From 92b0d14e91c8f4389b55788030d156f4fd47255f Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Mon, 20 Oct 2025 19:02:38 +0200 Subject: [PATCH 01/12] download via git --- changelog | 5 +++++ conf.d/main | 26 +++++++------------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/changelog b/changelog index b3bfbc6..103dc09 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,8 @@ +turnkey-moodle4-18.1 (1) turnkey; urgency=low + + * Install latest upstream version of Moodle: 4.5.7+ (as of today, + download via git branch MOODLE_405_STABLE). + turnkey-moodle-18.0 (1) turnkey; urgency=low * Install latest upstream version of Moodle: 4.3.0+ (as of today, diff --git a/conf.d/main b/conf.d/main index 4c107da..2e6f656 100755 --- a/conf.d/main +++ b/conf.d/main @@ -1,8 +1,9 @@ #!/bin/bash -ex +MOODLE_BRANCH="MOODLE_405_STABLE" + WEBROOT=/var/www/moodle DATAROOT=/var/www/moodledata -MOOSHROOT=/var/www/moosh DB_NAME=moodle DB_USER=moodle @@ -34,26 +35,13 @@ a2enmod headers sed -Ei "/max_input_vars/ s|^;?(max_input_vars =).*|\1 5000|" /etc/php/8.2/apache2/php.ini sed -Ei "/max_input_vars/ s|^;?(max_input_vars =).*|\1 5000|" /etc/php/8.2/cli/php.ini -cd $(dirname $MOOSHROOT) -git clone https://github.com/tmuras/moosh.git -cd $MOOSHROOT -chown -R www-data:www-data $MOOSHROOT -if [[ -n "$GITHUB_USER_TOKEN" ]]; then - turnkey-composer config github-oauth.github.com $GITHUB_USER_TOKEN -else - echo "WARNING: GITHUB_USER_TOKEN not set, build may fail" >&2 -fi -turnkey-composer install -ln -s $MOOSHROOT/moosh.php /usr/local/bin/moosh - -# download latest moodle with moosh, then unpack -cd $(dirname $WEBROOT) -moosh download-moodle -tar -C $(dirname $WEBROOT) -zxf moodle-*.tgz -rm -f moodle-*.tgz +# download latest moodle with git +git clone git://git.moodle.org/moodle.git $WEBROOT +cd $WEBROOT +git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH +git checkout $MOODLE_BRANCH chown -R root:root $WEBROOT -cd $WEBROOT php admin/cli/install.php \ --chmod=750 \ --lang=en \ From adeaadb34d3649e78e2f2beb9a721fcfcaefb2dd Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 12:32:47 +0100 Subject: [PATCH 02/12] enhanced permissions --- conf.d/main | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 132 insertions(+), 1 deletion(-) diff --git a/conf.d/main b/conf.d/main index 2e6f656..e9d47d7 100755 --- a/conf.d/main +++ b/conf.d/main @@ -96,5 +96,136 @@ USE $DB_NAME; DELETE FROM role_capabilities WHERE capability = "tool/dataprivacy:requestdelete"; EOF +# ======================================================== +# Apply Moodle Permissions using integrated permissions manager +# ======================================================== + +echo "🔧 Applying Moodle permissions based on branch: $MOODLE_BRANCH" + +# Determine Moodle version from branch name +if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then + MOODLE_VERSION="4" + echo "đŸŽ¯ Detected Moodle 4.x from branch name" +elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then + MOODLE_VERSION="5" + echo "đŸŽ¯ Detected Moodle 5.x from branch name" +else + # Default to Moodle 5 for stable branches if not specified + MOODLE_VERSION="5" + echo "⚠ī¸ Could not determine version from branch, defaulting to Moodle 5.x" +fi + +# Set variables for permissions script +MOODLE_DIR="$WEBROOT" +MOODLEDATA_DIR="$DATAROOT" +WWW_USER="www-data" +WWW_GROUP="www-data" + +echo "📁 Setting up Moodle $MOODLE_VERSION.x permissions..." +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo " - Web User: $WWW_USER:$WWW_GROUP" + +# Create critical directories based on version +echo "📁 Creating critical Moodle $MOODLE_VERSION.x directories..." + +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + mkdir -p "$dir" + echo " ✅ Created: $dir" + return 0 + else + echo " 📁 Existing: $dir" + return 1 + fi +} + +if [ "$MOODLE_VERSION" = "4" ]; then + # Moodle 4 directories + moodle_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") +else + # Moodle 5 directories + moodle_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") +fi + +for dir in "${moodle_dirs[@]}"; do + full_path="$MOODLEDATA_DIR/$dir" + create_directory_if_missing "$full_path" +done + +echo "👤 Setting ownership..." +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + +echo "📁 Setting base Moodle permissions..." +find "$MOODLE_DIR" -type d -exec chmod 755 {} \; +find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + +echo "🔒 Protecting config.php..." +if [ -f "$MOODLE_DIR/config.php" ]; then + chmod 640 "$MOODLE_DIR/config.php" +else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" +fi + +echo "💾 Setting moodledata permissions..." +find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; +find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + +# Set executable permissions for CLI scripts +if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" +fi + +# Set specific directory permissions +echo "đŸŽ¯ Setting specific Moodle $MOODLE_VERSION.x directory permissions..." +for dir in "${moodle_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi +done + +# Verify permissions +echo "🔍 Verifying permissions..." +for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi +done + +echo "🔍 Verifying specific Moodle $MOODLE_VERSION.x directory permissions..." +for dir in "${moodle_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi +done + +echo "" +echo "✅ Moodle $MOODLE_VERSION.x permissions set successfully!" +echo "📋 Permissions summary:" +echo " - Moodle dir: $MOODLE_DIR (755/644)" +echo " - Moodledata: $MOODLEDATA_DIR (770/660)" +echo " - Owner: $WWW_USER:$WWW_GROUP" +echo " - config.php: 640" +echo " - CLI scripts: 755" + +# Version-specific notes +if [ "$MOODLE_VERSION" = "4" ]; then + echo "📝 Moodle 4.x specific directories configured: trashdir, filedir, repository" +else + echo "📝 Moodle 5.x specific directories configured: trash, localcache, lock, tasks" +fi + # stop mysql server -systemctl stop mysql +systemctl stop mysql + +echo "" +echo "================================================================================" +echo "Moodle installation and permissions configuration completed successfully!" +echo "Moodle Version: $MOODLE_BRANCH (detected as $MOODLE_VERSION.x)" +echo "================================================================================" From acc03d365d55ca22c9fc1de69b3cf99cf0a82682 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 16:56:35 +0100 Subject: [PATCH 03/12] Revert "enhanced permissions" This reverts commit adeaadb34d3649e78e2f2beb9a721fcfcaefb2dd. --- conf.d/main | 133 +--------------------------------------------------- 1 file changed, 1 insertion(+), 132 deletions(-) diff --git a/conf.d/main b/conf.d/main index e9d47d7..2e6f656 100755 --- a/conf.d/main +++ b/conf.d/main @@ -96,136 +96,5 @@ USE $DB_NAME; DELETE FROM role_capabilities WHERE capability = "tool/dataprivacy:requestdelete"; EOF -# ======================================================== -# Apply Moodle Permissions using integrated permissions manager -# ======================================================== - -echo "🔧 Applying Moodle permissions based on branch: $MOODLE_BRANCH" - -# Determine Moodle version from branch name -if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then - MOODLE_VERSION="4" - echo "đŸŽ¯ Detected Moodle 4.x from branch name" -elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then - MOODLE_VERSION="5" - echo "đŸŽ¯ Detected Moodle 5.x from branch name" -else - # Default to Moodle 5 for stable branches if not specified - MOODLE_VERSION="5" - echo "⚠ī¸ Could not determine version from branch, defaulting to Moodle 5.x" -fi - -# Set variables for permissions script -MOODLE_DIR="$WEBROOT" -MOODLEDATA_DIR="$DATAROOT" -WWW_USER="www-data" -WWW_GROUP="www-data" - -echo "📁 Setting up Moodle $MOODLE_VERSION.x permissions..." -echo " - Moodle Directory: $MOODLE_DIR" -echo " - Moodledata Directory: $MOODLEDATA_DIR" -echo " - Web User: $WWW_USER:$WWW_GROUP" - -# Create critical directories based on version -echo "📁 Creating critical Moodle $MOODLE_VERSION.x directories..." - -create_directory_if_missing() { - local dir="$1" - if [ ! -d "$dir" ]; then - mkdir -p "$dir" - echo " ✅ Created: $dir" - return 0 - else - echo " 📁 Existing: $dir" - return 1 - fi -} - -if [ "$MOODLE_VERSION" = "4" ]; then - # Moodle 4 directories - moodle_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") -else - # Moodle 5 directories - moodle_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") -fi - -for dir in "${moodle_dirs[@]}"; do - full_path="$MOODLEDATA_DIR/$dir" - create_directory_if_missing "$full_path" -done - -echo "👤 Setting ownership..." -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" - -echo "📁 Setting base Moodle permissions..." -find "$MOODLE_DIR" -type d -exec chmod 755 {} \; -find "$MOODLE_DIR" -type f -exec chmod 644 {} \; - -echo "🔒 Protecting config.php..." -if [ -f "$MOODLE_DIR/config.php" ]; then - chmod 640 "$MOODLE_DIR/config.php" -else - echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" -fi - -echo "💾 Setting moodledata permissions..." -find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; -find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; - -# Set executable permissions for CLI scripts -if [ -d "$MOODLE_DIR/admin/cli" ]; then - find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; - echo "✅ CLI scripts set as executable" -fi - -# Set specific directory permissions -echo "đŸŽ¯ Setting specific Moodle $MOODLE_VERSION.x directory permissions..." -for dir in "${moodle_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi -done - -# Verify permissions -echo "🔍 Verifying permissions..." -for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " 📁 $dir: $perms" - fi -done - -echo "🔍 Verifying specific Moodle $MOODLE_VERSION.x directory permissions..." -for dir in "${moodle_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") - echo " 📁 $MOODLEDATA_DIR/$dir: $perms" - fi -done - -echo "" -echo "✅ Moodle $MOODLE_VERSION.x permissions set successfully!" -echo "📋 Permissions summary:" -echo " - Moodle dir: $MOODLE_DIR (755/644)" -echo " - Moodledata: $MOODLEDATA_DIR (770/660)" -echo " - Owner: $WWW_USER:$WWW_GROUP" -echo " - config.php: 640" -echo " - CLI scripts: 755" - -# Version-specific notes -if [ "$MOODLE_VERSION" = "4" ]; then - echo "📝 Moodle 4.x specific directories configured: trashdir, filedir, repository" -else - echo "📝 Moodle 5.x specific directories configured: trash, localcache, lock, tasks" -fi - # stop mysql server -systemctl stop mysql - -echo "" -echo "================================================================================" -echo "Moodle installation and permissions configuration completed successfully!" -echo "Moodle Version: $MOODLE_BRANCH (detected as $MOODLE_VERSION.x)" -echo "================================================================================" +systemctl stop mysql From 4e63a2604c7378586d3cf8b66099408dbf09cad8 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 17:12:32 +0100 Subject: [PATCH 04/12] again permissions, let's try it --- changelog | 5 +- conf.d/main | 581 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 585 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 103dc09..469201b 100644 --- a/changelog +++ b/changelog @@ -1,8 +1,11 @@ turnkey-moodle4-18.1 (1) turnkey; urgency=low - * Install latest upstream version of Moodle: 4.5.7+ (as of today, + * Install latest upstream version of Moodle 4.x: 4.5.7+ (as of today, download via git branch MOODLE_405_STABLE). + * Set correct permissions and creating (eventually) missing folders. + + turnkey-moodle-18.0 (1) turnkey; urgency=low * Install latest upstream version of Moodle: 4.3.0+ (as of today, diff --git a/conf.d/main b/conf.d/main index 2e6f656..60639c0 100755 --- a/conf.d/main +++ b/conf.d/main @@ -1,7 +1,18 @@ #!/bin/bash -ex +# REFERENCE: https://docs.moodle.org/501/en/Git_for_Administrators + MOODLE_BRANCH="MOODLE_405_STABLE" +# Determine Moodle version from branch +if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then + DEFAULT_MOODLE_VERSION="4" +elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then + DEFAULT_MOODLE_VERSION="5" +else + DEFAULT_MOODLE_VERSION="4" +fi + WEBROOT=/var/www/moodle DATAROOT=/var/www/moodledata @@ -98,3 +109,573 @@ EOF # stop mysql server systemctl stop mysql + +#!/bin/bash +# ======================================================== +# Moodle Permissions Manager - Unified Script +# Supports Moodle 4.x and 5.x +# ======================================================== + +# Ubuntu-style release variable (SCRIPT RELEASE) +SCRIPT_RELEASE="25.10" +SCRIPT_CODENAME="Universal Hawk" +SCRIPT_DATE="2025-10-25" +SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" +SCRIPT_LICENSE="GPL-3.0" + +# Default Moodle version (independent from script release) +DEFAULT_MOODLE_VERSION="4" + +set -e # Exit immediately on error + +# Default configurations +MOODLE_DIR=${WEBROOT} +MOODLEDATA_DIR=${DATAROOT} +WWW_USER="www-data" +WWW_GROUP="www-data" + +# Determine Moodle version (use default if not specified) +MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" + +# Function to show header +show_header() { + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" + echo "================================================================================" + echo "Author: ${SCRIPT_AUTHOR}" + echo "Release: ${SCRIPT_RELEASE} - ${SCRIPT_DATE}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Selected Moodle Version: ${MOODLE_VERSION}.x" + echo "================================================================================" + echo "" +} + +# Function to show help +show_help() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -h, --help Show this help message" + echo " -v, --version Show version information" + echo " -d, --dry-run Simulate operations without applying changes" + echo " -s, --show-perms Show current permissions without modifying" + echo " -mp, --moodlepath PATH Specify Moodle installation path" + echo " -md, --moodledata PATH Specify moodledata path" + echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" + echo "" + echo "Examples:" + echo " $0 # Use default version (Moodle ${DEFAULT_MOODLE_VERSION})" + echo " $0 -mv 5 # Force Moodle version 5" + echo " $0 -mv 4 -d # Moodle 4 in dry-run mode" + echo " $0 -mv 5 -s # Show current permissions for Moodle 5" + echo " $0 -mp /opt/moodle -mv 5 # Custom path + version" + echo " $0 -mp /opt/moodle -md /opt/moodledata -mv 4 -s # All parameters + show" + echo "" + echo "Notes:" + echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" + echo " Script version: ${SCRIPT_RELEASE}" +} + +# Function to show version +show_version() { + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "Codename: ${SCRIPT_CODENAME}" + echo "Release Date: ${SCRIPT_DATE}" + echo "Author: ${SCRIPT_AUTHOR}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" + exit 0 +} + +# Function to validate Moodle version +validate_moodle_version() { + local version=$1 + if [[ "$version" != "4" && "$version" != "5" ]]; then + echo "❌ ERROR: Invalid Moodle version: '$version'" + echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" + exit 1 + fi +} + +# Function to check main directories existence +check_main_directories() { + if [ ! -d "$MOODLE_DIR" ]; then + echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" + exit 1 + fi + + if [ ! -d "$MOODLEDATA_DIR" ]; then + echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" + exit 1 + fi +} + +# Function to show current permissions for Moodle 4 +show_moodle4_permissions() { + echo "🔍 Current Moodle 4 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 4 directories:" + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions for Moodle 5 +show_moodle5_permissions() { + echo "🔍 Current Moodle 5 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 5 directories:" + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions +show_current_permissions() { + echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + if [ "$MOODLE_VERSION" = "4" ]; then + show_moodle4_permissions + else + show_moodle5_permissions + fi + + echo "" + echo "📋 Recommended permissions:" + echo " - Moodle directory: 755 (dir) / 644 (file)" + echo " - Moodledata directory: 770 (dir) / 660 (file)" + echo " - config.php: 640" + echo " - CLI scripts: 755" + echo " - Owner: ${WWW_USER}:${WWW_GROUP}" + + exit 0 +} + +# Function to create directory if missing +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + echo "📁 Creating directory: $dir" + mkdir -p "$dir" + return 0 # Directory created + else + return 1 # Directory already exists + fi +} + +# Function to create critical Moodle 4 directories +create_moodle4_directories() { + echo "📁 Creating critical Moodle 4 directories..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to create critical Moodle 5 directories +create_moodle5_directories() { + echo "📁 Creating critical Moodle 5 directories..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to set Moodle 4 permissions +set_moodle4_permissions() { + echo "đŸŽ¯ Setting specific Moodle 4 permissions..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function to set Moodle 5 permissions +set_moodle5_permissions() { + echo "đŸŽ¯ Setting specific Moodle 5 permissions..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function for Moodle 4 dry-run +dry_run_moodle4() { + echo "📋 Specific Moodle 4 operations that would be executed:" + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 4 specific notes:" + echo " - 'trashdir' directory instead of 'trash'" + echo " - 'filedir' for main file storage" + echo " - 'repository' for repository files" + echo " - 'log' dedicated directory for logs" +} + +# Function for Moodle 5 dry-run +dry_run_moodle5() { + echo "📋 Specific Moodle 5 operations that would be executed:" + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 5 specific notes:" + echo " - 'lock' directory for improved lock management" + echo " - 'tasks' directory for task scheduling" + echo " - 'localcache' directory for local cache" + echo " - 'trash' directory instead of 'trashdir'" +} + +# Function for dry-run +dry_run() { + echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + echo "📋 Common operations that would be executed:" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" + echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" + echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" + + if [ -f "$MOODLE_DIR/config.php" ]; then + echo " chmod 640 \"$MOODLE_DIR/config.php\"" + else + echo " # config.php not found in $MOODLE_DIR (will be skipped)" + fi + + if [ -d "$MOODLE_DIR/admin/cli" ]; then + echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" + else + echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" + fi + + echo "" + + # Version-specific operations + if [ "$MOODLE_VERSION" = "4" ]; then + dry_run_moodle4 + else + dry_run_moodle5 + fi + + echo "" + echo "🔍 Verifications that would be executed:" + echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" + echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" + + echo "" + echo "✅ [DRY-RUN] Simulation completed - No changes applied" + exit 0 +} + +# Argument parsing +DRY_RUN=false +SHOW_PERMS=false +while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + show_header + show_help + exit 0 + ;; + -v|--version) + show_version + ;; + -d|--dry-run) + DRY_RUN=true + shift + ;; + -s|--show-perms) + SHOW_PERMS=true + shift + ;; + -mp|--moodlepath) + MOODLE_DIR="$2" + shift 2 + ;; + -md|--moodledata) + MOODLEDATA_DIR="$2" + shift 2 + ;; + -mv|--moodleversion) + MOODLE_VERSION="$2" + validate_moodle_version "$MOODLE_VERSION" + shift 2 + ;; + *) + echo "❌ Unknown argument: $1" + echo "Use $0 --help to see available options" + exit 1 + ;; + esac +done + +# Show header +show_header + +echo "đŸŽ¯ Detected configuration:" +echo " - Moodle Version: ${MOODLE_VERSION}.x" +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo "" + +# Verify script is run as root (except for show-perms) +if [ "$SHOW_PERMS" = false ] && [ "$(id -u)" -ne 0 ]; then + echo "❌ This script must be run as root" + exit 1 +fi + +# Execute show-perms if requested +if [ "$SHOW_PERMS" = true ]; then + show_current_permissions +fi + +# Execute dry-run if requested +if [ "$DRY_RUN" = true ]; then + dry_run +fi + +echo "🔍 Verifying main directories..." +check_main_directories + +echo "📁 Creating critical directories..." +# Create critical directories based on version +if [ "$MOODLE_VERSION" = "4" ]; then + create_moodle4_directories +else + create_moodle5_directories +fi + +echo "👤 Setting ownership..." +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + +echo "📁 Setting base Moodle permissions..." +find "$MOODLE_DIR" -type d -exec chmod 755 {} \; +find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + +# Check if config.php exists before modifying it +if [ -f "$MOODLE_DIR/config.php" ]; then + echo "🔒 Protecting config.php..." + chmod 640 "$MOODLE_DIR/config.php" +else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" +fi + +echo "💾 Setting moodledata permissions..." +find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; +find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + +# CLI scripts (common to both versions) +if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" +fi + +# Setting version-specific permissions +if [ "$MOODLE_VERSION" = "4" ]; then + set_moodle4_permissions +else + set_moodle5_permissions +fi + +# Verify critical directory permissions +echo "🔍 Verifying critical directory permissions..." +for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi +done + +# Verify specific directory permissions +echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." +if [ "$MOODLE_VERSION" = "4" ]; then + specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") +else + specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") +fi + +for dir in "${specific_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi +done + +echo "" +echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" +echo "" +echo "📋 Configuration summary:" +echo " - Script version: ${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" +echo " - Moodle version: ${MOODLE_VERSION}.x" +echo " - Moodle dir: $MOODLE_DIR (755/644)" +echo " - Moodledata: $MOODLEDATA_DIR (770/660)" +echo " - Owner: $WWW_USER:$WWW_GROUP" +echo " - config.php: 640 (if present)" +echo " - CLI scripts: 755" +echo "" + +# Version-specific notes +if [ "$MOODLE_VERSION" = "4" ]; then + echo "⚠ī¸ Important notes for Moodle 4:" + echo " - PHP 7.4/8.0 required (8.0+ recommended)" + echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" + echo " - Specific directories: trashdir/, filedir/, repository/" +else + echo "⚠ī¸ Important notes for Moodle 5:" + echo " - PHP 8.1+ required" + echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" + echo " - Specific directories: trash/, localcache/, lock/, tasks/" +fi + +echo " - Check logs in $MOODLEDATA_DIR for errors" +echo "" +echo "================================================================================" +echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" +echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" +echo "================================================================================" From f20d295d4a2ad01dff179d862eee14ae1ac4fbd8 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Thu, 20 Nov 2025 18:08:32 +0100 Subject: [PATCH 05/12] best practice for data folder, integrate script for permissions (placeholder) --- conf.d/main | 587 +---------------------- overlay/usr/bin/moodle-perms-bookworm.sh | 0 2 files changed, 9 insertions(+), 578 deletions(-) create mode 100644 overlay/usr/bin/moodle-perms-bookworm.sh diff --git a/conf.d/main b/conf.d/main index 60639c0..4769a2a 100755 --- a/conf.d/main +++ b/conf.d/main @@ -6,15 +6,15 @@ MOODLE_BRANCH="MOODLE_405_STABLE" # Determine Moodle version from branch if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then - DEFAULT_MOODLE_VERSION="4" + MOODLE_VERSION="4" elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then - DEFAULT_MOODLE_VERSION="5" + MOODLE_VERSION="5" else - DEFAULT_MOODLE_VERSION="4" + MOODLE_VERSION="4" fi WEBROOT=/var/www/moodle -DATAROOT=/var/www/moodledata +DATAROOT=/var/moodledata DB_NAME=moodle DB_USER=moodle @@ -51,7 +51,9 @@ git clone git://git.moodle.org/moodle.git $WEBROOT cd $WEBROOT git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH -chown -R root:root $WEBROOT + +# using UncleDan script to fix permissions +/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" php admin/cli/install.php \ --chmod=750 \ @@ -73,9 +75,8 @@ php admin/cli/install.php \ --non-interactive \ --agree-license -chown -R www-data:www-data $DATAROOT -chown -R www-data:www-data /var/www/moodle/theme -chown root:www-data $WEBROOT/config.php +# reset permissions using UncleDan script just in case... +/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" ## tweak config @@ -109,573 +110,3 @@ EOF # stop mysql server systemctl stop mysql - -#!/bin/bash -# ======================================================== -# Moodle Permissions Manager - Unified Script -# Supports Moodle 4.x and 5.x -# ======================================================== - -# Ubuntu-style release variable (SCRIPT RELEASE) -SCRIPT_RELEASE="25.10" -SCRIPT_CODENAME="Universal Hawk" -SCRIPT_DATE="2025-10-25" -SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" -SCRIPT_LICENSE="GPL-3.0" - -# Default Moodle version (independent from script release) -DEFAULT_MOODLE_VERSION="4" - -set -e # Exit immediately on error - -# Default configurations -MOODLE_DIR=${WEBROOT} -MOODLEDATA_DIR=${DATAROOT} -WWW_USER="www-data" -WWW_GROUP="www-data" - -# Determine Moodle version (use default if not specified) -MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" - -# Function to show header -show_header() { - echo "================================================================================" - echo "Moodle Permissions Manager v${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" - echo "================================================================================" - echo "Author: ${SCRIPT_AUTHOR}" - echo "Release: ${SCRIPT_RELEASE} - ${SCRIPT_DATE}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Selected Moodle Version: ${MOODLE_VERSION}.x" - echo "================================================================================" - echo "" -} - -# Function to show help -show_help() { - echo "Usage: $0 [OPTIONS]" - echo "" - echo "Options:" - echo " -h, --help Show this help message" - echo " -v, --version Show version information" - echo " -d, --dry-run Simulate operations without applying changes" - echo " -s, --show-perms Show current permissions without modifying" - echo " -mp, --moodlepath PATH Specify Moodle installation path" - echo " -md, --moodledata PATH Specify moodledata path" - echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" - echo "" - echo "Examples:" - echo " $0 # Use default version (Moodle ${DEFAULT_MOODLE_VERSION})" - echo " $0 -mv 5 # Force Moodle version 5" - echo " $0 -mv 4 -d # Moodle 4 in dry-run mode" - echo " $0 -mv 5 -s # Show current permissions for Moodle 5" - echo " $0 -mp /opt/moodle -mv 5 # Custom path + version" - echo " $0 -mp /opt/moodle -md /opt/moodledata -mv 4 -s # All parameters + show" - echo "" - echo "Notes:" - echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" - echo " Script version: ${SCRIPT_RELEASE}" -} - -# Function to show version -show_version() { - echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" - echo "Codename: ${SCRIPT_CODENAME}" - echo "Release Date: ${SCRIPT_DATE}" - echo "Author: ${SCRIPT_AUTHOR}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" - exit 0 -} - -# Function to validate Moodle version -validate_moodle_version() { - local version=$1 - if [[ "$version" != "4" && "$version" != "5" ]]; then - echo "❌ ERROR: Invalid Moodle version: '$version'" - echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" - exit 1 - fi -} - -# Function to check main directories existence -check_main_directories() { - if [ ! -d "$MOODLE_DIR" ]; then - echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" - exit 1 - fi - - if [ ! -d "$MOODLEDATA_DIR" ]; then - echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" - exit 1 - fi -} - -# Function to show current permissions for Moodle 4 -show_moodle4_permissions() { - echo "🔍 Current Moodle 4 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 4 directories:" - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions for Moodle 5 -show_moodle5_permissions() { - echo "🔍 Current Moodle 5 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 5 directories:" - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions -show_current_permissions() { - echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - if [ "$MOODLE_VERSION" = "4" ]; then - show_moodle4_permissions - else - show_moodle5_permissions - fi - - echo "" - echo "📋 Recommended permissions:" - echo " - Moodle directory: 755 (dir) / 644 (file)" - echo " - Moodledata directory: 770 (dir) / 660 (file)" - echo " - config.php: 640" - echo " - CLI scripts: 755" - echo " - Owner: ${WWW_USER}:${WWW_GROUP}" - - exit 0 -} - -# Function to create directory if missing -create_directory_if_missing() { - local dir="$1" - if [ ! -d "$dir" ]; then - echo "📁 Creating directory: $dir" - mkdir -p "$dir" - return 0 # Directory created - else - return 1 # Directory already exists - fi -} - -# Function to create critical Moodle 4 directories -create_moodle4_directories() { - echo "📁 Creating critical Moodle 4 directories..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to create critical Moodle 5 directories -create_moodle5_directories() { - echo "📁 Creating critical Moodle 5 directories..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to set Moodle 4 permissions -set_moodle4_permissions() { - echo "đŸŽ¯ Setting specific Moodle 4 permissions..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function to set Moodle 5 permissions -set_moodle5_permissions() { - echo "đŸŽ¯ Setting specific Moodle 5 permissions..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function for Moodle 4 dry-run -dry_run_moodle4() { - echo "📋 Specific Moodle 4 operations that would be executed:" - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 4 specific notes:" - echo " - 'trashdir' directory instead of 'trash'" - echo " - 'filedir' for main file storage" - echo " - 'repository' for repository files" - echo " - 'log' dedicated directory for logs" -} - -# Function for Moodle 5 dry-run -dry_run_moodle5() { - echo "📋 Specific Moodle 5 operations that would be executed:" - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 5 specific notes:" - echo " - 'lock' directory for improved lock management" - echo " - 'tasks' directory for task scheduling" - echo " - 'localcache' directory for local cache" - echo " - 'trash' directory instead of 'trashdir'" -} - -# Function for dry-run -dry_run() { - echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - echo "📋 Common operations that would be executed:" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" - echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" - echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" - - if [ -f "$MOODLE_DIR/config.php" ]; then - echo " chmod 640 \"$MOODLE_DIR/config.php\"" - else - echo " # config.php not found in $MOODLE_DIR (will be skipped)" - fi - - if [ -d "$MOODLE_DIR/admin/cli" ]; then - echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" - else - echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" - fi - - echo "" - - # Version-specific operations - if [ "$MOODLE_VERSION" = "4" ]; then - dry_run_moodle4 - else - dry_run_moodle5 - fi - - echo "" - echo "🔍 Verifications that would be executed:" - echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" - echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" - - echo "" - echo "✅ [DRY-RUN] Simulation completed - No changes applied" - exit 0 -} - -# Argument parsing -DRY_RUN=false -SHOW_PERMS=false -while [[ $# -gt 0 ]]; do - case $1 in - -h|--help) - show_header - show_help - exit 0 - ;; - -v|--version) - show_version - ;; - -d|--dry-run) - DRY_RUN=true - shift - ;; - -s|--show-perms) - SHOW_PERMS=true - shift - ;; - -mp|--moodlepath) - MOODLE_DIR="$2" - shift 2 - ;; - -md|--moodledata) - MOODLEDATA_DIR="$2" - shift 2 - ;; - -mv|--moodleversion) - MOODLE_VERSION="$2" - validate_moodle_version "$MOODLE_VERSION" - shift 2 - ;; - *) - echo "❌ Unknown argument: $1" - echo "Use $0 --help to see available options" - exit 1 - ;; - esac -done - -# Show header -show_header - -echo "đŸŽ¯ Detected configuration:" -echo " - Moodle Version: ${MOODLE_VERSION}.x" -echo " - Moodle Directory: $MOODLE_DIR" -echo " - Moodledata Directory: $MOODLEDATA_DIR" -echo "" - -# Verify script is run as root (except for show-perms) -if [ "$SHOW_PERMS" = false ] && [ "$(id -u)" -ne 0 ]; then - echo "❌ This script must be run as root" - exit 1 -fi - -# Execute show-perms if requested -if [ "$SHOW_PERMS" = true ]; then - show_current_permissions -fi - -# Execute dry-run if requested -if [ "$DRY_RUN" = true ]; then - dry_run -fi - -echo "🔍 Verifying main directories..." -check_main_directories - -echo "📁 Creating critical directories..." -# Create critical directories based on version -if [ "$MOODLE_VERSION" = "4" ]; then - create_moodle4_directories -else - create_moodle5_directories -fi - -echo "👤 Setting ownership..." -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" - -echo "📁 Setting base Moodle permissions..." -find "$MOODLE_DIR" -type d -exec chmod 755 {} \; -find "$MOODLE_DIR" -type f -exec chmod 644 {} \; - -# Check if config.php exists before modifying it -if [ -f "$MOODLE_DIR/config.php" ]; then - echo "🔒 Protecting config.php..." - chmod 640 "$MOODLE_DIR/config.php" -else - echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" -fi - -echo "💾 Setting moodledata permissions..." -find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; -find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; - -# CLI scripts (common to both versions) -if [ -d "$MOODLE_DIR/admin/cli" ]; then - find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; - echo "✅ CLI scripts set as executable" -fi - -# Setting version-specific permissions -if [ "$MOODLE_VERSION" = "4" ]; then - set_moodle4_permissions -else - set_moodle5_permissions -fi - -# Verify critical directory permissions -echo "🔍 Verifying critical directory permissions..." -for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " 📁 $dir: $perms" - fi -done - -# Verify specific directory permissions -echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." -if [ "$MOODLE_VERSION" = "4" ]; then - specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") -else - specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") -fi - -for dir in "${specific_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") - echo " 📁 $MOODLEDATA_DIR/$dir: $perms" - fi -done - -echo "" -echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" -echo "" -echo "📋 Configuration summary:" -echo " - Script version: ${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" -echo " - Moodle version: ${MOODLE_VERSION}.x" -echo " - Moodle dir: $MOODLE_DIR (755/644)" -echo " - Moodledata: $MOODLEDATA_DIR (770/660)" -echo " - Owner: $WWW_USER:$WWW_GROUP" -echo " - config.php: 640 (if present)" -echo " - CLI scripts: 755" -echo "" - -# Version-specific notes -if [ "$MOODLE_VERSION" = "4" ]; then - echo "⚠ī¸ Important notes for Moodle 4:" - echo " - PHP 7.4/8.0 required (8.0+ recommended)" - echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" - echo " - Specific directories: trashdir/, filedir/, repository/" -else - echo "⚠ī¸ Important notes for Moodle 5:" - echo " - PHP 8.1+ required" - echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" - echo " - Specific directories: trash/, localcache/, lock/, tasks/" -fi - -echo " - Check logs in $MOODLEDATA_DIR for errors" -echo "" -echo "================================================================================" -echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" -echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" -echo "================================================================================" diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh new file mode 100644 index 0000000..e69de29 From 527625b95ffd5fcc8ab282f87a3f25c28dab0a9f Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 10:22:22 +0100 Subject: [PATCH 06/12] missing param --- conf.d/main | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf.d/main b/conf.d/main index 4769a2a..ea54003 100755 --- a/conf.d/main +++ b/conf.d/main @@ -53,7 +53,7 @@ git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH # using UncleDan script to fix permissions -/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" php admin/cli/install.php \ --chmod=750 \ @@ -76,7 +76,7 @@ php admin/cli/install.php \ --agree-license # reset permissions using UncleDan script just in case... -/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" ## tweak config From 8e7093f6918d8d9a07a04ecef8e3a4f540c1c54a Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 10:53:16 +0100 Subject: [PATCH 07/12] create the data folder to ser permissions --- conf.d/main | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf.d/main b/conf.d/main index ea54003..8107226 100755 --- a/conf.d/main +++ b/conf.d/main @@ -52,6 +52,9 @@ cd $WEBROOT git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH +# create the data folder to ser permissions +mkdir $DATAROOT + # using UncleDan script to fix permissions /usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" From 3a66f4dc21de5cef3ce31e8ad6bdd43a3eadfec5 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 12:33:15 +0100 Subject: [PATCH 08/12] integrate script and +x --- overlay/usr/bin/moodle-perms-bookworm.sh | 591 +++++++++++++++++++++++ 1 file changed, 591 insertions(+) mode change 100644 => 100755 overlay/usr/bin/moodle-perms-bookworm.sh diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh old mode 100644 new mode 100755 index e69de29..2cb2d35 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ b/overlay/usr/bin/moodle-perms-bookworm.sh @@ -0,0 +1,591 @@ +#!/bin/bash +# ======================================================== +# Moodle Permissions Manager - Unified Script +# Supports Moodle 4.x and 5.x +# ======================================================== + +# SCRIPT RELEASE INFORMATION +SCRIPT_RELEASE="25.11" +SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" +SCRIPT_LICENSE="GPL-3.0" + +# Default Moodle version (independent from script release) +DEFAULT_MOODLE_VERSION="4" + +set -e # Exit immediately on error + +# Default configurations +MOODLE_DIR="/var/www/moodle" +MOODLEDATA_DIR="/var/www/moodledata" +WWW_USER="www-data" +WWW_GROUP="www-data" + +# Determine Moodle version (use default if not specified) +MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" + +# Function to show header +show_header() { + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "================================================================================" + echo "Author: ${SCRIPT_AUTHOR}" + echo "Release: ${SCRIPT_RELEASE}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Selected Moodle Version: ${MOODLE_VERSION}.x" + echo "================================================================================" + echo "" +} + +# Function to show help +show_help() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -h, --help Show this help message" + echo " -v, --version Show version information" + echo " -d, --dry-run Simulate operations without applying changes" + echo " -s, --show-perms Show current permissions without modifying" + echo " -f, --fix Apply permissions fixes (required for changes)" + echo " -mp, --moodlepath PATH Specify Moodle installation path" + echo " -md, --moodledata PATH Specify moodledata path" + echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" + echo "" + echo "Examples:" + echo " $0 # Show current permissions (default)" + echo " $0 --fix # Apply permissions fixes" + echo " $0 -f # Apply permissions fixes (short)" + echo " $0 --fix -mv 5 # Fix permissions for Moodle 5" + echo " $0 --fix -d # Dry-run for fix operations" + echo " $0 -mv 5 -s # Show permissions for Moodle 5" + echo " $0 --fix -mp /opt/moodle -mv 5 # Custom path + version + fix" + echo "" + echo "Notes:" + echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" + echo " Script version: ${SCRIPT_RELEASE}" + echo " ⚠ī¸ Without --fix/-f parameter, only shows permissions (safe mode)" +} + +# Function to show version +show_version() { + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "Author: ${SCRIPT_AUTHOR}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" + exit 0 +} + +# Function to validate Moodle version +validate_moodle_version() { + local version=$1 + if [[ "$version" != "4" && "$version" != "5" ]]; then + echo "❌ ERROR: Invalid Moodle version: '$version'" + echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" + exit 1 + fi +} + +# Function to check main directories existence +check_main_directories() { + if [ ! -d "$MOODLE_DIR" ]; then + echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" + exit 1 + fi + + if [ ! -d "$MOODLEDATA_DIR" ]; then + echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" + exit 1 + fi +} + +# Function to show current permissions for Moodle 4 +show_moodle4_permissions() { + echo "🔍 Current Moodle 4 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 4 directories:" + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions for Moodle 5 +show_moodle5_permissions() { + echo "🔍 Current Moodle 5 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 5 directories:" + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions +show_current_permissions() { + echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + if [ "$MOODLE_VERSION" = "4" ]; then + show_moodle4_permissions + else + show_moodle5_permissions + fi + + echo "" + echo "📋 Recommended permissions:" + echo " - Moodle directory: 755 (dir) / 644 (file)" + echo " - Moodledata directory: 770 (dir) / 660 (file)" + echo " - config.php: 640" + echo " - CLI scripts: 755" + echo " - Owner: ${WWW_USER}:${WWW_GROUP}" + + exit 0 +} + +# Function to create directory if missing +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + echo "📁 Creating directory: $dir" + mkdir -p "$dir" + return 0 # Directory created + else + return 1 # Directory already exists + fi +} + +# Function to create critical Moodle 4 directories +create_moodle4_directories() { + echo "📁 Creating critical Moodle 4 directories..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to create critical Moodle 5 directories +create_moodle5_directories() { + echo "📁 Creating critical Moodle 5 directories..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to set Moodle 4 permissions +set_moodle4_permissions() { + echo "đŸŽ¯ Setting specific Moodle 4 permissions..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function to set Moodle 5 permissions +set_moodle5_permissions() { + echo "đŸŽ¯ Setting specific Moodle 5 permissions..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function for Moodle 4 dry-run +dry_run_moodle4() { + echo "📋 Specific Moodle 4 operations that would be executed:" + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 4 specific notes:" + echo " - 'trashdir' directory instead of 'trash'" + echo " - 'filedir' for main file storage" + echo " - 'repository' for repository files" + echo " - 'log' dedicated directory for logs" +} + +# Function for Moodle 5 dry-run +dry_run_moodle5() { + echo "📋 Specific Moodle 5 operations that would be executed:" + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 5 specific notes:" + echo " - 'lock' directory for improved lock management" + echo " - 'tasks' directory for task scheduling" + echo " - 'localcache' directory for local cache" + echo " - 'trash' directory instead of 'trashdir'" +} + +# Function for dry-run +dry_run() { + echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + echo "📋 Common operations that would be executed:" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" + echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" + echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" + + if [ -f "$MOODLE_DIR/config.php" ]; then + echo " chmod 640 \"$MOODLE_DIR/config.php\"" + else + echo " # config.php not found in $MOODLE_DIR (will be skipped)" + fi + + if [ -d "$MOODLE_DIR/admin/cli" ]; then + echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" + else + echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" + fi + + echo "" + + # Version-specific operations + if [ "$MOODLE_VERSION" = "4" ]; then + dry_run_moodle4 + else + dry_run_moodle5 + fi + + echo "" + echo "🔍 Verifications that would be executed:" + echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" + echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" + + echo "" + echo "✅ [DRY-RUN] Simulation completed - No changes applied" + exit 0 +} + +# Function to apply fixes +apply_fixes() { + echo "🛠ī¸ Applying permissions fixes..." + + echo "🔍 Verifying main directories..." + check_main_directories + + echo "📁 Creating critical directories..." + # Create critical directories based on version + if [ "$MOODLE_VERSION" = "4" ]; then + create_moodle4_directories + else + create_moodle5_directories + fi + + echo "👤 Setting ownership..." + chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" + chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + + echo "📁 Setting base Moodle permissions..." + find "$MOODLE_DIR" -type d -exec chmod 755 {} \; + find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + + # Check if config.php exists before modifying it + if [ -f "$MOODLE_DIR/config.php" ]; then + echo "🔒 Protecting config.php..." + chmod 640 "$MOODLE_DIR/config.php" + else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" + fi + + echo "💾 Setting moodledata permissions..." + find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; + find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + + # CLI scripts (common to both versions) + if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" + fi + + # Setting version-specific permissions + if [ "$MOODLE_VERSION" = "4" ]; then + set_moodle4_permissions + else + set_moodle5_permissions + fi + + # Verify critical directory permissions + echo "🔍 Verifying critical directory permissions..." + for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi + done + + # Verify specific directory permissions + echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." + if [ "$MOODLE_VERSION" = "4" ]; then + specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") + else + specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") + fi + + for dir in "${specific_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi + done + + echo "" + echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" + echo "" + echo "📋 Configuration summary:" + echo " - Script version: ${SCRIPT_RELEASE}" + echo " - Moodle version: ${MOODLE_VERSION}.x" + echo " - Moodle dir: $MOODLE_DIR (755/644)" + echo " - Moodledata: $MOODLEDATA_DIR (770/660)" + echo " - Owner: $WWW_USER:$WWW_GROUP" + echo " - config.php: 640 (if present)" + echo " - CLI scripts: 755" + echo "" + + # Version-specific notes + if [ "$MOODLE_VERSION" = "4" ]; then + echo "⚠ī¸ Important notes for Moodle 4:" + echo " - PHP 7.4/8.0 required (8.0+ recommended)" + echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" + echo " - Specific directories: trashdir/, filedir/, repository/" + else + echo "⚠ī¸ Important notes for Moodle 5:" + echo " - PHP 8.1+ required" + echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" + echo " - Specific directories: trash/, localcache/, lock/, tasks/" + fi + + echo " - Check logs in $MOODLEDATA_DIR for errors" + echo "" + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" + echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" + echo "================================================================================" +} + +# Argument parsing +DRY_RUN=false +SHOW_PERMS=false +APPLY_FIXES=false +while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + show_header + show_help + exit 0 + ;; + -v|--version) + show_version + ;; + -d|--dry-run) + DRY_RUN=true + shift + ;; + -s|--show-perms) + SHOW_PERMS=true + shift + ;; + -f|--fix) + APPLY_FIXES=true + shift + ;; + -mp|--moodlepath) + MOODLE_DIR="$2" + shift 2 + ;; + -md|--moodledata) + MOODLEDATA_DIR="$2" + shift 2 + ;; + -mv|--moodleversion) + MOODLE_VERSION="$2" + validate_moodle_version "$MOODLE_VERSION" + shift 2 + ;; + *) + echo "❌ Unknown argument: $1" + echo "Use $0 --help to see available options" + exit 1 + ;; + esac +done + +# Show header +show_header + +echo "đŸŽ¯ Detected configuration:" +echo " - Moodle Version: ${MOODLE_VERSION}.x" +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo "" + +# Default behavior: if no action specified, show permissions +if [ "$DRY_RUN" = false ] && [ "$SHOW_PERMS" = false ] && [ "$APPLY_FIXES" = false ]; then + echo "ℹī¸ No action specified. Defaulting to show permissions mode." + echo " Use --fix/-f to apply changes or --dry-run to simulate." + echo "" + SHOW_PERMS=true +fi + +# Execute show-perms if requested +if [ "$SHOW_PERMS" = true ]; then + show_current_permissions +fi + +# Verify script is run as root for fix operations +if [ "$APPLY_FIXES" = true ] && [ "$(id -u)" -ne 0 ]; then + echo "❌ This script must be run as root to apply fixes" + exit 1 +fi + +# Execute dry-run if requested +if [ "$DRY_RUN" = true ]; then + dry_run +fi + +# Execute fix if requested +if [ "$APPLY_FIXES" = true ]; then + apply_fixes +fi From 343bb17321d09115e4fc0af600ef037a268353ac Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 12:42:53 +0100 Subject: [PATCH 09/12] added 4.x in readme --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index b56dd0e..7ab0e4b 100644 --- a/README.rst +++ b/README.rst @@ -1,4 +1,4 @@ -Moodle - Course Management System +Moodle 4.x - Course Management System ================================= `Moodle`_ is a popular e-learning software platform, also known as a From c6830a3779eebb7928258a6eeec7f45633c22c11 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 13:45:11 +0100 Subject: [PATCH 10/12] updated folder and run without parameters --- conf.d/main | 4 ++-- overlay/usr/bin/moodle-perms-bookworm.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf.d/main b/conf.d/main index 8107226..62afdfa 100755 --- a/conf.d/main +++ b/conf.d/main @@ -56,7 +56,7 @@ git checkout $MOODLE_BRANCH mkdir $DATAROOT # using UncleDan script to fix permissions -/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix php admin/cli/install.php \ --chmod=750 \ @@ -79,7 +79,7 @@ php admin/cli/install.php \ --agree-license # reset permissions using UncleDan script just in case... -/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix ## tweak config diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh index 2cb2d35..ed072c2 100755 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ b/overlay/usr/bin/moodle-perms-bookworm.sh @@ -16,7 +16,7 @@ set -e # Exit immediately on error # Default configurations MOODLE_DIR="/var/www/moodle" -MOODLEDATA_DIR="/var/www/moodledata" +MOODLEDATA_DIR="/var/moodledata" WWW_USER="www-data" WWW_GROUP="www-data" From df76ee6321df40c7d5bbd81dedd57ce3745e2b81 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 15:05:27 +0100 Subject: [PATCH 11/12] RC1 --- README.rst | 2 +- changelog | 6 +++--- conf.d/main | 4 ++-- overlay/usr/bin/moodle-perms-bookworm.sh | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index 7ab0e4b..d320568 100644 --- a/README.rst +++ b/README.rst @@ -1,4 +1,4 @@ -Moodle 4.x - Course Management System +Moodle 5.x - Course Management System ================================= `Moodle`_ is a popular e-learning software platform, also known as a diff --git a/changelog b/changelog index 469201b..3e9babb 100644 --- a/changelog +++ b/changelog @@ -1,7 +1,7 @@ -turnkey-moodle4-18.1 (1) turnkey; urgency=low +turnkey-moodle5-18.1 (1) turnkey; urgency=low - * Install latest upstream version of Moodle 4.x: 4.5.7+ (as of today, - download via git branch MOODLE_405_STABLE). + * Install latest upstream version of Moodle 5.x: 5.1+ (as of today, + download via git branch MOODLE_501_STABLE). * Set correct permissions and creating (eventually) missing folders. diff --git a/conf.d/main b/conf.d/main index 62afdfa..c99f10e 100755 --- a/conf.d/main +++ b/conf.d/main @@ -2,7 +2,7 @@ # REFERENCE: https://docs.moodle.org/501/en/Git_for_Administrators -MOODLE_BRANCH="MOODLE_405_STABLE" +MOODLE_BRANCH="MOODLE_501_STABLE" # Determine Moodle version from branch if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then @@ -10,7 +10,7 @@ if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then MOODLE_VERSION="5" else - MOODLE_VERSION="4" + MOODLE_VERSION="5" fi WEBROOT=/var/www/moodle diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh index ed072c2..9e807c0 100755 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ b/overlay/usr/bin/moodle-perms-bookworm.sh @@ -10,7 +10,7 @@ SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" SCRIPT_LICENSE="GPL-3.0" # Default Moodle version (independent from script release) -DEFAULT_MOODLE_VERSION="4" +DEFAULT_MOODLE_VERSION="5" set -e # Exit immediately on error From c6682e47d2a69dac226b8f17614352f5c41c265e Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 15:09:27 +0100 Subject: [PATCH 12/12] fix apache conf --- overlay/etc/apache2/sites-available/moodle.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay/etc/apache2/sites-available/moodle.conf b/overlay/etc/apache2/sites-available/moodle.conf index b1b201c..717b5f6 100644 --- a/overlay/etc/apache2/sites-available/moodle.conf +++ b/overlay/etc/apache2/sites-available/moodle.conf @@ -9,7 +9,7 @@ ErrorDocument 403 /error/index.php?code=404 UseCanonicalName Off ServerAdmin webmaster@localhost - DocumentRoot /var/www/moodle/ + DocumentRoot /var/www/moodle/public/ RewriteEngine On RewriteCond %{HTTP_HOST} !=localhost RewriteCond %{REMOTE_ADDR} !=127.0.0.1 @@ -19,7 +19,7 @@ ErrorDocument 403 /error/index.php?code=404 SSLEngine on ServerAdmin webmaster@localhost - DocumentRoot /var/www/moodle/ + DocumentRoot /var/www/moodle/public/ RewriteEngine On RewriteRule "(\/vendor\/)" - [F] RewriteRule "(\/node_modules\/)" - [F] @@ -38,7 +38,7 @@ ErrorDocument 403 /error/index.php?code=404 RewriteRule "(\/behat\/)" - [F] - + Options +FollowSymLinks -Indexes AllowOverride All Require all granted