[Moin-user] Does this security setup sound good?
Kenneth McDonald
kenneth.m.mcdonald at sbcglobal.net
Wed Apr 26 10:30:04 EDT 2006
Thomas,
Thanks again for the great feedback. You made the following statement
towards the end of your comments:
--In your setup, noone except the admins can save a page.
However, I would've thought that the permissions given in the "public
page" template:
5) The PublicTemplate uses "Known:read,write,delete,revert All:read"
to allow known users to edit public pages, and everyone to read them.
would allow Known users to save such pages. Am I missing something?
and finally, I'd mis-phrased the following question:
> And, is there any way to disable the option that allows creation of a
> completely blank page?
[Your answer] moin doesn't allow you to save a completely empty (0
bytes) page.
What I'd really meant was, under the standard setup, Moin allows the
creation of a page from templates, or from a completely blank page. I'd
like to restrict things so that templates are the _only_ options for
creating pages.
Thanks again,
Ken
P.S. Guess I should start putting some of this into the Moin documentation.
>> 2) "acl_default" grants read-only rights to all users.
>
> This means that nobody except AdminGroup can edit a page that has no
> page acls. Nobody except AdminGroup can create a page.
>
>> 3) The AdminTemplate uses "All: " to grant no writes to everyone.
>> Therefore, AdminGroup can access these pages via the rights in
>> "acl_before", but no one else can use them, not even see them.
>
> Correct.
>
>> 4) The EditorsTemplate uses "EditorGroup:read,write,delete,revert
>> All:read" to allow editors to edit "official" pages, and everyone
>> else to read them
>> 5) The PublicTemplate uses "Known:read,write,delete,revert
>> All:read" to allow known users to edit public pages, and everyone to
>> read them.
>
> Be aware that only people having "admin" rights are able to setup page
> ACLs. So those templates are only useful for AdminGroup.
>
>> "acl_after" is currently blank.
>
> Usually this is correct.
>
>> This provides three levels of pages: admin, which are completely
>> closed off except to admin users; "official" documentation pages,
>> which can be edited by admin users and specified trusted editors, and
>> read by everyone; and "public" documentation pages, which can be
>> edited by all known users, and read by anyone.
>
> Correct.
>
>> So to return the original question; can anyone suggest a better way
>> to set this up to achieve the same effect?
>
> If this is what you want, then this is a correct setup.
>
>> And, is there any way to disable the option that allows creation of a
>> completely blank page?
> And moin doesn't allow you to save a completely empty (0 bytes) page.
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>
More information about the Moin-user
mailing list