How to secure Moodle files
Securing Moodle files means to permit only the needed users and groups to access the files in both the Moodle and the moodledata folder. We will approach this task by using standard DAC methods, and later mention alternatives available with ACL.
DAC
In CentOS, the user under which the Apache process is executed is called Apache. That user is a member of the group apache. Therefore, we need to give read-only access to all of the files in the Moodle folder and full read/write access in moodledata. Assuming that we use first option for deploying files, here are the set of commands to set adequate permissions for moodledata:
/bin/chown -R root:apache /var/www/moodledata/ /bin/chmod -R ug=rwX,o= /var/www/moodledata/
The first line sets the owner of the folder (superuser root) and permitted user group (apache). We do this because, as explained earlier, the owner has full rights over anything related to the particular file system object. In case a malicious user manages...
