Babak B's picture

Hi,

I hope someone can help me out. I'm stuck. I'm a noob on Linux.

I have installed moodle turnkey (latest version 2.9) and everything seams to work fine exept the plugin installations. I get write access failure. (This plugin is a theme from Moodle download Site)

Status: Error    Message: Write Acces Check    info: /var/www/moodle/theme  (see screen dump)

But I have checked the documentation and according to that it should work.

The File folder has the attribute 755. I gave that also to all folders and files in that folder. Still, I can't install the plugin. :(

Any suggetions how to solve this?

Best Regards

/Babak

Forum: 
Jeremy Davis's picture

Thanks for the good info and screenshots. I'm almostr certain that this is a simple ownership issue. Try this:
chown -R www-data:www-data /var/www/moodle/theme
And then retry. Hopefully it should all just work.

Thanks tons for reporting though. I've added it as a bug. We're working on v14.1 at the moment so you've just helped make TurnKey better! Yay for you! :)

Babak B's picture

Hi Jeremy!

Thank you for your answer. I've installed the new version of Turnkey Moodle 14.1. And the installation of the themes works fine without any issue. But when I tried to install another plugin called 'Grid Format' which are used very often of course creators it failed. You can see the message dump.

What do you think?

I've been testing/ working with Moodle 2.9 and 3.0 and made installation with Softaculous on c-panel with different hosting companies without any problems. Installing plugins is no issue at all.

Jeremy Davis's picture

If you grant full ownership of the webroot (/var/www/moodle) then it will all work OOTB. But we prefer to come from the other direction and lock everything down as much as possible and unlock bits that need it. Obviously there are some tweaks that have to be made for usability (i.e. tweaking to support easy theme installation).

So in short, if you grant the webserver ownership of the whole webroot as I mentioned above (chown -R www-data:www-data /var/www/moodle), then you will have no further issues installing additional modules, etc. However if someone gains access to Moodle (e.g. by some as yet unknown exploit in Moodle and/or Apache and/or PHP and/or etc), they will all have full access to change any of the Moodle files themselves.

As per most security enhancements they are a compromise between convenience/usability/user-friendliness and security. E.g. locking the door to your house increases your home's security but it reduces the convenience for coming and going (you need to lock/unlock every time).

Having said that, it might be nice for us to tune the permissions a little more to support plugins. The only thing is that guessing from that path, Moodle doesn't support just dropping plugins into one particular location, but actually requires different paths. So to allow this particular plugin try this:

chown -R www-data:www-data /var/www/moodle/course/format
That should fix your immediate issue, but I'd be really interested if you have other plugins that cause issue. I'd also like your thoughts on how much further we should go.

FWIW on our WordPress appliance for v14.1 we gave the webserver total control over the /var/www/wordpress dir to fully support "in browser" WordPress updates. As I said it's always a trade-off and in that instance, we decided that having an easily updateable WordPress trumps being locked down. If there is value in doing something similar for Moodle then we can consider that too.

Babak B's picture

Hi,

I made that change through Web shell. And now it works! :)

Another issue I have is that I get this message SSL_ERROR_RX_RECORD_TOO_LONG when I try to log in to Moodle.

This happens when I try to login to Moodle from outside of the network through port forwarding.

I red that the error occurs in case the port a client is trying to connect to is opened on the server, but there is no certificate configured properly on the server’s side for this port.

Can I configure that through webmin on the VM?

 

Best Regards

Jeremy Davis's picture

I did a quick google on your error and it seems that it is commonly caused by a misconfigured proxy (trying to connect to https when only http is available). Perhaps that is worth following up?

The other thing that just occurred to me is that IIRC Moodle forces HTTPS on login. You mentioned that you do not have a certificate properly configured so that may be causing the issue? A self-signed certificate should be fine (although you will obviously get a warning).

You'll need to make sure that there is an HTTPS connection available from the outside (preferably on port 443).

Add new comment