Creating Moodle site data directory
This page requires a review. Please do so and remove this template when finished.
Moodle will also need some space on your server's hard disk to store uploaded files, such as course documents and user pictures. The Moodle installer tries hard to create the moodledata directory for you but if it fails then you will have to create a directory for this purpose manually.
Important security warning
Security warning: For security purposes, it is CRITICAL that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web site root directory (it is the folder that the main part of your URL -that is, the part up to the first single / - points to; for example, in http://your.domain.com/moodle/admin/cron.php, it is http://your.domain.com/).
But if you must have it in the web directory (and you are using Apache AND the web server configuration allows .htaccess files to restrict access to directories) then protect it by creating a file in the data directory called .htaccess, containing these lines:
order deny,allow deny from all
If you are using IIS, you need to edit the properties of the data directory (from the Internet Information Services Manager console) and deny access to that folder to everybody from the web (i.e., to the user IUSR_computername, where computername is the network name of the computer Moodle, and the data directory, are on).
If you don't protect the data directory from direct web access, anybody will be able to impersonate any user of your Moodle site (including the admin user!!!), and all of your course materials will be available to the web at large.
Ownership and permissions
To make sure that Moodle can save uploaded files in this directory, check that the web server software has permission to read, write and execute in this directory. On Unix machines, this means setting the owner of the directory to be something like "nobody" or "apache", and then giving that user read, write and execute permissions. As an example, to change the owner to "nobody" you could use:
chown -R nobody:apache moodledata
To change the permissions so that the owner has read,write and execute permissions, use something like this:
chmod -R 0770 moodledata
- Note: If you are receiving permission denied messages, try chmod -R 0770 moodledata and then adjust the settings so that they are more secure. A more secure setting is chmod -R 0750 moodledata. According to the comments in config-dist.php, "On hosting systems you might need to make sure that your group has no permissions at all while others have full permissions." To do this you could use chmod -R 707 moodledata. See also the security page.
Remember that by default moodle will issue a warning about moodle data directories created inside the web directory, but otherwise this directory can be located where you wish. You can later move or change the location of this directory, but if you do, be sure to edit the setting in the config.php file that sets this; e.g. if moodledata is under a directory called data, then it would look like this:
$CFG->dataroot = '/data/moodledata';
- Note: If you are installing Moodle on a server that supports SELinux (e.g. RedHat or Fedora desktop) then you will need to ensure that your data directory's security context is set correctly. httpd_sys_content_rw_t is required for all content which needs to available to httpd scripts. Use the chcon command to set the context, for example chcon -R -t httpd_sys_content_rw_t var/www/moodledata
CPanel and webhosts
On cPanel systems you can use the "File Manager" to find the folder, click on it, then choose "Change Permissions". On many shared hosting servers, you will probably need to restrict all file access to your "group" (to prevent other webhost customers from looking at or changing your files), but provide full read/write access to everyone else (which will allow the web server to access your files). Speak to your server administrator if you are having trouble setting this up securely. In particular it will not be possible to create a usable data directory on sites that use a PHP feature known as "Safe Mode".