[Moin-user] Wiki server ignoring ACLs

Chris Freemesser cfreemesser at mail.cvs.rochester.edu
Tue Mar 8 15:12:02 EST 2016

Hi all.

I just finished migrating our wikis to a new server and am pulling my hair out 
trying to figure out a bizarre problem:  the new server is ignoring some of the 
ACLs for no apparent reason.

Our old server ran MoinMoin 1.9.3 on a Mac running OSX 10.6.x.  We have half a 
dozen wiki instances...each was configured with its own 'wikiconfig.py' file, 
located within that wiki's instance directory.  No 'farmconfig.py' file was 
used.  ACLs on the old server worked fine.

The new server is running Moinmoin 1.9.8 using the Turnkey Linux MoinMoin 
distribution.  I got the server set up and eventually copied over 5 of the 
existing wikis.

The instance directory for each wiki was placed in /var/www/moin.

A cache folder for each wiki was created in /var/lib/moin/cache.

This new server stores all of the "wikiconfig.py" files in the /etc/moin 
directory.  The ones from the old server didn't seem to work, so I made copies 
of the "mywiki.py" file that came with the new server and modified them 
as-needed for each of my wiki instances.  The files were saved with the name 
"<WikiInstanceName>.py", per the instructions.  Each .py file has an 
"acl_rights_before" line that gives my account full access, and an 
"acl_rights_default" line that gives the wiki's group full access AND read 
access for "All".

I performed a "maint cleancache" and "migration data" command on each wiki when 
I moved the data to the new server, and went to great lengths to ensure that 
file permissions were set correctly in the various locations.

The end result of all this work is that all of the wikis work, all pages are 
viewable, and I can edit them with MY account.  However, the 
"acl_rights_default" line as well as any #acl line in a wiki page are 
apparently being completely ignored.  The "acl_rights_before" line is obeyed 

For example, one page in the wiki should not be viewable by "All", so I add the 
line "#acl All:" as the first line in the page to deny access.  Worked fine on 
the old server, but the new server ignores it and still allows a non-logged in 
user to see the page.

This happens with ALL of my wiki instances.

I have NO idea why the new server obeys the "acl_rights_before" line, but not 
the others.  I've gone over the wikis' config files numerous times and can't 
find an obvious mistake.  The config files are all based on the same original, 
so it could be an issue in them, or it could be a system-wide setting someplace.

Would anybody have any idea what the problem is?  Other than this, the new 
server seems to work just fine.

TIA for any help you can provide!


Chris Freemesser, Systems Administrator
University of Rochester
Department of Brain and Cognitive Sciences
The Center for Visual Science
Meliora Hall, Room 255
Phone:  (585)275-0786

More information about the Moin-user mailing list