Hello,
Thank you for the clarification. I was busy preparing for a demo for last couple of weeks and now am back working on wiki again. It surely feels good to talk to people who are knowledgeable.
Nelson
Computer Sciences Corporation Registered Office: 2100 East Grand Avenue, El Segundo California 90245, USA Registered in USA No: C-489-59
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"Marko Milisavljevic" <marko@cognistudi To o.com> "MediaWiki announcements and site Sent by: admin list" mediawiki-l-bounc mediawiki-l@lists.wikimedia.org es@lists.wikimedi cc a.org Subject Re: [Mediawiki-l] Localsettings.php 10/31/2007 04:35 permissions PM
Please respond to MediaWiki announcements and site admin list <mediawiki-l@list s.wikimedia.org>
I would suggest, if you want maximum security, to make it so that account under which website is running has read-only permissions to all files on your website, unless it really needs to have write permissions - specifically for MediaWiki, it would need write permissions in /images directory and its children. I don't believe it needs write access anywhere else in the filesystem. If you are only medium-paranoid, you can leave file owner to account under which website is running, and change permissions to read only. If you are extra-paranoid, you can change owner to a user other then web server, give group read permissions to group that web server is in, and no permissions to anyone else. I am extra-paranoid and it works fine - I simply ftp to site with owner account to make changes to files, and I leave them readable by group that web server is in.
Also, the way MediaWiki works, you never (at least off the top of my head) need direct access to any .php files other then index.php. All other files are used with includes or requires. Many of them have something like this as first lines in the file:
if ( !defined( 'MEDIAWIKI' ) ) { die( "This file is part of MediaWiki, it is not a valid entry point" ); }
This effectively prevents them from being used without having been called from index.php. Not the most robust security mechanism, so you might want to deny web access files ending with .php except for index.php through settings on your web server.
Marko
On 10/31/07, Emufarmers Sangly emufarmers@gmail.com wrote:
I have a fundamental question: who is the owner of Localsettings.php
and
who is (or should be) the group for Localsettings.php? I assume both owner and group have to "rw" right to Localsettings.php.
LocalSettings.php should probably belong to your Web user and group, as presumably would all of the files for your Web site. I would recommend that you CHMOD LocalSettings.php to 600 unless your setup requires otherwise.
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l