[pmwiki-users] SourceForge.net Read-Only Policy - PmWiki-Compatible!
H. Fox
haganfox at gmail.com
Sat May 14 03:53:31 CDT 2005
On 5/13/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Fri, May 13, 2005 at 06:40:59PM -0700, H. Fox wrote:
> > Soon the directories on the SF.net servers will be mounted read-only
> > and chmod (2)777 on the wiki's directory or ./wiki.d will have no
> > effect. The web servers will not be able to write to any directory
> > that may be served directly (i.e. any subdirectory of the web document
> > root).
>
> Here ya go -- I've tested this configuration (including uploads)
> at http://pmwiki.sourceforge.net/pmwiki/pmwiki.php :
>
> <?php
> session_save_path('/tmp/persistent/pmwiki/sessions');
>
> $WikiTitle = 'Test SF PmWiki';
>
> $WorkDir = '/tmp/persistent/pmwiki/wiki.d';
> $WikiDir = new PageStore('/tmp/persistent/pmwiki/wiki.d/$FullName');
>
> $UploadDir = '/tmp/persistent/pmwiki/uploads';
> $EnableDirectDownload = 0;
> $EnableUpload = 1;
> $DefaultPasswords['upload']='$1$S9s021fz$EqgqqIxIS06CVCn7poqWa.';
> ?>
>
> I tested the above with beta36, but it should work for anything after
> beta31 (beta31 introduced the $EnableDirectDownload option).
>
> Note that in order for passwords to work properly I had to create
> my own session_save_path directory and give it write permissions
> as well. Or, one could use include_once('scripts/httpauth.php')
> instead.
>
> For the Qdig configuration, where you're basing everything out of
> /tmp/persistent/qdig/pmwiki-files/ , make sure that /tmp/persistent/qdig/
> has exec permissions for "other" (e.g., at least 711), otherwise the
> "nobody" account won't be able to access the pmwiki-files/ subdirectory.
>
> Hope this helps.
Very much so. Thank you Patrick!
I'm much relieved...
Here's my alternate method (1st draft), which doesn't use
world-writable directories or directories with the default "users"
group. Does this look acceptable? Is it "more secure" or a waste of
extra effort? If it's acceptable I'll put it, or something similar,
in the cookbook page.
Hagan
~~~~
First, if you haven't done so, prepare project's directory in /tmp/persistent/.
mkdir /tmp/persistent/qdig
cd /tmp/persistent/qdig/
chmod 755 .
Next, create a directory to hold PmWiki data.
mkdir pmwiki-files
chgrp qdig pmwiki-files
chmod 2777 pmwiki-files
Next, edit the local/config.php file.
<?php
## $WikiTitle is the name that appears in the browser's title bar.
$WikiTitle = 'Test Wiki';
## Writable place for session data
session_save_path('/tmp/persistent/qdig/pmwiki-files/sessions');
## Store wiki pages outside the document tree.
$WorkDir = '/tmp/persistent/qdig/pmwiki-files/wiki.d';
$WikiDir = new PageStore('/tmp/persistent/qdig/pmwiki-files/wiki.d/$FullName');
## Place uploads outside the document tree.
$UploadDir = '/tmp/persistent/qdig/pmwiki-files/uploads';
$EnableDirectDownload = 0;
$EnableUpload = 1;
$DefaultPasswords['upload']='$1$/PPoEleM$R1TrfXrbL.A9DFVxyR36I1';
?>
Next, visit the site to create a writable wiki.d directory...
... which will be renamed to use as the directory for sessions data.
mv pmwiki-files/wiki.d pmwiki-files/sessions
Visit the site again to create another wiki.d directory...
...which will be renamed to use as the directory for uploads.
mv pmwiki-files/wiki.d pmwiki-files/uploads
Visit the site again to create another wiki.d directory.
Now change the permissions of the pmwiki-files/ directory.
chmod 755 pmwiki-files/
Now you have three directories that are writable by your user and the
server, but not other users on the system.
ls -l pmwiki-files/
drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 sessions
drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 uploads
drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 wiki.d
More information about the pmwiki-users
mailing list