search

erseco / alpine-moodle

Moodle docker image based on Alpine Linux
https://hub.docker.com/r/erseco/alpine-moodle
MIT License
42 stars 33 forks source link

Moodle security report - permissions #6

Closed lupa18 closed 2 years ago

lupa18 commented 3 years ago

Hi ! I'm checking moodle's security report (/report/security/index.php) on my installed site and there is an "error" with public paths: vendor, node_modules, .lock, db/install.xml and others.

As I'm nos familiarized with alpine I'm asking for some advice to fix them.

Thanks in advance

erseco commented 3 years ago

If you have a node_modules folder maybe you've installed a custom theme, plugin or something else. You can enter the container to delete that folder and another file marked as security problem. AFAIK the docker image doesn't have this files.

BTW I will check for this files next week when I release a new version with the updated noodle

lupa18 commented 3 years ago

Other errors also are: imagen

and this: imagen

When sh inside container, all files belong to "nobody". Sorry but I'm not sure how to deal with users and permissions since I'm not root.

Could you help me to fix this? Thanks!

erseco commented 2 years ago

The "Check all public / private paths", "Writable config.php" and "Executable paths" warnings are fixed. The .swf one is not possible to fix on install because is needed, but you can manually fix