[pmwiki-users] SourceForge.net Read-Only Policy - PmWiki-Compatible!

H. Fox haganfox at gmail.com
Sat May 14 03:53:31 CDT 2005


On 5/13/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Fri, May 13, 2005 at 06:40:59PM -0700, H. Fox wrote:
> > Soon the directories on the SF.net servers will be mounted read-only
> > and chmod (2)777 on the wiki's directory or ./wiki.d will have no
> > effect.  The web servers will not be able to write to any directory
> > that may be served directly (i.e. any subdirectory of the web document
> > root).
>
> Here ya go -- I've tested this configuration (including uploads)
> at http://pmwiki.sourceforge.net/pmwiki/pmwiki.php :
>
>     <?php
>       session_save_path('/tmp/persistent/pmwiki/sessions');
>
>       $WikiTitle = 'Test SF PmWiki';
>
>       $WorkDir = '/tmp/persistent/pmwiki/wiki.d';
>       $WikiDir = new PageStore('/tmp/persistent/pmwiki/wiki.d/$FullName');
>
>       $UploadDir = '/tmp/persistent/pmwiki/uploads';
>       $EnableDirectDownload = 0;
>       $EnableUpload = 1;
>       $DefaultPasswords['upload']='$1$S9s021fz$EqgqqIxIS06CVCn7poqWa.';
>     ?>
>
> I tested the above with beta36, but it should work for anything after
> beta31 (beta31 introduced the $EnableDirectDownload option).
>
> Note that in order for passwords to work properly I had to create
> my own session_save_path directory and give it write permissions
> as well.  Or, one could use   include_once('scripts/httpauth.php')
> instead.
>
> For the Qdig configuration, where you're basing everything out of
> /tmp/persistent/qdig/pmwiki-files/ , make sure that /tmp/persistent/qdig/
> has exec permissions for "other" (e.g., at least 711), otherwise the
> "nobody" account won't be able to access the pmwiki-files/ subdirectory.
>
> Hope this helps.

Very much so.  Thank you Patrick!

I'm much relieved...

Here's my alternate method (1st draft), which doesn't use
world-writable directories or directories with the default "users"
group.  Does this look acceptable? Is it "more secure" or a waste of
extra effort?  If it's acceptable I'll put it, or something similar,
in the cookbook page.

Hagan
~~~~
First, if you haven't done so, prepare project's directory in  /tmp/persistent/.

mkdir /tmp/persistent/qdig
cd /tmp/persistent/qdig/
chmod 755 .

Next, create a directory to hold PmWiki data.

mkdir pmwiki-files
chgrp qdig pmwiki-files
chmod 2777 pmwiki-files

Next, edit the local/config.php file.

<?php
##  $WikiTitle is the name that appears in the browser's title bar.
$WikiTitle = 'Test Wiki';

## Writable place for session data
session_save_path('/tmp/persistent/qdig/pmwiki-files/sessions');

## Store wiki pages outside the document tree.
$WorkDir = '/tmp/persistent/qdig/pmwiki-files/wiki.d';
$WikiDir = new PageStore('/tmp/persistent/qdig/pmwiki-files/wiki.d/$FullName');

## Place uploads outside the document tree.
$UploadDir = '/tmp/persistent/qdig/pmwiki-files/uploads';
$EnableDirectDownload = 0;
$EnableUpload = 1;
$DefaultPasswords['upload']='$1$/PPoEleM$R1TrfXrbL.A9DFVxyR36I1';
?>

Next, visit the site to create a writable wiki.d directory...
... which will be renamed to use as the directory for sessions data.

mv pmwiki-files/wiki.d pmwiki-files/sessions

Visit the site again to create another wiki.d directory...
...which will be renamed to use as the directory for uploads.

mv pmwiki-files/wiki.d pmwiki-files/uploads

Visit the site again to create another wiki.d directory.

Now change the permissions of the pmwiki-files/ directory.

chmod 755 pmwiki-files/

Now you have three directories that are writable by your user and the
server, but not other users on the system.

ls -l pmwiki-files/

drwxrwsr-x  2 nfsnobody qdig 4096 May 14 01:24 sessions
drwxrwsr-x  2 nfsnobody qdig 4096 May 14 01:24 uploads
drwxrwsr-x  2 nfsnobody qdig 4096 May 14 01:24 wiki.d




More information about the pmwiki-users mailing list