[Pmwiki-users] Re: Re: setup script, sample-local.php, local/, and a slippery slope

Patrick R. Michaud pmichaud
Thu Feb 12 15:16:51 CST 2004


On Thu, Feb 12, 2004 at 10:58:23PM +0100, Christian Ridderstr?m wrote:
> 
> I think maybe a var/ as John wrote isn't such a bad idea, especially if 
> there currently are more non-page files in wiki.d (then they could be 
> moved to var/).

Speaking as a sysadmin, I'd prefer there to be fewer *directories*
writable by apache.  If a file is writable by apache, the impact can
be fairly limited.  If a directory is writable by apache, it becomes
possible to create all sorts of nasty things (symlinks, change file
permissions by unlinking+creating a new file of the same name, trojan
horses, etc.).

Another possibility is to simply create sample-local.php in the base
pmwiki directory, since the base directory has to be writable 
long enough to create wiki.d at setup time anyway.  The user can then 
copy/move/delete the file as appropriate.  Of course sample-local.php
would contain instructions about what to do with the file anyway.  :-)

> What are these other files in wiki.d/? 

.flock is the file used to prevent conflicting reads/writes, and 
.mailposts keeps a log of changes for the mailposts script.  Those are
the only two I can think of at the moment.  

Pm



More information about the pmwiki-users mailing list