From 92b0d14e91c8f4389b55788030d156f4fd47255f Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Mon, 20 Oct 2025 19:02:38 +0200 Subject: [PATCH 01/21] download via git --- changelog | 5 +++++ conf.d/main | 26 +++++++------------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/changelog b/changelog index b3bfbc6..103dc09 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,8 @@ +turnkey-moodle4-18.1 (1) turnkey; urgency=low + + * Install latest upstream version of Moodle: 4.5.7+ (as of today, + download via git branch MOODLE_405_STABLE). + turnkey-moodle-18.0 (1) turnkey; urgency=low * Install latest upstream version of Moodle: 4.3.0+ (as of today, diff --git a/conf.d/main b/conf.d/main index 4c107da..2e6f656 100755 --- a/conf.d/main +++ b/conf.d/main @@ -1,8 +1,9 @@ #!/bin/bash -ex +MOODLE_BRANCH="MOODLE_405_STABLE" + WEBROOT=/var/www/moodle DATAROOT=/var/www/moodledata -MOOSHROOT=/var/www/moosh DB_NAME=moodle DB_USER=moodle @@ -34,26 +35,13 @@ a2enmod headers sed -Ei "/max_input_vars/ s|^;?(max_input_vars =).*|\1 5000|" /etc/php/8.2/apache2/php.ini sed -Ei "/max_input_vars/ s|^;?(max_input_vars =).*|\1 5000|" /etc/php/8.2/cli/php.ini -cd $(dirname $MOOSHROOT) -git clone https://github.com/tmuras/moosh.git -cd $MOOSHROOT -chown -R www-data:www-data $MOOSHROOT -if [[ -n "$GITHUB_USER_TOKEN" ]]; then - turnkey-composer config github-oauth.github.com $GITHUB_USER_TOKEN -else - echo "WARNING: GITHUB_USER_TOKEN not set, build may fail" >&2 -fi -turnkey-composer install -ln -s $MOOSHROOT/moosh.php /usr/local/bin/moosh - -# download latest moodle with moosh, then unpack -cd $(dirname $WEBROOT) -moosh download-moodle -tar -C $(dirname $WEBROOT) -zxf moodle-*.tgz -rm -f moodle-*.tgz +# download latest moodle with git +git clone git://git.moodle.org/moodle.git $WEBROOT +cd $WEBROOT +git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH +git checkout $MOODLE_BRANCH chown -R root:root $WEBROOT -cd $WEBROOT php admin/cli/install.php \ --chmod=750 \ --lang=en \ From adeaadb34d3649e78e2f2beb9a721fcfcaefb2dd Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 12:32:47 +0100 Subject: [PATCH 02/21] enhanced permissions --- conf.d/main | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 132 insertions(+), 1 deletion(-) diff --git a/conf.d/main b/conf.d/main index 2e6f656..e9d47d7 100755 --- a/conf.d/main +++ b/conf.d/main @@ -96,5 +96,136 @@ USE $DB_NAME; DELETE FROM role_capabilities WHERE capability = "tool/dataprivacy:requestdelete"; EOF +# ======================================================== +# Apply Moodle Permissions using integrated permissions manager +# ======================================================== + +echo "🔧 Applying Moodle permissions based on branch: $MOODLE_BRANCH" + +# Determine Moodle version from branch name +if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then + MOODLE_VERSION="4" + echo "đŸŽ¯ Detected Moodle 4.x from branch name" +elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then + MOODLE_VERSION="5" + echo "đŸŽ¯ Detected Moodle 5.x from branch name" +else + # Default to Moodle 5 for stable branches if not specified + MOODLE_VERSION="5" + echo "⚠ī¸ Could not determine version from branch, defaulting to Moodle 5.x" +fi + +# Set variables for permissions script +MOODLE_DIR="$WEBROOT" +MOODLEDATA_DIR="$DATAROOT" +WWW_USER="www-data" +WWW_GROUP="www-data" + +echo "📁 Setting up Moodle $MOODLE_VERSION.x permissions..." +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo " - Web User: $WWW_USER:$WWW_GROUP" + +# Create critical directories based on version +echo "📁 Creating critical Moodle $MOODLE_VERSION.x directories..." + +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + mkdir -p "$dir" + echo " ✅ Created: $dir" + return 0 + else + echo " 📁 Existing: $dir" + return 1 + fi +} + +if [ "$MOODLE_VERSION" = "4" ]; then + # Moodle 4 directories + moodle_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") +else + # Moodle 5 directories + moodle_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") +fi + +for dir in "${moodle_dirs[@]}"; do + full_path="$MOODLEDATA_DIR/$dir" + create_directory_if_missing "$full_path" +done + +echo "👤 Setting ownership..." +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + +echo "📁 Setting base Moodle permissions..." +find "$MOODLE_DIR" -type d -exec chmod 755 {} \; +find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + +echo "🔒 Protecting config.php..." +if [ -f "$MOODLE_DIR/config.php" ]; then + chmod 640 "$MOODLE_DIR/config.php" +else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" +fi + +echo "💾 Setting moodledata permissions..." +find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; +find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + +# Set executable permissions for CLI scripts +if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" +fi + +# Set specific directory permissions +echo "đŸŽ¯ Setting specific Moodle $MOODLE_VERSION.x directory permissions..." +for dir in "${moodle_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi +done + +# Verify permissions +echo "🔍 Verifying permissions..." +for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi +done + +echo "🔍 Verifying specific Moodle $MOODLE_VERSION.x directory permissions..." +for dir in "${moodle_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi +done + +echo "" +echo "✅ Moodle $MOODLE_VERSION.x permissions set successfully!" +echo "📋 Permissions summary:" +echo " - Moodle dir: $MOODLE_DIR (755/644)" +echo " - Moodledata: $MOODLEDATA_DIR (770/660)" +echo " - Owner: $WWW_USER:$WWW_GROUP" +echo " - config.php: 640" +echo " - CLI scripts: 755" + +# Version-specific notes +if [ "$MOODLE_VERSION" = "4" ]; then + echo "📝 Moodle 4.x specific directories configured: trashdir, filedir, repository" +else + echo "📝 Moodle 5.x specific directories configured: trash, localcache, lock, tasks" +fi + # stop mysql server -systemctl stop mysql +systemctl stop mysql + +echo "" +echo "================================================================================" +echo "Moodle installation and permissions configuration completed successfully!" +echo "Moodle Version: $MOODLE_BRANCH (detected as $MOODLE_VERSION.x)" +echo "================================================================================" From acc03d365d55ca22c9fc1de69b3cf99cf0a82682 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 16:56:35 +0100 Subject: [PATCH 03/21] Revert "enhanced permissions" This reverts commit adeaadb34d3649e78e2f2beb9a721fcfcaefb2dd. --- conf.d/main | 133 +--------------------------------------------------- 1 file changed, 1 insertion(+), 132 deletions(-) diff --git a/conf.d/main b/conf.d/main index e9d47d7..2e6f656 100755 --- a/conf.d/main +++ b/conf.d/main @@ -96,136 +96,5 @@ USE $DB_NAME; DELETE FROM role_capabilities WHERE capability = "tool/dataprivacy:requestdelete"; EOF -# ======================================================== -# Apply Moodle Permissions using integrated permissions manager -# ======================================================== - -echo "🔧 Applying Moodle permissions based on branch: $MOODLE_BRANCH" - -# Determine Moodle version from branch name -if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then - MOODLE_VERSION="4" - echo "đŸŽ¯ Detected Moodle 4.x from branch name" -elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then - MOODLE_VERSION="5" - echo "đŸŽ¯ Detected Moodle 5.x from branch name" -else - # Default to Moodle 5 for stable branches if not specified - MOODLE_VERSION="5" - echo "⚠ī¸ Could not determine version from branch, defaulting to Moodle 5.x" -fi - -# Set variables for permissions script -MOODLE_DIR="$WEBROOT" -MOODLEDATA_DIR="$DATAROOT" -WWW_USER="www-data" -WWW_GROUP="www-data" - -echo "📁 Setting up Moodle $MOODLE_VERSION.x permissions..." -echo " - Moodle Directory: $MOODLE_DIR" -echo " - Moodledata Directory: $MOODLEDATA_DIR" -echo " - Web User: $WWW_USER:$WWW_GROUP" - -# Create critical directories based on version -echo "📁 Creating critical Moodle $MOODLE_VERSION.x directories..." - -create_directory_if_missing() { - local dir="$1" - if [ ! -d "$dir" ]; then - mkdir -p "$dir" - echo " ✅ Created: $dir" - return 0 - else - echo " 📁 Existing: $dir" - return 1 - fi -} - -if [ "$MOODLE_VERSION" = "4" ]; then - # Moodle 4 directories - moodle_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") -else - # Moodle 5 directories - moodle_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") -fi - -for dir in "${moodle_dirs[@]}"; do - full_path="$MOODLEDATA_DIR/$dir" - create_directory_if_missing "$full_path" -done - -echo "👤 Setting ownership..." -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" - -echo "📁 Setting base Moodle permissions..." -find "$MOODLE_DIR" -type d -exec chmod 755 {} \; -find "$MOODLE_DIR" -type f -exec chmod 644 {} \; - -echo "🔒 Protecting config.php..." -if [ -f "$MOODLE_DIR/config.php" ]; then - chmod 640 "$MOODLE_DIR/config.php" -else - echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" -fi - -echo "💾 Setting moodledata permissions..." -find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; -find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; - -# Set executable permissions for CLI scripts -if [ -d "$MOODLE_DIR/admin/cli" ]; then - find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; - echo "✅ CLI scripts set as executable" -fi - -# Set specific directory permissions -echo "đŸŽ¯ Setting specific Moodle $MOODLE_VERSION.x directory permissions..." -for dir in "${moodle_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi -done - -# Verify permissions -echo "🔍 Verifying permissions..." -for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " 📁 $dir: $perms" - fi -done - -echo "🔍 Verifying specific Moodle $MOODLE_VERSION.x directory permissions..." -for dir in "${moodle_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") - echo " 📁 $MOODLEDATA_DIR/$dir: $perms" - fi -done - -echo "" -echo "✅ Moodle $MOODLE_VERSION.x permissions set successfully!" -echo "📋 Permissions summary:" -echo " - Moodle dir: $MOODLE_DIR (755/644)" -echo " - Moodledata: $MOODLEDATA_DIR (770/660)" -echo " - Owner: $WWW_USER:$WWW_GROUP" -echo " - config.php: 640" -echo " - CLI scripts: 755" - -# Version-specific notes -if [ "$MOODLE_VERSION" = "4" ]; then - echo "📝 Moodle 4.x specific directories configured: trashdir, filedir, repository" -else - echo "📝 Moodle 5.x specific directories configured: trash, localcache, lock, tasks" -fi - # stop mysql server -systemctl stop mysql - -echo "" -echo "================================================================================" -echo "Moodle installation and permissions configuration completed successfully!" -echo "Moodle Version: $MOODLE_BRANCH (detected as $MOODLE_VERSION.x)" -echo "================================================================================" +systemctl stop mysql From 4e63a2604c7378586d3cf8b66099408dbf09cad8 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Tue, 28 Oct 2025 17:12:32 +0100 Subject: [PATCH 04/21] again permissions, let's try it --- changelog | 5 +- conf.d/main | 581 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 585 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 103dc09..469201b 100644 --- a/changelog +++ b/changelog @@ -1,8 +1,11 @@ turnkey-moodle4-18.1 (1) turnkey; urgency=low - * Install latest upstream version of Moodle: 4.5.7+ (as of today, + * Install latest upstream version of Moodle 4.x: 4.5.7+ (as of today, download via git branch MOODLE_405_STABLE). + * Set correct permissions and creating (eventually) missing folders. + + turnkey-moodle-18.0 (1) turnkey; urgency=low * Install latest upstream version of Moodle: 4.3.0+ (as of today, diff --git a/conf.d/main b/conf.d/main index 2e6f656..60639c0 100755 --- a/conf.d/main +++ b/conf.d/main @@ -1,7 +1,18 @@ #!/bin/bash -ex +# REFERENCE: https://docs.moodle.org/501/en/Git_for_Administrators + MOODLE_BRANCH="MOODLE_405_STABLE" +# Determine Moodle version from branch +if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then + DEFAULT_MOODLE_VERSION="4" +elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then + DEFAULT_MOODLE_VERSION="5" +else + DEFAULT_MOODLE_VERSION="4" +fi + WEBROOT=/var/www/moodle DATAROOT=/var/www/moodledata @@ -98,3 +109,573 @@ EOF # stop mysql server systemctl stop mysql + +#!/bin/bash +# ======================================================== +# Moodle Permissions Manager - Unified Script +# Supports Moodle 4.x and 5.x +# ======================================================== + +# Ubuntu-style release variable (SCRIPT RELEASE) +SCRIPT_RELEASE="25.10" +SCRIPT_CODENAME="Universal Hawk" +SCRIPT_DATE="2025-10-25" +SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" +SCRIPT_LICENSE="GPL-3.0" + +# Default Moodle version (independent from script release) +DEFAULT_MOODLE_VERSION="4" + +set -e # Exit immediately on error + +# Default configurations +MOODLE_DIR=${WEBROOT} +MOODLEDATA_DIR=${DATAROOT} +WWW_USER="www-data" +WWW_GROUP="www-data" + +# Determine Moodle version (use default if not specified) +MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" + +# Function to show header +show_header() { + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" + echo "================================================================================" + echo "Author: ${SCRIPT_AUTHOR}" + echo "Release: ${SCRIPT_RELEASE} - ${SCRIPT_DATE}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Selected Moodle Version: ${MOODLE_VERSION}.x" + echo "================================================================================" + echo "" +} + +# Function to show help +show_help() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -h, --help Show this help message" + echo " -v, --version Show version information" + echo " -d, --dry-run Simulate operations without applying changes" + echo " -s, --show-perms Show current permissions without modifying" + echo " -mp, --moodlepath PATH Specify Moodle installation path" + echo " -md, --moodledata PATH Specify moodledata path" + echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" + echo "" + echo "Examples:" + echo " $0 # Use default version (Moodle ${DEFAULT_MOODLE_VERSION})" + echo " $0 -mv 5 # Force Moodle version 5" + echo " $0 -mv 4 -d # Moodle 4 in dry-run mode" + echo " $0 -mv 5 -s # Show current permissions for Moodle 5" + echo " $0 -mp /opt/moodle -mv 5 # Custom path + version" + echo " $0 -mp /opt/moodle -md /opt/moodledata -mv 4 -s # All parameters + show" + echo "" + echo "Notes:" + echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" + echo " Script version: ${SCRIPT_RELEASE}" +} + +# Function to show version +show_version() { + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "Codename: ${SCRIPT_CODENAME}" + echo "Release Date: ${SCRIPT_DATE}" + echo "Author: ${SCRIPT_AUTHOR}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" + exit 0 +} + +# Function to validate Moodle version +validate_moodle_version() { + local version=$1 + if [[ "$version" != "4" && "$version" != "5" ]]; then + echo "❌ ERROR: Invalid Moodle version: '$version'" + echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" + exit 1 + fi +} + +# Function to check main directories existence +check_main_directories() { + if [ ! -d "$MOODLE_DIR" ]; then + echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" + exit 1 + fi + + if [ ! -d "$MOODLEDATA_DIR" ]; then + echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" + exit 1 + fi +} + +# Function to show current permissions for Moodle 4 +show_moodle4_permissions() { + echo "🔍 Current Moodle 4 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 4 directories:" + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions for Moodle 5 +show_moodle5_permissions() { + echo "🔍 Current Moodle 5 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 5 directories:" + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions +show_current_permissions() { + echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + if [ "$MOODLE_VERSION" = "4" ]; then + show_moodle4_permissions + else + show_moodle5_permissions + fi + + echo "" + echo "📋 Recommended permissions:" + echo " - Moodle directory: 755 (dir) / 644 (file)" + echo " - Moodledata directory: 770 (dir) / 660 (file)" + echo " - config.php: 640" + echo " - CLI scripts: 755" + echo " - Owner: ${WWW_USER}:${WWW_GROUP}" + + exit 0 +} + +# Function to create directory if missing +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + echo "📁 Creating directory: $dir" + mkdir -p "$dir" + return 0 # Directory created + else + return 1 # Directory already exists + fi +} + +# Function to create critical Moodle 4 directories +create_moodle4_directories() { + echo "📁 Creating critical Moodle 4 directories..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to create critical Moodle 5 directories +create_moodle5_directories() { + echo "📁 Creating critical Moodle 5 directories..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to set Moodle 4 permissions +set_moodle4_permissions() { + echo "đŸŽ¯ Setting specific Moodle 4 permissions..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function to set Moodle 5 permissions +set_moodle5_permissions() { + echo "đŸŽ¯ Setting specific Moodle 5 permissions..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function for Moodle 4 dry-run +dry_run_moodle4() { + echo "📋 Specific Moodle 4 operations that would be executed:" + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 4 specific notes:" + echo " - 'trashdir' directory instead of 'trash'" + echo " - 'filedir' for main file storage" + echo " - 'repository' for repository files" + echo " - 'log' dedicated directory for logs" +} + +# Function for Moodle 5 dry-run +dry_run_moodle5() { + echo "📋 Specific Moodle 5 operations that would be executed:" + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 5 specific notes:" + echo " - 'lock' directory for improved lock management" + echo " - 'tasks' directory for task scheduling" + echo " - 'localcache' directory for local cache" + echo " - 'trash' directory instead of 'trashdir'" +} + +# Function for dry-run +dry_run() { + echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + echo "📋 Common operations that would be executed:" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" + echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" + echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" + + if [ -f "$MOODLE_DIR/config.php" ]; then + echo " chmod 640 \"$MOODLE_DIR/config.php\"" + else + echo " # config.php not found in $MOODLE_DIR (will be skipped)" + fi + + if [ -d "$MOODLE_DIR/admin/cli" ]; then + echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" + else + echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" + fi + + echo "" + + # Version-specific operations + if [ "$MOODLE_VERSION" = "4" ]; then + dry_run_moodle4 + else + dry_run_moodle5 + fi + + echo "" + echo "🔍 Verifications that would be executed:" + echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" + echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" + + echo "" + echo "✅ [DRY-RUN] Simulation completed - No changes applied" + exit 0 +} + +# Argument parsing +DRY_RUN=false +SHOW_PERMS=false +while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + show_header + show_help + exit 0 + ;; + -v|--version) + show_version + ;; + -d|--dry-run) + DRY_RUN=true + shift + ;; + -s|--show-perms) + SHOW_PERMS=true + shift + ;; + -mp|--moodlepath) + MOODLE_DIR="$2" + shift 2 + ;; + -md|--moodledata) + MOODLEDATA_DIR="$2" + shift 2 + ;; + -mv|--moodleversion) + MOODLE_VERSION="$2" + validate_moodle_version "$MOODLE_VERSION" + shift 2 + ;; + *) + echo "❌ Unknown argument: $1" + echo "Use $0 --help to see available options" + exit 1 + ;; + esac +done + +# Show header +show_header + +echo "đŸŽ¯ Detected configuration:" +echo " - Moodle Version: ${MOODLE_VERSION}.x" +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo "" + +# Verify script is run as root (except for show-perms) +if [ "$SHOW_PERMS" = false ] && [ "$(id -u)" -ne 0 ]; then + echo "❌ This script must be run as root" + exit 1 +fi + +# Execute show-perms if requested +if [ "$SHOW_PERMS" = true ]; then + show_current_permissions +fi + +# Execute dry-run if requested +if [ "$DRY_RUN" = true ]; then + dry_run +fi + +echo "🔍 Verifying main directories..." +check_main_directories + +echo "📁 Creating critical directories..." +# Create critical directories based on version +if [ "$MOODLE_VERSION" = "4" ]; then + create_moodle4_directories +else + create_moodle5_directories +fi + +echo "👤 Setting ownership..." +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" +chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + +echo "📁 Setting base Moodle permissions..." +find "$MOODLE_DIR" -type d -exec chmod 755 {} \; +find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + +# Check if config.php exists before modifying it +if [ -f "$MOODLE_DIR/config.php" ]; then + echo "🔒 Protecting config.php..." + chmod 640 "$MOODLE_DIR/config.php" +else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" +fi + +echo "💾 Setting moodledata permissions..." +find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; +find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + +# CLI scripts (common to both versions) +if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" +fi + +# Setting version-specific permissions +if [ "$MOODLE_VERSION" = "4" ]; then + set_moodle4_permissions +else + set_moodle5_permissions +fi + +# Verify critical directory permissions +echo "🔍 Verifying critical directory permissions..." +for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi +done + +# Verify specific directory permissions +echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." +if [ "$MOODLE_VERSION" = "4" ]; then + specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") +else + specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") +fi + +for dir in "${specific_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi +done + +echo "" +echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" +echo "" +echo "📋 Configuration summary:" +echo " - Script version: ${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" +echo " - Moodle version: ${MOODLE_VERSION}.x" +echo " - Moodle dir: $MOODLE_DIR (755/644)" +echo " - Moodledata: $MOODLEDATA_DIR (770/660)" +echo " - Owner: $WWW_USER:$WWW_GROUP" +echo " - config.php: 640 (if present)" +echo " - CLI scripts: 755" +echo "" + +# Version-specific notes +if [ "$MOODLE_VERSION" = "4" ]; then + echo "⚠ī¸ Important notes for Moodle 4:" + echo " - PHP 7.4/8.0 required (8.0+ recommended)" + echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" + echo " - Specific directories: trashdir/, filedir/, repository/" +else + echo "⚠ī¸ Important notes for Moodle 5:" + echo " - PHP 8.1+ required" + echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" + echo " - Specific directories: trash/, localcache/, lock/, tasks/" +fi + +echo " - Check logs in $MOODLEDATA_DIR for errors" +echo "" +echo "================================================================================" +echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" +echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" +echo "================================================================================" From f20d295d4a2ad01dff179d862eee14ae1ac4fbd8 Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Thu, 20 Nov 2025 18:08:32 +0100 Subject: [PATCH 05/21] best practice for data folder, integrate script for permissions (placeholder) --- conf.d/main | 587 +---------------------- overlay/usr/bin/moodle-perms-bookworm.sh | 0 2 files changed, 9 insertions(+), 578 deletions(-) create mode 100644 overlay/usr/bin/moodle-perms-bookworm.sh diff --git a/conf.d/main b/conf.d/main index 60639c0..4769a2a 100755 --- a/conf.d/main +++ b/conf.d/main @@ -6,15 +6,15 @@ MOODLE_BRANCH="MOODLE_405_STABLE" # Determine Moodle version from branch if [[ "$MOODLE_BRANCH" == *"MOODLE_4"* ]]; then - DEFAULT_MOODLE_VERSION="4" + MOODLE_VERSION="4" elif [[ "$MOODLE_BRANCH" == *"MOODLE_5"* ]]; then - DEFAULT_MOODLE_VERSION="5" + MOODLE_VERSION="5" else - DEFAULT_MOODLE_VERSION="4" + MOODLE_VERSION="4" fi WEBROOT=/var/www/moodle -DATAROOT=/var/www/moodledata +DATAROOT=/var/moodledata DB_NAME=moodle DB_USER=moodle @@ -51,7 +51,9 @@ git clone git://git.moodle.org/moodle.git $WEBROOT cd $WEBROOT git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH -chown -R root:root $WEBROOT + +# using UncleDan script to fix permissions +/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" php admin/cli/install.php \ --chmod=750 \ @@ -73,9 +75,8 @@ php admin/cli/install.php \ --non-interactive \ --agree-license -chown -R www-data:www-data $DATAROOT -chown -R www-data:www-data /var/www/moodle/theme -chown root:www-data $WEBROOT/config.php +# reset permissions using UncleDan script just in case... +/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" ## tweak config @@ -109,573 +110,3 @@ EOF # stop mysql server systemctl stop mysql - -#!/bin/bash -# ======================================================== -# Moodle Permissions Manager - Unified Script -# Supports Moodle 4.x and 5.x -# ======================================================== - -# Ubuntu-style release variable (SCRIPT RELEASE) -SCRIPT_RELEASE="25.10" -SCRIPT_CODENAME="Universal Hawk" -SCRIPT_DATE="2025-10-25" -SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" -SCRIPT_LICENSE="GPL-3.0" - -# Default Moodle version (independent from script release) -DEFAULT_MOODLE_VERSION="4" - -set -e # Exit immediately on error - -# Default configurations -MOODLE_DIR=${WEBROOT} -MOODLEDATA_DIR=${DATAROOT} -WWW_USER="www-data" -WWW_GROUP="www-data" - -# Determine Moodle version (use default if not specified) -MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" - -# Function to show header -show_header() { - echo "================================================================================" - echo "Moodle Permissions Manager v${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" - echo "================================================================================" - echo "Author: ${SCRIPT_AUTHOR}" - echo "Release: ${SCRIPT_RELEASE} - ${SCRIPT_DATE}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Selected Moodle Version: ${MOODLE_VERSION}.x" - echo "================================================================================" - echo "" -} - -# Function to show help -show_help() { - echo "Usage: $0 [OPTIONS]" - echo "" - echo "Options:" - echo " -h, --help Show this help message" - echo " -v, --version Show version information" - echo " -d, --dry-run Simulate operations without applying changes" - echo " -s, --show-perms Show current permissions without modifying" - echo " -mp, --moodlepath PATH Specify Moodle installation path" - echo " -md, --moodledata PATH Specify moodledata path" - echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" - echo "" - echo "Examples:" - echo " $0 # Use default version (Moodle ${DEFAULT_MOODLE_VERSION})" - echo " $0 -mv 5 # Force Moodle version 5" - echo " $0 -mv 4 -d # Moodle 4 in dry-run mode" - echo " $0 -mv 5 -s # Show current permissions for Moodle 5" - echo " $0 -mp /opt/moodle -mv 5 # Custom path + version" - echo " $0 -mp /opt/moodle -md /opt/moodledata -mv 4 -s # All parameters + show" - echo "" - echo "Notes:" - echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" - echo " Script version: ${SCRIPT_RELEASE}" -} - -# Function to show version -show_version() { - echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" - echo "Codename: ${SCRIPT_CODENAME}" - echo "Release Date: ${SCRIPT_DATE}" - echo "Author: ${SCRIPT_AUTHOR}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" - exit 0 -} - -# Function to validate Moodle version -validate_moodle_version() { - local version=$1 - if [[ "$version" != "4" && "$version" != "5" ]]; then - echo "❌ ERROR: Invalid Moodle version: '$version'" - echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" - exit 1 - fi -} - -# Function to check main directories existence -check_main_directories() { - if [ ! -d "$MOODLE_DIR" ]; then - echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" - exit 1 - fi - - if [ ! -d "$MOODLEDATA_DIR" ]; then - echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" - exit 1 - fi -} - -# Function to show current permissions for Moodle 4 -show_moodle4_permissions() { - echo "🔍 Current Moodle 4 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 4 directories:" - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions for Moodle 5 -show_moodle5_permissions() { - echo "🔍 Current Moodle 5 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 5 directories:" - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions -show_current_permissions() { - echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - if [ "$MOODLE_VERSION" = "4" ]; then - show_moodle4_permissions - else - show_moodle5_permissions - fi - - echo "" - echo "📋 Recommended permissions:" - echo " - Moodle directory: 755 (dir) / 644 (file)" - echo " - Moodledata directory: 770 (dir) / 660 (file)" - echo " - config.php: 640" - echo " - CLI scripts: 755" - echo " - Owner: ${WWW_USER}:${WWW_GROUP}" - - exit 0 -} - -# Function to create directory if missing -create_directory_if_missing() { - local dir="$1" - if [ ! -d "$dir" ]; then - echo "📁 Creating directory: $dir" - mkdir -p "$dir" - return 0 # Directory created - else - return 1 # Directory already exists - fi -} - -# Function to create critical Moodle 4 directories -create_moodle4_directories() { - echo "📁 Creating critical Moodle 4 directories..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to create critical Moodle 5 directories -create_moodle5_directories() { - echo "📁 Creating critical Moodle 5 directories..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to set Moodle 4 permissions -set_moodle4_permissions() { - echo "đŸŽ¯ Setting specific Moodle 4 permissions..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function to set Moodle 5 permissions -set_moodle5_permissions() { - echo "đŸŽ¯ Setting specific Moodle 5 permissions..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function for Moodle 4 dry-run -dry_run_moodle4() { - echo "📋 Specific Moodle 4 operations that would be executed:" - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 4 specific notes:" - echo " - 'trashdir' directory instead of 'trash'" - echo " - 'filedir' for main file storage" - echo " - 'repository' for repository files" - echo " - 'log' dedicated directory for logs" -} - -# Function for Moodle 5 dry-run -dry_run_moodle5() { - echo "📋 Specific Moodle 5 operations that would be executed:" - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 5 specific notes:" - echo " - 'lock' directory for improved lock management" - echo " - 'tasks' directory for task scheduling" - echo " - 'localcache' directory for local cache" - echo " - 'trash' directory instead of 'trashdir'" -} - -# Function for dry-run -dry_run() { - echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - echo "📋 Common operations that would be executed:" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" - echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" - echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" - - if [ -f "$MOODLE_DIR/config.php" ]; then - echo " chmod 640 \"$MOODLE_DIR/config.php\"" - else - echo " # config.php not found in $MOODLE_DIR (will be skipped)" - fi - - if [ -d "$MOODLE_DIR/admin/cli" ]; then - echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" - else - echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" - fi - - echo "" - - # Version-specific operations - if [ "$MOODLE_VERSION" = "4" ]; then - dry_run_moodle4 - else - dry_run_moodle5 - fi - - echo "" - echo "🔍 Verifications that would be executed:" - echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" - echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" - - echo "" - echo "✅ [DRY-RUN] Simulation completed - No changes applied" - exit 0 -} - -# Argument parsing -DRY_RUN=false -SHOW_PERMS=false -while [[ $# -gt 0 ]]; do - case $1 in - -h|--help) - show_header - show_help - exit 0 - ;; - -v|--version) - show_version - ;; - -d|--dry-run) - DRY_RUN=true - shift - ;; - -s|--show-perms) - SHOW_PERMS=true - shift - ;; - -mp|--moodlepath) - MOODLE_DIR="$2" - shift 2 - ;; - -md|--moodledata) - MOODLEDATA_DIR="$2" - shift 2 - ;; - -mv|--moodleversion) - MOODLE_VERSION="$2" - validate_moodle_version "$MOODLE_VERSION" - shift 2 - ;; - *) - echo "❌ Unknown argument: $1" - echo "Use $0 --help to see available options" - exit 1 - ;; - esac -done - -# Show header -show_header - -echo "đŸŽ¯ Detected configuration:" -echo " - Moodle Version: ${MOODLE_VERSION}.x" -echo " - Moodle Directory: $MOODLE_DIR" -echo " - Moodledata Directory: $MOODLEDATA_DIR" -echo "" - -# Verify script is run as root (except for show-perms) -if [ "$SHOW_PERMS" = false ] && [ "$(id -u)" -ne 0 ]; then - echo "❌ This script must be run as root" - exit 1 -fi - -# Execute show-perms if requested -if [ "$SHOW_PERMS" = true ]; then - show_current_permissions -fi - -# Execute dry-run if requested -if [ "$DRY_RUN" = true ]; then - dry_run -fi - -echo "🔍 Verifying main directories..." -check_main_directories - -echo "📁 Creating critical directories..." -# Create critical directories based on version -if [ "$MOODLE_VERSION" = "4" ]; then - create_moodle4_directories -else - create_moodle5_directories -fi - -echo "👤 Setting ownership..." -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" -chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" - -echo "📁 Setting base Moodle permissions..." -find "$MOODLE_DIR" -type d -exec chmod 755 {} \; -find "$MOODLE_DIR" -type f -exec chmod 644 {} \; - -# Check if config.php exists before modifying it -if [ -f "$MOODLE_DIR/config.php" ]; then - echo "🔒 Protecting config.php..." - chmod 640 "$MOODLE_DIR/config.php" -else - echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" -fi - -echo "💾 Setting moodledata permissions..." -find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; -find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; - -# CLI scripts (common to both versions) -if [ -d "$MOODLE_DIR/admin/cli" ]; then - find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; - echo "✅ CLI scripts set as executable" -fi - -# Setting version-specific permissions -if [ "$MOODLE_VERSION" = "4" ]; then - set_moodle4_permissions -else - set_moodle5_permissions -fi - -# Verify critical directory permissions -echo "🔍 Verifying critical directory permissions..." -for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " 📁 $dir: $perms" - fi -done - -# Verify specific directory permissions -echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." -if [ "$MOODLE_VERSION" = "4" ]; then - specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") -else - specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") -fi - -for dir in "${specific_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") - echo " 📁 $MOODLEDATA_DIR/$dir: $perms" - fi -done - -echo "" -echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" -echo "" -echo "📋 Configuration summary:" -echo " - Script version: ${SCRIPT_RELEASE} (${SCRIPT_CODENAME})" -echo " - Moodle version: ${MOODLE_VERSION}.x" -echo " - Moodle dir: $MOODLE_DIR (755/644)" -echo " - Moodledata: $MOODLEDATA_DIR (770/660)" -echo " - Owner: $WWW_USER:$WWW_GROUP" -echo " - config.php: 640 (if present)" -echo " - CLI scripts: 755" -echo "" - -# Version-specific notes -if [ "$MOODLE_VERSION" = "4" ]; then - echo "⚠ī¸ Important notes for Moodle 4:" - echo " - PHP 7.4/8.0 required (8.0+ recommended)" - echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" - echo " - Specific directories: trashdir/, filedir/, repository/" -else - echo "⚠ī¸ Important notes for Moodle 5:" - echo " - PHP 8.1+ required" - echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" - echo " - Specific directories: trash/, localcache/, lock/, tasks/" -fi - -echo " - Check logs in $MOODLEDATA_DIR for errors" -echo "" -echo "================================================================================" -echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" -echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" -echo "================================================================================" diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh new file mode 100644 index 0000000..e69de29 From 527625b95ffd5fcc8ab282f87a3f25c28dab0a9f Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 10:22:22 +0100 Subject: [PATCH 06/21] missing param --- conf.d/main | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf.d/main b/conf.d/main index 4769a2a..ea54003 100755 --- a/conf.d/main +++ b/conf.d/main @@ -53,7 +53,7 @@ git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH # using UncleDan script to fix permissions -/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" php admin/cli/install.php \ --chmod=750 \ @@ -76,7 +76,7 @@ php admin/cli/install.php \ --agree-license # reset permissions using UncleDan script just in case... -/usr/bin/moodle-perms-bookworm.sh --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" ## tweak config From 8e7093f6918d8d9a07a04ecef8e3a4f540c1c54a Mon Sep 17 00:00:00 2001 From: Daniele Lolli Date: Fri, 21 Nov 2025 10:53:16 +0100 Subject: [PATCH 07/21] create the data folder to ser permissions --- conf.d/main | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf.d/main b/conf.d/main index ea54003..8107226 100755 --- a/conf.d/main +++ b/conf.d/main @@ -52,6 +52,9 @@ cd $WEBROOT git branch --track $MOODLE_BRANCH origin/$MOODLE_BRANCH git checkout $MOODLE_BRANCH +# create the data folder to ser permissions +mkdir $DATAROOT + # using UncleDan script to fix permissions /usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" From 3a66f4dc21de5cef3ce31e8ad6bdd43a3eadfec5 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 12:33:15 +0100 Subject: [PATCH 08/21] integrate script and +x --- overlay/usr/bin/moodle-perms-bookworm.sh | 591 +++++++++++++++++++++++ 1 file changed, 591 insertions(+) mode change 100644 => 100755 overlay/usr/bin/moodle-perms-bookworm.sh diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh old mode 100644 new mode 100755 index e69de29..2cb2d35 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ b/overlay/usr/bin/moodle-perms-bookworm.sh @@ -0,0 +1,591 @@ +#!/bin/bash +# ======================================================== +# Moodle Permissions Manager - Unified Script +# Supports Moodle 4.x and 5.x +# ======================================================== + +# SCRIPT RELEASE INFORMATION +SCRIPT_RELEASE="25.11" +SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" +SCRIPT_LICENSE="GPL-3.0" + +# Default Moodle version (independent from script release) +DEFAULT_MOODLE_VERSION="4" + +set -e # Exit immediately on error + +# Default configurations +MOODLE_DIR="/var/www/moodle" +MOODLEDATA_DIR="/var/www/moodledata" +WWW_USER="www-data" +WWW_GROUP="www-data" + +# Determine Moodle version (use default if not specified) +MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" + +# Function to show header +show_header() { + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "================================================================================" + echo "Author: ${SCRIPT_AUTHOR}" + echo "Release: ${SCRIPT_RELEASE}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Selected Moodle Version: ${MOODLE_VERSION}.x" + echo "================================================================================" + echo "" +} + +# Function to show help +show_help() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -h, --help Show this help message" + echo " -v, --version Show version information" + echo " -d, --dry-run Simulate operations without applying changes" + echo " -s, --show-perms Show current permissions without modifying" + echo " -f, --fix Apply permissions fixes (required for changes)" + echo " -mp, --moodlepath PATH Specify Moodle installation path" + echo " -md, --moodledata PATH Specify moodledata path" + echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" + echo "" + echo "Examples:" + echo " $0 # Show current permissions (default)" + echo " $0 --fix # Apply permissions fixes" + echo " $0 -f # Apply permissions fixes (short)" + echo " $0 --fix -mv 5 # Fix permissions for Moodle 5" + echo " $0 --fix -d # Dry-run for fix operations" + echo " $0 -mv 5 -s # Show permissions for Moodle 5" + echo " $0 --fix -mp /opt/moodle -mv 5 # Custom path + version + fix" + echo "" + echo "Notes:" + echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" + echo " Script version: ${SCRIPT_RELEASE}" + echo " ⚠ī¸ Without --fix/-f parameter, only shows permissions (safe mode)" +} + +# Function to show version +show_version() { + echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" + echo "Author: ${SCRIPT_AUTHOR}" + echo "License: ${SCRIPT_LICENSE}" + echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" + echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" + exit 0 +} + +# Function to validate Moodle version +validate_moodle_version() { + local version=$1 + if [[ "$version" != "4" && "$version" != "5" ]]; then + echo "❌ ERROR: Invalid Moodle version: '$version'" + echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" + exit 1 + fi +} + +# Function to check main directories existence +check_main_directories() { + if [ ! -d "$MOODLE_DIR" ]; then + echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" + exit 1 + fi + + if [ ! -d "$MOODLEDATA_DIR" ]; then + echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" + exit 1 + fi +} + +# Function to show current permissions for Moodle 4 +show_moodle4_permissions() { + echo "🔍 Current Moodle 4 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 4 directories:" + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions for Moodle 5 +show_moodle5_permissions() { + echo "🔍 Current Moodle 5 directory permissions:" + echo "" + + echo "📁 Main directories:" + for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " $dir: $perms" + else + echo " $dir: ❌ NOT FOUND" + fi + done + + echo "" + echo "📁 Specific Moodle 5 directories:" + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if [ -d "$full_path" ]; then + perms=$(stat -c "%a %U:%G" "$full_path") + echo " $full_path: $perms" + else + echo " $full_path: 📁 DOES NOT EXIST" + fi + done + + echo "" + echo "📁 config.php file:" + if [ -f "$MOODLE_DIR/config.php" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") + echo " $MOODLE_DIR/config.php: $perms" + else + echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" + fi + + echo "" + echo "📁 CLI scripts:" + if [ -d "$MOODLE_DIR/admin/cli" ]; then + local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) + if [ -n "$cli_scripts" ]; then + echo " First 3 CLI scripts:" + while IFS= read -r script; do + if [ -f "$script" ]; then + perms=$(stat -c "%a %U:%G" "$script") + echo " $script: $perms" + fi + done <<< "$cli_scripts" + else + echo " No CLI scripts found" + fi + else + echo " CLI directory not found" + fi +} + +# Function to show current permissions +show_current_permissions() { + echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + if [ "$MOODLE_VERSION" = "4" ]; then + show_moodle4_permissions + else + show_moodle5_permissions + fi + + echo "" + echo "📋 Recommended permissions:" + echo " - Moodle directory: 755 (dir) / 644 (file)" + echo " - Moodledata directory: 770 (dir) / 660 (file)" + echo " - config.php: 640" + echo " - CLI scripts: 755" + echo " - Owner: ${WWW_USER}:${WWW_GROUP}" + + exit 0 +} + +# Function to create directory if missing +create_directory_if_missing() { + local dir="$1" + if [ ! -d "$dir" ]; then + echo "📁 Creating directory: $dir" + mkdir -p "$dir" + return 0 # Directory created + else + return 1 # Directory already exists + fi +} + +# Function to create critical Moodle 4 directories +create_moodle4_directories() { + echo "📁 Creating critical Moodle 4 directories..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to create critical Moodle 5 directories +create_moodle5_directories() { + echo "📁 Creating critical Moodle 5 directories..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + local full_path="$MOODLEDATA_DIR/$dir" + if create_directory_if_missing "$full_path"; then + echo " ✅ Created: $dir" + else + echo " 📁 Existing: $dir" + fi + done +} + +# Function to set Moodle 4 permissions +set_moodle4_permissions() { + echo "đŸŽ¯ Setting specific Moodle 4 permissions..." + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function to set Moodle 5 permissions +set_moodle5_permissions() { + echo "đŸŽ¯ Setting specific Moodle 5 permissions..." + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + chmod 770 "$MOODLEDATA_DIR/$dir" + echo " ✅ $dir directory set to 770" + fi + done +} + +# Function for Moodle 4 dry-run +dry_run_moodle4() { + echo "📋 Specific Moodle 4 operations that would be executed:" + + local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") + + for dir in "${moodle4_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 4 specific notes:" + echo " - 'trashdir' directory instead of 'trash'" + echo " - 'filedir' for main file storage" + echo " - 'repository' for repository files" + echo " - 'log' dedicated directory for logs" +} + +# Function for Moodle 5 dry-run +dry_run_moodle5() { + echo "📋 Specific Moodle 5 operations that would be executed:" + + local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") + + for dir in "${moodle5_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" + else + echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" + fi + done + + echo "" + echo "📝 Moodle 5 specific notes:" + echo " - 'lock' directory for improved lock management" + echo " - 'tasks' directory for task scheduling" + echo " - 'localcache' directory for local cache" + echo " - 'trash' directory instead of 'trashdir'" +} + +# Function for dry-run +dry_run() { + echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" + echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" + echo "" + + echo "📋 Common operations that would be executed:" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" + echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" + echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" + echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" + echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" + + if [ -f "$MOODLE_DIR/config.php" ]; then + echo " chmod 640 \"$MOODLE_DIR/config.php\"" + else + echo " # config.php not found in $MOODLE_DIR (will be skipped)" + fi + + if [ -d "$MOODLE_DIR/admin/cli" ]; then + echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" + else + echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" + fi + + echo "" + + # Version-specific operations + if [ "$MOODLE_VERSION" = "4" ]; then + dry_run_moodle4 + else + dry_run_moodle5 + fi + + echo "" + echo "🔍 Verifications that would be executed:" + echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" + echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" + + echo "" + echo "✅ [DRY-RUN] Simulation completed - No changes applied" + exit 0 +} + +# Function to apply fixes +apply_fixes() { + echo "🛠ī¸ Applying permissions fixes..." + + echo "🔍 Verifying main directories..." + check_main_directories + + echo "📁 Creating critical directories..." + # Create critical directories based on version + if [ "$MOODLE_VERSION" = "4" ]; then + create_moodle4_directories + else + create_moodle5_directories + fi + + echo "👤 Setting ownership..." + chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" + chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" + + echo "📁 Setting base Moodle permissions..." + find "$MOODLE_DIR" -type d -exec chmod 755 {} \; + find "$MOODLE_DIR" -type f -exec chmod 644 {} \; + + # Check if config.php exists before modifying it + if [ -f "$MOODLE_DIR/config.php" ]; then + echo "🔒 Protecting config.php..." + chmod 640 "$MOODLE_DIR/config.php" + else + echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" + fi + + echo "💾 Setting moodledata permissions..." + find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; + find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; + + # CLI scripts (common to both versions) + if [ -d "$MOODLE_DIR/admin/cli" ]; then + find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; + echo "✅ CLI scripts set as executable" + fi + + # Setting version-specific permissions + if [ "$MOODLE_VERSION" = "4" ]; then + set_moodle4_permissions + else + set_moodle5_permissions + fi + + # Verify critical directory permissions + echo "🔍 Verifying critical directory permissions..." + for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do + if [ -d "$dir" ]; then + perms=$(stat -c "%a %U:%G" "$dir") + echo " 📁 $dir: $perms" + fi + done + + # Verify specific directory permissions + echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." + if [ "$MOODLE_VERSION" = "4" ]; then + specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") + else + specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") + fi + + for dir in "${specific_dirs[@]}"; do + if [ -d "$MOODLEDATA_DIR/$dir" ]; then + perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") + echo " 📁 $MOODLEDATA_DIR/$dir: $perms" + fi + done + + echo "" + echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" + echo "" + echo "📋 Configuration summary:" + echo " - Script version: ${SCRIPT_RELEASE}" + echo " - Moodle version: ${MOODLE_VERSION}.x" + echo " - Moodle dir: $MOODLE_DIR (755/644)" + echo " - Moodledata: $MOODLEDATA_DIR (770/660)" + echo " - Owner: $WWW_USER:$WWW_GROUP" + echo " - config.php: 640 (if present)" + echo " - CLI scripts: 755" + echo "" + + # Version-specific notes + if [ "$MOODLE_VERSION" = "4" ]; then + echo "⚠ī¸ Important notes for Moodle 4:" + echo " - PHP 7.4/8.0 required (8.0+ recommended)" + echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" + echo " - Specific directories: trashdir/, filedir/, repository/" + else + echo "⚠ī¸ Important notes for Moodle 5:" + echo " - PHP 8.1+ required" + echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" + echo " - Specific directories: trash/, localcache/, lock/, tasks/" + fi + + echo " - Check logs in $MOODLEDATA_DIR for errors" + echo "" + echo "================================================================================" + echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" + echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" + echo "================================================================================" +} + +# Argument parsing +DRY_RUN=false +SHOW_PERMS=false +APPLY_FIXES=false +while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + show_header + show_help + exit 0 + ;; + -v|--version) + show_version + ;; + -d|--dry-run) + DRY_RUN=true + shift + ;; + -s|--show-perms) + SHOW_PERMS=true + shift + ;; + -f|--fix) + APPLY_FIXES=true + shift + ;; + -mp|--moodlepath) + MOODLE_DIR="$2" + shift 2 + ;; + -md|--moodledata) + MOODLEDATA_DIR="$2" + shift 2 + ;; + -mv|--moodleversion) + MOODLE_VERSION="$2" + validate_moodle_version "$MOODLE_VERSION" + shift 2 + ;; + *) + echo "❌ Unknown argument: $1" + echo "Use $0 --help to see available options" + exit 1 + ;; + esac +done + +# Show header +show_header + +echo "đŸŽ¯ Detected configuration:" +echo " - Moodle Version: ${MOODLE_VERSION}.x" +echo " - Moodle Directory: $MOODLE_DIR" +echo " - Moodledata Directory: $MOODLEDATA_DIR" +echo "" + +# Default behavior: if no action specified, show permissions +if [ "$DRY_RUN" = false ] && [ "$SHOW_PERMS" = false ] && [ "$APPLY_FIXES" = false ]; then + echo "ℹī¸ No action specified. Defaulting to show permissions mode." + echo " Use --fix/-f to apply changes or --dry-run to simulate." + echo "" + SHOW_PERMS=true +fi + +# Execute show-perms if requested +if [ "$SHOW_PERMS" = true ]; then + show_current_permissions +fi + +# Verify script is run as root for fix operations +if [ "$APPLY_FIXES" = true ] && [ "$(id -u)" -ne 0 ]; then + echo "❌ This script must be run as root to apply fixes" + exit 1 +fi + +# Execute dry-run if requested +if [ "$DRY_RUN" = true ]; then + dry_run +fi + +# Execute fix if requested +if [ "$APPLY_FIXES" = true ]; then + apply_fixes +fi From 343bb17321d09115e4fc0af600ef037a268353ac Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 12:42:53 +0100 Subject: [PATCH 09/21] added 4.x in readme --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index b56dd0e..7ab0e4b 100644 --- a/README.rst +++ b/README.rst @@ -1,4 +1,4 @@ -Moodle - Course Management System +Moodle 4.x - Course Management System ================================= `Moodle`_ is a popular e-learning software platform, also known as a From c6830a3779eebb7928258a6eeec7f45633c22c11 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Fri, 21 Nov 2025 13:45:11 +0100 Subject: [PATCH 10/21] updated folder and run without parameters --- conf.d/main | 4 ++-- overlay/usr/bin/moodle-perms-bookworm.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf.d/main b/conf.d/main index 8107226..62afdfa 100755 --- a/conf.d/main +++ b/conf.d/main @@ -56,7 +56,7 @@ git checkout $MOODLE_BRANCH mkdir $DATAROOT # using UncleDan script to fix permissions -/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix php admin/cli/install.php \ --chmod=750 \ @@ -79,7 +79,7 @@ php admin/cli/install.php \ --agree-license # reset permissions using UncleDan script just in case... -/usr/bin/moodle-perms-bookworm.sh --fix --moodlepath "$WEBROOT" --moodledata "$DATAROOT" --moodleversion "$MOODLE_VERSION" +/usr/bin/moodle-perms-bookworm.sh --fix ## tweak config diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh index 2cb2d35..ed072c2 100755 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ b/overlay/usr/bin/moodle-perms-bookworm.sh @@ -16,7 +16,7 @@ set -e # Exit immediately on error # Default configurations MOODLE_DIR="/var/www/moodle" -MOODLEDATA_DIR="/var/www/moodledata" +MOODLEDATA_DIR="/var/moodledata" WWW_USER="www-data" WWW_GROUP="www-data" From 2a3f121883bc573ad47defd8f454c985b47ac836 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 09:17:57 +0100 Subject: [PATCH 11/21] remove script overlay --- overlay/usr/bin/moodle-perms-bookworm.sh | 591 ----------------------- 1 file changed, 591 deletions(-) delete mode 100755 overlay/usr/bin/moodle-perms-bookworm.sh diff --git a/overlay/usr/bin/moodle-perms-bookworm.sh b/overlay/usr/bin/moodle-perms-bookworm.sh deleted file mode 100755 index ed072c2..0000000 --- a/overlay/usr/bin/moodle-perms-bookworm.sh +++ /dev/null @@ -1,591 +0,0 @@ -#!/bin/bash -# ======================================================== -# Moodle Permissions Manager - Unified Script -# Supports Moodle 4.x and 5.x -# ======================================================== - -# SCRIPT RELEASE INFORMATION -SCRIPT_RELEASE="25.11" -SCRIPT_AUTHOR="Daniele Lolli (UncleDan)" -SCRIPT_LICENSE="GPL-3.0" - -# Default Moodle version (independent from script release) -DEFAULT_MOODLE_VERSION="4" - -set -e # Exit immediately on error - -# Default configurations -MOODLE_DIR="/var/www/moodle" -MOODLEDATA_DIR="/var/moodledata" -WWW_USER="www-data" -WWW_GROUP="www-data" - -# Determine Moodle version (use default if not specified) -MOODLE_VERSION="$DEFAULT_MOODLE_VERSION" - -# Function to show header -show_header() { - echo "================================================================================" - echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" - echo "================================================================================" - echo "Author: ${SCRIPT_AUTHOR}" - echo "Release: ${SCRIPT_RELEASE}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Selected Moodle Version: ${MOODLE_VERSION}.x" - echo "================================================================================" - echo "" -} - -# Function to show help -show_help() { - echo "Usage: $0 [OPTIONS]" - echo "" - echo "Options:" - echo " -h, --help Show this help message" - echo " -v, --version Show version information" - echo " -d, --dry-run Simulate operations without applying changes" - echo " -s, --show-perms Show current permissions without modifying" - echo " -f, --fix Apply permissions fixes (required for changes)" - echo " -mp, --moodlepath PATH Specify Moodle installation path" - echo " -md, --moodledata PATH Specify moodledata path" - echo " -mv, --moodleversion VERSION Specify Moodle version (4|5)" - echo "" - echo "Examples:" - echo " $0 # Show current permissions (default)" - echo " $0 --fix # Apply permissions fixes" - echo " $0 -f # Apply permissions fixes (short)" - echo " $0 --fix -mv 5 # Fix permissions for Moodle 5" - echo " $0 --fix -d # Dry-run for fix operations" - echo " $0 -mv 5 -s # Show permissions for Moodle 5" - echo " $0 --fix -mp /opt/moodle -mv 5 # Custom path + version + fix" - echo "" - echo "Notes:" - echo " Default Moodle version: ${DEFAULT_MOODLE_VERSION}.x" - echo " Script version: ${SCRIPT_RELEASE}" - echo " ⚠ī¸ Without --fix/-f parameter, only shows permissions (safe mode)" -} - -# Function to show version -show_version() { - echo "Moodle Permissions Manager v${SCRIPT_RELEASE}" - echo "Author: ${SCRIPT_AUTHOR}" - echo "License: ${SCRIPT_LICENSE}" - echo "Default Moodle Version: ${DEFAULT_MOODLE_VERSION}.x" - echo "Compatible with: Moodle 4.x & 5.x, Debian 11/12, Ubuntu 20.04+" - exit 0 -} - -# Function to validate Moodle version -validate_moodle_version() { - local version=$1 - if [[ "$version" != "4" && "$version" != "5" ]]; then - echo "❌ ERROR: Invalid Moodle version: '$version'" - echo " Use '4' for Moodle 4.x or '5' for Moodle 5.x" - exit 1 - fi -} - -# Function to check main directories existence -check_main_directories() { - if [ ! -d "$MOODLE_DIR" ]; then - echo "❌ ERROR: Moodle directory not found: $MOODLE_DIR" - exit 1 - fi - - if [ ! -d "$MOODLEDATA_DIR" ]; then - echo "❌ ERROR: Moodledata directory not found: $MOODLEDATA_DIR" - exit 1 - fi -} - -# Function to show current permissions for Moodle 4 -show_moodle4_permissions() { - echo "🔍 Current Moodle 4 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 4 directories:" - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions for Moodle 5 -show_moodle5_permissions() { - echo "🔍 Current Moodle 5 directory permissions:" - echo "" - - echo "📁 Main directories:" - for dir in "$MOODLE_DIR" "$MOODLEDATA_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " $dir: $perms" - else - echo " $dir: ❌ NOT FOUND" - fi - done - - echo "" - echo "📁 Specific Moodle 5 directories:" - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if [ -d "$full_path" ]; then - perms=$(stat -c "%a %U:%G" "$full_path") - echo " $full_path: $perms" - else - echo " $full_path: 📁 DOES NOT EXIST" - fi - done - - echo "" - echo "📁 config.php file:" - if [ -f "$MOODLE_DIR/config.php" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLE_DIR/config.php") - echo " $MOODLE_DIR/config.php: $perms" - else - echo " $MOODLE_DIR/config.php: ❌ NOT FOUND" - fi - - echo "" - echo "📁 CLI scripts:" - if [ -d "$MOODLE_DIR/admin/cli" ]; then - local cli_scripts=$(find "$MOODLE_DIR/admin/cli" -name "*.php" | head -3) - if [ -n "$cli_scripts" ]; then - echo " First 3 CLI scripts:" - while IFS= read -r script; do - if [ -f "$script" ]; then - perms=$(stat -c "%a %U:%G" "$script") - echo " $script: $perms" - fi - done <<< "$cli_scripts" - else - echo " No CLI scripts found" - fi - else - echo " CLI directory not found" - fi -} - -# Function to show current permissions -show_current_permissions() { - echo "🔍 [SHOW-PERMS] Displaying current permissions - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - if [ "$MOODLE_VERSION" = "4" ]; then - show_moodle4_permissions - else - show_moodle5_permissions - fi - - echo "" - echo "📋 Recommended permissions:" - echo " - Moodle directory: 755 (dir) / 644 (file)" - echo " - Moodledata directory: 770 (dir) / 660 (file)" - echo " - config.php: 640" - echo " - CLI scripts: 755" - echo " - Owner: ${WWW_USER}:${WWW_GROUP}" - - exit 0 -} - -# Function to create directory if missing -create_directory_if_missing() { - local dir="$1" - if [ ! -d "$dir" ]; then - echo "📁 Creating directory: $dir" - mkdir -p "$dir" - return 0 # Directory created - else - return 1 # Directory already exists - fi -} - -# Function to create critical Moodle 4 directories -create_moodle4_directories() { - echo "📁 Creating critical Moodle 4 directories..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to create critical Moodle 5 directories -create_moodle5_directories() { - echo "📁 Creating critical Moodle 5 directories..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - local full_path="$MOODLEDATA_DIR/$dir" - if create_directory_if_missing "$full_path"; then - echo " ✅ Created: $dir" - else - echo " 📁 Existing: $dir" - fi - done -} - -# Function to set Moodle 4 permissions -set_moodle4_permissions() { - echo "đŸŽ¯ Setting specific Moodle 4 permissions..." - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function to set Moodle 5 permissions -set_moodle5_permissions() { - echo "đŸŽ¯ Setting specific Moodle 5 permissions..." - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - chmod 770 "$MOODLEDATA_DIR/$dir" - echo " ✅ $dir directory set to 770" - fi - done -} - -# Function for Moodle 4 dry-run -dry_run_moodle4() { - echo "📋 Specific Moodle 4 operations that would be executed:" - - local moodle4_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "webservice" "filedir" "repository" "log") - - for dir in "${moodle4_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 4 specific notes:" - echo " - 'trashdir' directory instead of 'trash'" - echo " - 'filedir' for main file storage" - echo " - 'repository' for repository files" - echo " - 'log' dedicated directory for logs" -} - -# Function for Moodle 5 dry-run -dry_run_moodle5() { - echo "📋 Specific Moodle 5 operations that would be executed:" - - local moodle5_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash" "webservice") - - for dir in "${moodle5_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - echo " chmod 770 \"$MOODLEDATA_DIR/$dir\"" - else - echo " mkdir -p \"$MOODLEDATA_DIR/$dir\" && chmod 770 \"$MOODLEDATA_DIR/$dir\"" - fi - done - - echo "" - echo "📝 Moodle 5 specific notes:" - echo " - 'lock' directory for improved lock management" - echo " - 'tasks' directory for task scheduling" - echo " - 'localcache' directory for local cache" - echo " - 'trash' directory instead of 'trashdir'" -} - -# Function for dry-run -dry_run() { - echo "🔍 [DRY-RUN] Simulation mode active - No changes will be applied" - echo "đŸŽ¯ Moodle Version: ${MOODLE_VERSION}.x" - echo "" - - echo "📋 Common operations that would be executed:" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLE_DIR\"" - echo " chown -R ${WWW_USER}:${WWW_GROUP} \"$MOODLEDATA_DIR\"" - echo " find \"$MOODLE_DIR\" -type d -exec chmod 755 {} \\;" - echo " find \"$MOODLE_DIR\" -type f -exec chmod 644 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type d -exec chmod 770 {} \\;" - echo " find \"$MOODLEDATA_DIR\" -type f -exec chmod 660 {} \\;" - - if [ -f "$MOODLE_DIR/config.php" ]; then - echo " chmod 640 \"$MOODLE_DIR/config.php\"" - else - echo " # config.php not found in $MOODLE_DIR (will be skipped)" - fi - - if [ -d "$MOODLE_DIR/admin/cli" ]; then - echo " find \"$MOODLE_DIR/admin/cli\" -name \"*.php\" -exec chmod 755 {} \\;" - else - echo " # CLI directory not found in $MOODLE_DIR/admin/cli (will be skipped)" - fi - - echo "" - - # Version-specific operations - if [ "$MOODLE_VERSION" = "4" ]; then - dry_run_moodle4 - else - dry_run_moodle5 - fi - - echo "" - echo "🔍 Verifications that would be executed:" - echo " stat -c \"%a %U:%G\" \"$MOODLEDATA_DIR\"" - echo " stat -c \"%a %U:%G\" \"$MOODLE_DIR\"" - - echo "" - echo "✅ [DRY-RUN] Simulation completed - No changes applied" - exit 0 -} - -# Function to apply fixes -apply_fixes() { - echo "🛠ī¸ Applying permissions fixes..." - - echo "🔍 Verifying main directories..." - check_main_directories - - echo "📁 Creating critical directories..." - # Create critical directories based on version - if [ "$MOODLE_VERSION" = "4" ]; then - create_moodle4_directories - else - create_moodle5_directories - fi - - echo "👤 Setting ownership..." - chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLE_DIR" - chown -R ${WWW_USER}:${WWW_GROUP} "$MOODLEDATA_DIR" - - echo "📁 Setting base Moodle permissions..." - find "$MOODLE_DIR" -type d -exec chmod 755 {} \; - find "$MOODLE_DIR" -type f -exec chmod 644 {} \; - - # Check if config.php exists before modifying it - if [ -f "$MOODLE_DIR/config.php" ]; then - echo "🔒 Protecting config.php..." - chmod 640 "$MOODLE_DIR/config.php" - else - echo "⚠ī¸ Warning: config.php not found in $MOODLE_DIR" - fi - - echo "💾 Setting moodledata permissions..." - find "$MOODLEDATA_DIR" -type d -exec chmod 770 {} \; - find "$MOODLEDATA_DIR" -type f -exec chmod 660 {} \; - - # CLI scripts (common to both versions) - if [ -d "$MOODLE_DIR/admin/cli" ]; then - find "$MOODLE_DIR/admin/cli" -name "*.php" -exec chmod 755 {} \; - echo "✅ CLI scripts set as executable" - fi - - # Setting version-specific permissions - if [ "$MOODLE_VERSION" = "4" ]; then - set_moodle4_permissions - else - set_moodle5_permissions - fi - - # Verify critical directory permissions - echo "🔍 Verifying critical directory permissions..." - for dir in "$MOODLEDATA_DIR" "$MOODLE_DIR"; do - if [ -d "$dir" ]; then - perms=$(stat -c "%a %U:%G" "$dir") - echo " 📁 $dir: $perms" - fi - done - - # Verify specific directory permissions - echo "🔍 Verifying specific Moodle ${MOODLE_VERSION} directory permissions..." - if [ "$MOODLE_VERSION" = "4" ]; then - specific_dirs=("cache" "temp" "sessions" "lang" "h5p" "backup" "restore" "trashdir" "filedir" "repository" "log") - else - specific_dirs=("cache" "temp" "lock" "tasks" "localcache" "sessions" "lang" "h5p" "backup" "restore" "trash") - fi - - for dir in "${specific_dirs[@]}"; do - if [ -d "$MOODLEDATA_DIR/$dir" ]; then - perms=$(stat -c "%a %U:%G" "$MOODLEDATA_DIR/$dir") - echo " 📁 $MOODLEDATA_DIR/$dir: $perms" - fi - done - - echo "" - echo "✅ Moodle ${MOODLE_VERSION}.x permissions set correctly!" - echo "" - echo "📋 Configuration summary:" - echo " - Script version: ${SCRIPT_RELEASE}" - echo " - Moodle version: ${MOODLE_VERSION}.x" - echo " - Moodle dir: $MOODLE_DIR (755/644)" - echo " - Moodledata: $MOODLEDATA_DIR (770/660)" - echo " - Owner: $WWW_USER:$WWW_GROUP" - echo " - config.php: 640 (if present)" - echo " - CLI scripts: 755" - echo "" - - # Version-specific notes - if [ "$MOODLE_VERSION" = "4" ]; then - echo "⚠ī¸ Important notes for Moodle 4:" - echo " - PHP 7.4/8.0 required (8.0+ recommended)" - echo " - MySQL 5.7+ or PostgreSQL 9.5+ or MariaDB 10.4+" - echo " - Specific directories: trashdir/, filedir/, repository/" - else - echo "⚠ī¸ Important notes for Moodle 5:" - echo " - PHP 8.1+ required" - echo " - MySQL 8.0+ or PostgreSQL 13+ or MariaDB 10.6+ recommended" - echo " - Specific directories: trash/, localcache/, lock/, tasks/" - fi - - echo " - Check logs in $MOODLEDATA_DIR for errors" - echo "" - echo "================================================================================" - echo "Moodle Permissions Manager v${SCRIPT_RELEASE} - Operation completed" - echo "Moodle ${MOODLE_VERSION}.x - Configuration applied successfully" - echo "================================================================================" -} - -# Argument parsing -DRY_RUN=false -SHOW_PERMS=false -APPLY_FIXES=false -while [[ $# -gt 0 ]]; do - case $1 in - -h|--help) - show_header - show_help - exit 0 - ;; - -v|--version) - show_version - ;; - -d|--dry-run) - DRY_RUN=true - shift - ;; - -s|--show-perms) - SHOW_PERMS=true - shift - ;; - -f|--fix) - APPLY_FIXES=true - shift - ;; - -mp|--moodlepath) - MOODLE_DIR="$2" - shift 2 - ;; - -md|--moodledata) - MOODLEDATA_DIR="$2" - shift 2 - ;; - -mv|--moodleversion) - MOODLE_VERSION="$2" - validate_moodle_version "$MOODLE_VERSION" - shift 2 - ;; - *) - echo "❌ Unknown argument: $1" - echo "Use $0 --help to see available options" - exit 1 - ;; - esac -done - -# Show header -show_header - -echo "đŸŽ¯ Detected configuration:" -echo " - Moodle Version: ${MOODLE_VERSION}.x" -echo " - Moodle Directory: $MOODLE_DIR" -echo " - Moodledata Directory: $MOODLEDATA_DIR" -echo "" - -# Default behavior: if no action specified, show permissions -if [ "$DRY_RUN" = false ] && [ "$SHOW_PERMS" = false ] && [ "$APPLY_FIXES" = false ]; then - echo "ℹī¸ No action specified. Defaulting to show permissions mode." - echo " Use --fix/-f to apply changes or --dry-run to simulate." - echo "" - SHOW_PERMS=true -fi - -# Execute show-perms if requested -if [ "$SHOW_PERMS" = true ]; then - show_current_permissions -fi - -# Verify script is run as root for fix operations -if [ "$APPLY_FIXES" = true ] && [ "$(id -u)" -ne 0 ]; then - echo "❌ This script must be run as root to apply fixes" - exit 1 -fi - -# Execute dry-run if requested -if [ "$DRY_RUN" = true ]; then - dry_run -fi - -# Execute fix if requested -if [ "$APPLY_FIXES" = true ]; then - apply_fixes -fi From a7b5c39de9ac00c96ec87531714294ed56367908 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 10:28:24 +0100 Subject: [PATCH 12/21] added note for release --- conf.d/main | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf.d/main b/conf.d/main index 62afdfa..b128e79 100755 --- a/conf.d/main +++ b/conf.d/main @@ -2,6 +2,9 @@ # REFERENCE: https://docs.moodle.org/501/en/Git_for_Administrators +# As of today 18/02/2026, use "MOODLE_405_STABLE" branch as the latest stable release of Moodle is 4.5.2 +# or "MOODLE_501_STABLE" as the latest stable release of Moodle is 5.0.4. + MOODLE_BRANCH="MOODLE_405_STABLE" # Determine Moodle version from branch From a64ae1b193bd41f7db928fa94c326b0ffb8016cc Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 10:29:05 +0100 Subject: [PATCH 13/21] optimize conf --- .../etc/apache2/sites-available/moodle.conf | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/overlay/etc/apache2/sites-available/moodle.conf b/overlay/etc/apache2/sites-available/moodle.conf index b1b201c..990ef86 100644 --- a/overlay/etc/apache2/sites-available/moodle.conf +++ b/overlay/etc/apache2/sites-available/moodle.conf @@ -21,25 +21,22 @@ ErrorDocument 403 /error/index.php?code=404 ServerAdmin webmaster@localhost DocumentRoot /var/www/moodle/ RewriteEngine On - RewriteRule "(\/vendor\/)" - [F] - RewriteRule "(\/node_modules\/)" - [F] - RewriteRule "(^|/)\.(?!well-known\/)" - [F] - RewriteRule "(composer\.json)" - [F] - RewriteRule "(\.lock)" - [F] - RewriteRule "(\/environment.xml)" - [F] - RewriteRule "(\/install.xml)" - [F] - RewriteRule "(\/README)" - [F] - RewriteRule "(\/readme)" - [F] - RewriteRule "(\/moodle_readme)" - [F] - RewriteRule "(\/upgrade\.txt)" - [F] - RewriteRule "(phpunit\.xml\.dist)" - [F] - RewriteRule "(\/tests\/behat\/)" - [F] - RewriteRule "(\/fixtures\/)" - [F] - RewriteRule "(\/behat\/)" - [F] + + # --- Expanded Security Rewrite Rules --- + # This single rule blocks: + # 1. Internal Moodle folders (vendor, node_modules, bin, cache, local) + # 2. Testing frameworks (tests, behat, fixtures) + # 3. Hidden files (.git, .env, .htaccess, .ssh) except .well-known + # 4. Config & Lock files (config.php, composer.json, package.json, *.lock) + # 5. Docs & XML (README, upgrade.txt, environment.xml, install.xml, phpunit.xml) + # 6. Temp/Backup files (*~, *.swp, *.bak, *.old, *.orig) + + RewriteRule "(\/vendor\/|\/node_modules\/|\/bin\/|\/cache\/|\/local\/|\/tests\/|\/behat\/|\/fixtures\/|(^|/)\.(?!well-known\/)|composer\.(json|lock)|package\.(json|lock)|config\.php|.*\.bak|.*\.old|.*\.orig|environment\.xml|install\.xml|README|readme|moodle_readme|upgrade\.txt|phpunit\.xml\.dist)" - [F,NC] + Options +FollowSymLinks -Indexes AllowOverride All Require all granted - + \ No newline at end of file From 1f754147bd3337fd8622a38ab1e90875527b710f Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 10:35:59 +0100 Subject: [PATCH 14/21] change document root to /var/www/moodle/public if running Moodle 5.0 (makes this modular) --- conf.d/main | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/conf.d/main b/conf.d/main index b128e79..9abd2da 100755 --- a/conf.d/main +++ b/conf.d/main @@ -92,6 +92,17 @@ sed -i "s|\$CFG->wwwroot \(.*\)|\$protocol='http://';\n\$hostname='127.0.0.1';\n # prevent setting of executable paths via Admin UI (locks down possible privilege escalation) sed -i "/'admin';$/ a \$CFG->preventexecpath = true;" $WEBROOT/config.php +# change document root to /var/www/moodle/public if running Moodle 5.0 (makes this modular) +if [ "$MOODLE_VERSION" = "5" ]; then + echo "Moodle 5 detected. Updating DocumentRoot..." + sudo sed -i 's|/var/www/moodle/|/var/www/moodle/public/|g' "$CONF_FILE" + + echo "Update complete. Checking syntax..." + apachectl configtest +else + echo "Moodle version is $MOODLE_VERSION. No path changes required." +fi + # set paths to utils mysql --defaults-extra-file=/etc/mysql/debian.cnf < Date: Wed, 18 Feb 2026 10:41:57 +0100 Subject: [PATCH 15/21] get the latest version of UncleDan's set-moodle-perms script and link it to /usr/local/bin for easy execution (THX https://www.turnkeylinux.org/comment/58945#comment-58945 ) --- conf.d/main | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/conf.d/main b/conf.d/main index 9abd2da..1719092 100755 --- a/conf.d/main +++ b/conf.d/main @@ -58,8 +58,13 @@ git checkout $MOODLE_BRANCH # create the data folder to ser permissions mkdir $DATAROOT +# get the latest version of UncleDan's set-moodle-perms script and link it to /usr/local/bin for easy execution (THX https://www.turnkeylinux.org/comment/58945#comment-58945 ) +cd /usr/local/src +git clone https://github.com/UncleDan/moodle-scripts.git +ln -s /usr/local/src/moodle-scripts/set-moodle-perms /usr/local/bin/set-moodle-perms + # using UncleDan script to fix permissions -/usr/bin/moodle-perms-bookworm.sh --fix +set-moodle-perms --moodleversion 4 --fix php admin/cli/install.php \ --chmod=750 \ @@ -82,7 +87,7 @@ php admin/cli/install.php \ --agree-license # reset permissions using UncleDan script just in case... -/usr/bin/moodle-perms-bookworm.sh --fix +set-moodle-perms --moodleversion 4 --fix ## tweak config From 30d9534b3511341082e9f5869ec11af16fa1a35f Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 10:44:57 +0100 Subject: [PATCH 16/21] fix path to conf in sed command --- conf.d/main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/main b/conf.d/main index 1719092..76e3d71 100755 --- a/conf.d/main +++ b/conf.d/main @@ -100,7 +100,7 @@ sed -i "/'admin';$/ a \$CFG->preventexecpath = true;" $WEBROOT/config.php # change document root to /var/www/moodle/public if running Moodle 5.0 (makes this modular) if [ "$MOODLE_VERSION" = "5" ]; then echo "Moodle 5 detected. Updating DocumentRoot..." - sudo sed -i 's|/var/www/moodle/|/var/www/moodle/public/|g' "$CONF_FILE" + sudo sed -i 's|/var/www/moodle/|/var/www/moodle/public/|g' "/etc/apache2/sites-available/moodle.conf" echo "Update complete. Checking syntax..." apachectl configtest From 2681d2619eb7cfbf73792943b80484b334ab9a16 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 11:08:34 +0100 Subject: [PATCH 17/21] fix order of instrucions (first install then fox perm) --- conf.d/main | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/conf.d/main b/conf.d/main index 76e3d71..3620e49 100755 --- a/conf.d/main +++ b/conf.d/main @@ -58,14 +58,7 @@ git checkout $MOODLE_BRANCH # create the data folder to ser permissions mkdir $DATAROOT -# get the latest version of UncleDan's set-moodle-perms script and link it to /usr/local/bin for easy execution (THX https://www.turnkeylinux.org/comment/58945#comment-58945 ) -cd /usr/local/src -git clone https://github.com/UncleDan/moodle-scripts.git -ln -s /usr/local/src/moodle-scripts/set-moodle-perms /usr/local/bin/set-moodle-perms - -# using UncleDan script to fix permissions -set-moodle-perms --moodleversion 4 --fix - +# CLI installation of moodle - see https://docs.moodle.org/501/en/Installing_Moodle_using_cli for more info php admin/cli/install.php \ --chmod=750 \ --lang=en \ @@ -86,7 +79,12 @@ php admin/cli/install.php \ --non-interactive \ --agree-license -# reset permissions using UncleDan script just in case... +# get the latest version of UncleDan's set-moodle-perms script and link it to /usr/local/bin for easy execution (THX https://www.turnkeylinux.org/comment/58945#comment-58945 ) +cd /usr/local/src +git clone https://github.com/UncleDan/moodle-scripts.git +ln -s /usr/local/src/moodle-scripts/set-moodle-perms /usr/local/bin/set-moodle-perms + +# set permissions using UncleDan script just in case... set-moodle-perms --moodleversion 4 --fix ## tweak config From 267bdba301fb0bbb304b76b5b2ead548792390cc Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 12:10:16 +0100 Subject: [PATCH 18/21] using parameter for moodle version --- conf.d/main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/main b/conf.d/main index 3620e49..7ca5fb4 100755 --- a/conf.d/main +++ b/conf.d/main @@ -85,7 +85,7 @@ git clone https://github.com/UncleDan/moodle-scripts.git ln -s /usr/local/src/moodle-scripts/set-moodle-perms /usr/local/bin/set-moodle-perms # set permissions using UncleDan script just in case... -set-moodle-perms --moodleversion 4 --fix +set-moodle-perms --moodleversion $MOODLE_VERSION --fix ## tweak config From 52ba5cfc198f2a982b5e462a23a426b480fa0bf5 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 12:10:57 +0100 Subject: [PATCH 19/21] generalized version in changelog --- changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog b/changelog index 469201b..5d74841 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,6 @@ turnkey-moodle4-18.1 (1) turnkey; urgency=low - * Install latest upstream version of Moodle 4.x: 4.5.7+ (as of today, + * Install latest upstream version of Moodle 4.x: 4.X.Y+ (as of today, download via git branch MOODLE_405_STABLE). * Set correct permissions and creating (eventually) missing folders. From 24dd85222ab1d6468362f542fdc5fa734d9109a6 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 12:47:50 +0100 Subject: [PATCH 20/21] version bump in changelog --- changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changelog b/changelog index 5d74841..630b6c2 100644 --- a/changelog +++ b/changelog @@ -1,7 +1,7 @@ turnkey-moodle4-18.1 (1) turnkey; urgency=low - * Install latest upstream version of Moodle 4.x: 4.X.Y+ (as of today, - download via git branch MOODLE_405_STABLE). + * Install latest upstream version of Moodle 4.x: Version 4.5.10+ (Build: 20260217) + (as of today, 18/02/2026: download via git branch MOODLE_405_STABLE). * Set correct permissions and creating (eventually) missing folders. From 703d21c93fa03b99fd1cfc701ca05b1aa75e3458 Mon Sep 17 00:00:00 2001 From: "Daniele Lolli (UncleDan)" Date: Wed, 18 Feb 2026 13:07:32 +0100 Subject: [PATCH 21/21] don't need sudo in TKL! --- conf.d/main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/main b/conf.d/main index 7ca5fb4..1915f50 100755 --- a/conf.d/main +++ b/conf.d/main @@ -98,7 +98,7 @@ sed -i "/'admin';$/ a \$CFG->preventexecpath = true;" $WEBROOT/config.php # change document root to /var/www/moodle/public if running Moodle 5.0 (makes this modular) if [ "$MOODLE_VERSION" = "5" ]; then echo "Moodle 5 detected. Updating DocumentRoot..." - sudo sed -i 's|/var/www/moodle/|/var/www/moodle/public/|g' "/etc/apache2/sites-available/moodle.conf" + sed -i 's|/var/www/moodle/|/var/www/moodle/public/|g' "/etc/apache2/sites-available/moodle.conf" echo "Update complete. Checking syntax..." apachectl configtest