[Pmwiki-users] Re: Re: setup script, sample-local.php, local/, and a slippery slope
Patrick R. Michaud
pmichaud
Thu Feb 12 15:16:51 CST 2004
On Thu, Feb 12, 2004 at 10:58:23PM +0100, Christian Ridderstr?m wrote:
>
> I think maybe a var/ as John wrote isn't such a bad idea, especially if
> there currently are more non-page files in wiki.d (then they could be
> moved to var/).
Speaking as a sysadmin, I'd prefer there to be fewer *directories*
writable by apache. If a file is writable by apache, the impact can
be fairly limited. If a directory is writable by apache, it becomes
possible to create all sorts of nasty things (symlinks, change file
permissions by unlinking+creating a new file of the same name, trojan
horses, etc.).
Another possibility is to simply create sample-local.php in the base
pmwiki directory, since the base directory has to be writable
long enough to create wiki.d at setup time anyway. The user can then
copy/move/delete the file as appropriate. Of course sample-local.php
would contain instructions about what to do with the file anyway. :-)
> What are these other files in wiki.d/?
.flock is the file used to prevent conflicting reads/writes, and
.mailposts keeps a log of changes for the mailposts script. Those are
the only two I can think of at the moment.
Pm
More information about the pmwiki-users
mailing list