[Moin-user] owner & group with Apache
Mitchell L Model
MLMLists at Comcast.net
Tue Nov 15 11:04:00 EST 2005
I want to set up a wiki on a Linux server running Apache (under
nobody:nobody) where I can't modify the server's configuration but
where I want to secure the wiki contents yet have full control over
the installation. Following HelpOnInstalling's instructions for
"Simple User" on Apache I have successfully set up the wiki using my
user & group ids, but I now want to secure the wiki's data so no-one
else can get to it. The instructions say to just give rx access to
the entire wiki installation.
The server I'm using did let me put the wiki files outside of my
public_html, leaving just moin.cgi and a directory called "wiki"
containing the htdocs files. [Yes, if you follow the directions
carefully -- unlike I did the first few tries -- you will find that
it has you copying the contents of htdocs to wiki not htdocs itself.]
To secure the wiki I would have to (recursively) remove "all" rx
permissions from public_html/cgi-bin/moin.cgi and public_html/wiki
and, believe, the wiki directory outside public_html. But then then
Apache couldn't run moin.cgi or modify any of the wiki's contents.
The installation suggests changing the group to Apache's group
(nobody in my case) and getting yourself added to that group, but
that's not appropriate nor would the machine's administrator allow
it. It occurred to me, though, that if I changed only the group to
nobody but kept myself as owner, I would get what I wanted. Before
doing that I searched the list archives and came up with a
<http://sourceforge.net/mailarchive/message.php?msg_id=11721028>post
that mentioned this idea and the problem that the wiki data would
still get created as owned by Apache. That post suggested trying the
other way around: nobody:mygroup. I think that would work, but I
didn't find any followups on the list. So:
1. Are there any gotchas with setting uid:gid of everything to nobody:mygroup?
2. If this configuration works I recommend adding it to
HelpOnInstalling, perhaps replacing that aspect of the instructions
there (not giving rx access to "all").
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20051115/fd1ed494/attachment.html>
More information about the Moin-user
mailing list