[pmwiki-users] Re: SourceForge.net Read-Only Policy - PmWiki-Compatible!
chr at home.se
chr at home.se
Sat May 14 08:41:12 CDT 2005
On Sat, 14 May 2005, H. Fox wrote:
> Here's my alternate method (1st draft), which doesn't use world-writable
> directories or directories with the default "users" group. Does this
> look acceptable? Is it "more secure" or a waste of extra effort?
Getting rid of 'world-writable' definitely seems worthwhile to me...
> If it's acceptable I'll put it, or something similar, in the cookbook
> page.
Please do! I'm considering moving the wiki pages for 'pmwiki-mode' (an
Emacs mode) to a wiki at sourceforge, having this information then will be
really useful. In fact, once you've put it up as a cookbook page, let me
know and I'll give the process a test run.
> First, if you haven't done so, prepare project's directory in
> /tmp/persistent/.
This is done via shell login to sourceforge, right? (As opposed to putting
the commands in a .php-file and having the web server execute it)
> mkdir /tmp/persistent/qdig
> cd /tmp/persistent/qdig/
> chmod 755 .
>
> Next, create a directory to hold PmWiki data.
>
> mkdir pmwiki-files
> chgrp qdig pmwiki-files
> chmod 2777 pmwiki-files
Maybe 'pmwiki.d' would be a more consistent name for this directory?
(I'm thinking of wiki.d/, cache.d/ etc)
> Next, edit the local/config.php file.
I think introducing a variable for the directory path makes sense here...
resulting in the following slightly modified code:
## Define path to directory for pmwiki to store data in
$PmWikiD = "/tmp/persistent/qdig/pmwiki-files";
## Writable place for session data
session_save_path("$PmWikiD/sessions");
## Store wiki pages outside the document tree.
$WorkDir = "$PmWikiD/wiki.d";
$WikiDir = new PageStore("$PmWikiD/wiki.d/".'$FullName');
## Place uploads outside the document tree.
$UploadDir = "$PmWikiD/uploads";
$EnableDirectDownload = 0;
$EnableUpload = 1;
$DefaultPasswords['upload']='$1$/PPoEleM$R1TrfXrbL.A9DFVxyR36I1';
> Next, visit the site to create a writable wiki.d directory...
> ... which will be renamed to use as the directory for sessions data.
>
> mv pmwiki-files/wiki.d pmwiki-files/sessions
I think there is a pmwiki function we can simply call to create
'sessions/' directly... Looking at pmwiki.php, I suspect it is
simply called 'mkdirp()'. According to it's brief comment:
## mkdirp creates a directory and its parents as needed, and sets
## permissions accordingly.
Patrick, is ok to use this function to create directories that you want
pmwiki to be able to write to?
> Visit the site again to create another wiki.d directory...
> ...which will be renamed to use as the directory for uploads.
>
> mv pmwiki-files/wiki.d pmwiki-files/uploads
>
> Visit the site again to create another wiki.d directory.
Ok... this is silly now... but I fully understand why you're doing it
(there are lots of times that I wish I'd created all these directories in
one go).
How about having a snippet of code in config.php that's only executed if
you append '?action=setup' to the URI. The snippet of code would then call
the appropriate pmwiki function to create the relevant directories.
The code could look like this:
if($action == 'setup') {
mkdirp("$PmWikiD/sessions");
mkdirp("$PmWikiD/uploads");
}
What do you think?
/Christian
> Now change the permissions of the pmwiki-files/ directory.
>
> chmod 755 pmwiki-files/
>
> Now you have three directories that are writable by your user and the
> server, but not other users on the system.
>
> ls -l pmwiki-files/
>
> drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 sessions
> drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 uploads
> drwxrwsr-x 2 nfsnobody qdig 4096 May 14 01:24 wiki.d
>
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list