[Moin-user] owner & group with Apache

Mitchell L Model MLMLists at Comcast.net
Tue Nov 15 11:04:00 EST 2005

I want to set up a wiki on a Linux server running Apache (under 
nobody:nobody) where I can't modify the server's configuration but 
where I want to secure the wiki contents yet have full control over 
the installation.  Following HelpOnInstalling's instructions for 
"Simple User" on Apache I have successfully set up the wiki using my 
user & group ids, but I now want to secure the wiki's data so no-one 
else can get to it.  The instructions say to just give rx access to 
the entire wiki installation.

The server I'm using did let me put the wiki files outside of my 
public_html, leaving just moin.cgi and a directory called "wiki" 
containing the htdocs files. [Yes, if you follow the directions 
carefully -- unlike I did the first few tries -- you will find that 
it has you copying the contents of htdocs to wiki not htdocs itself.]

To secure the wiki I would have to (recursively) remove "all" rx 
permissions from public_html/cgi-bin/moin.cgi and public_html/wiki 
and, believe, the wiki directory outside public_html.  But then then 
Apache couldn't run moin.cgi or modify any of the wiki's contents.

The installation suggests changing the group to Apache's group 
(nobody in my case) and getting yourself added to that group, but 
that's not appropriate nor would the machine's administrator allow 
it.  It occurred to me, though, that if I changed only the group to 
nobody but kept myself as owner, I would get what I wanted.  Before 
doing that I searched the list archives and came up with a 
that mentioned this idea and the problem that the wiki data would 
still get created as owned by Apache.  That post suggested trying the 
other way around: nobody:mygroup.  I think that would work, but I 
didn't find any followups on the list.  So:

1.  Are there any gotchas with setting uid:gid of everything to nobody:mygroup?

2.  If this configuration works I recommend adding it to 
HelpOnInstalling, perhaps replacing that aspect of the instructions 
there (not giving rx access to "all").
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20051115/fd1ed494/attachment.html>

More information about the Moin-user mailing list