I had a Drupal site that was hacked and I was reminded of how good it was that www-data could not write to the server. Shortly after, I received a request from another school asking me to install a plugin. Ideally I would want them (and others) to be able to take full use of Moodle Plugins and to be able to install them with me going in behind the scenes to adjust file permissions. This all got me looking at the Moodle Docs for installation.
I attempted to follow the instructions but the chmod line there is not valid chmod. The line was added by Petr - https://docs.moodle.org/28/en/index.php?title=Installing_Moodle&diff=106767&oldid=106144 - and I suspect that he has some special setup that allows that to work but it is not standard chmod.
By having Moodle Pugins in core, we are hoping that folks will be able to make use of it. I was wondering if we might take some time to think through and improve the documentation for folks giving them the option for tight security (plugins must be downloaded and unzipped by server admin) and a reasonably secured option that allows for Moodle Plugins to be installed.
I am adding Dan and Matt here for some increased brain power as I am not sure what the most secure way to set it up would be. My thinking is that perhaps we would recommend creating a different user to obfuscate www-data and/or some mod sec rules that might reject any attempt to write that is not from download.moodle.org. There are likely better solutions but I at least wanted to kick off the conversation and see if we might improve the recommended way of installing Moodle such that Moodle Plugins can be used by the site admin to install plugins.
Peace - Anthony