[Moin-user] Read-Only Underlay Q
Roger Marquis
marquis at roble.com
Mon Feb 23 19:51:57 EST 2009
Thomas Waldmann wrote:
>> None of the wiki instances I maintain need to have a writable underlay
>> directory, yet the system data_underlay_dir complains if it is not
>> writable
>
> But they need to be writable for moin as it will store some caches into
> the pagedirs.
That's odd, and non-standard, and the reason I need (to write apparently) a
patch. We have security auditors who don't like applications writing to
directories outside of their scope. I see their logic, and wonder why Moin
does this.
Any pointers to the file/s that need patching would be appreciated (off
list, thanks).
Roger Marquis
>
> None of the wiki instances I maintain need to have a writable underlay
> directory, yet the system data_underlay_dir complains if it is not
> writable:
>
> "Make sure the directory and the subdirectory "pages" are owned by the
> web server and are readable, writable and executable by the web server
> user and group."
>
> Not sure where underlay pages would need to be writable or owned by the web
> server process but I do not want a writable underlay. Is there a patch or
> setting that would disable this error and allow for a secure and read-only
> data_underlay_dir?
>
More information about the Moin-user
mailing list