[dokuwiki] Re: Autolink plugin AND Apache writing

• From: "Mark McCoy" <mark@xxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Wed, 8 Aug 2007 14:34:32 -0500

On 8/7/07, Francois Sabot <francois.sabot@xxxxxxxxx> wrote:
> Hi all,
>
> I have two questions
>
> 1-
> I have a little problem with the autolink2 plugin...
> I am using it a lot, and it is really nice.
> However, I am not sure of using it correctly when I am adding multiples
> keywords/anchors.
>
> I add:
>
> ''{{autolink>KW1|ADDRESS|KW2|ADDRESS|KW3|ADDRESS}}''
>
> Is it ok ?
>
>
> 2-
> DokuWiki creates page and namespace using the Apache server. Thus, all
> the files belong to the Apache group/user where I am hosting.
> Would it be possible that DW directly assigns the owner of page to
> someone else (or add a group) than Apache ?
>
>
> Thanks
>
> Francois
> --
> DokuWiki mailing list - more info at
> http://wiki.splitbrain.org/wiki:mailinglist
>

1. haven't used this plugin

2. You can do this if you have admin access to the server (or can
request groups to be created), but it is tricky to get right if you
don't have a good understanding of unix permissions and their security
implications.

You will need to do at least the following (details left up to the user):
  - set SGID or SUID bits on certain directories
  - in dokuwiki's config files, you will need to configure the default
permission options that need to be set for directories that dokuwiki
creates
  - make sure that the user that the apache binary runs as is in the
group that has read access to all of dokuwiki's directory and
read/write access to the data directory (and the conf files if you
want to use the admin gui)

All-in-all, dokuwiki (and therefore apache) still needs read and
read/write access to a lot of stuff, and new files are owned by apache
by default.  You can mitigate that by running PHP under FCGI, having
the FCGI wrapper running as a different user, and denying Apache any
rights to the dokuwiki directory.  In this case, if someone exploits
Apache, they still can't read or write your files (nice security bit
there).

Of course, if you don't have admin access to the server or FCGI
available to you, then you are pretty much stuck.
-- 
Mark McCoy
  - Professional Unix Geek
  - US Army Infantry Combat Veteran

Here in America we are descended in blood and in spirit from
revolutionists and rebels - men and women who dared to dissent from
accepted doctrine. As their heirs, may we never confuse honest dissent
with disloyal subversion. -- Dwight D. Eisenhower
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Autolink plugin AND Apache writing
    • From: Myron Turner

• References:
  • [dokuwiki] Autolink plugin AND Apache writing
    • From: Francois Sabot

Other related posts:

• » [dokuwiki] Autolink plugin AND Apache writing
• » [dokuwiki] Re: Autolink plugin AND Apache writing
• » [dokuwiki] Re: Autolink plugin AND Apache writing
• » [dokuwiki] Re: Autolink plugin AND Apache writing
• » [dokuwiki] Re: Autolink plugin AND Apache writing

1. Home
2. dokuwiki
3. Archive
4. 08-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---