich Learning Management System (LMS) that can operate reliably and performs well with sufficient CPU and memory right out of the box. When incorrectly installed, it can lead to a frustrating experience and misplaced blame on Moodle. This article deals with the third most common installation error, incorrect file and directory permissions of your Moodle application and moodledata files and folders.
Moodle needs to be able to create, read, write and delete files on your web server. I can’t begin to list the myriad of things that can go wrong if your web server has insufficient file and directory permissions. This is a common installation mistake, especially if you installed Moodle from the command line.
Server administrators sometimes set the Moodle application file area to be read-only for security reasons. For example, this might be to prevent the installation of themes and plugins in a managed Moodle LMS hosting environment (e.g. MoodleCloud), or you are running Moodle LMS in a virtual containerized environment (e.g. Docker). This is quite common and these are perfectly valid reasons for doing this. However, if this was not the intention, your website just isn’t showing any indications of life, or you want to but cannot install plugins from inside Moodle, your web server likely has a file and directory permissions issue.
Moodle LMS also needs to have full access to the moodledata folder. It uses this workspace for multiple purposes such as storing course files, caching files, storing additional/custom language strings and more. Moodle LMS must therefore have full control of that space.
How Moodle LMS Owner, Group and Permissions issues happen
File and directory permissions can be confusing to new server administrators until they realize that the web server service is often running under a different user than they are.
For example, this type of issue can happen when you perform the following from a command line terminal or using an SSH application like WinSCP:
- Installing Moodle;
- Cloning a Moodle server;
- Restoring a backup of a Moodle site;
- Updating or upgrading Moodle;
- Manually installing plugins and themes;
- Running commands as sudo or su (superuser);
- Running cron under the wrong user account; or
- Editing files like Moodle's config.php.
How to Fix Owner, Group and Permissions for Moodle LMS
Resolving this issue varies considerably from one server to another. You will need to:
- Determine your operating system. For example: Windows, MacOS, Ubuntu, Debian, openSUSE, SLES, CentOS, Fedora and Red Hat)
- Determine which web server software you are running. For example, iis, nginx, apache, apache2 or httpd - but it could be something else.
- Identify under which user your web server is running. For example www-data, root, apache or uid 1005 - but it could be something else.
- Determine to which groups the web server user belongs to. For example, www-data, root, apache or group gid 1005 - but it could be something else.
- Use the "chown" command to set the group for each of the files and folders to a group to which the web server user belongs.
For example, this often works on Ubuntu and Debian servers running Apache:
# Access your web server using a terminal.
# Change into the webroot of your Moodle LMS.
sudo find . -type d -exec chmod 2770 {} \;
sudo find . -type f -exec chmod 0660 {} \;
sudo chown -R $USER:www-data .
# Repeat these commands in the moodledata directory.What do these commands do? It uses the "find" command to set different permissions for files and folders.
- It sets the permission of all directories to 2770.
- It sets the permission of all files to 0660.
- It sets the owner of all files and folders to your current username so that you can make changes to files and directories.
- It sets the group of all files and folders to www-data.
The commands would be similar on most Unix, Linux distros and MacOS servers but the 2770, 0660 and www-data could likely be different. Needless to say, Windows works very differently and will need different instructions depending on if the servers are running as a service or as an application.
Occasionally, I find that the user account running the web server was not configured to be part of the expected group. The best fix is to add that user to the expected group for security reasons. However, you could also fix the problem by granting "other" access by changing the 2770 to 2777 and 0660 to 0666. This is a security issue if there are non-admin users with access to the web server. If you don't want your Moodle site administrator to be able to add, remove or update plugins, change these 2770 to 2760 or 2766, and the 0660 to 0650 or 0655 for the Moodle application only.
The key is to ensure that the user or group under which your web server (e.g., Apache, nginX) is running has the appropriate permissions to read files. In the case of moodledata, it also needs to be able to create, write and delete files and directories.
Avoid running into owner, group and permission issues on your Moodle LMS site
You can avoid running into permission issues by first ensuring that owner, group and permissions are correctly configured for all files and directories related to your Moodle LMS. Then:
- Run commands that make changes to files and directories, including Git, using the same user under which the web server is running - assuming the user account running the web server has sufficient permissions.
- Run cron as the same user as the web server.
- Install and update plugins and themes from inside Moodle. This will result in the operations being carried out as the same user running the web server.
- Create a little (bash) script that resets the owner, group and permissions of all Moodle LMS application and data files and get into the habit of running it after any manual manipulation of files and directories.
For more information, see Understanding Linux File Permissions, the documentation for your specific operating system and the Security Recommendations for Moodle LMS.
Hope you found this information helpful.
Michael Milette
Add a comment: