Hello,
Thank you for the clarification. I was busy preparing for a demo for last
couple of weeks and now am back working on wiki again. It surely feels
good to talk to people who are knowledgeable.
Nelson
Computer Sciences Corporation
Registered Office: 2100 East Grand Avenue, El Segundo California 90245, USA
Registered in USA No: C-489-59
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"Marko
Milisavljevic"
<marko@cognistudi To
o.com> "MediaWiki announcements and site
Sent by: admin list"
mediawiki-l-bounc <mediawiki-l(a)lists.wikimedia.org>
es(a)lists.wikimedi cc
a.org
Subject
Re: [Mediawiki-l] Localsettings.php
10/31/2007 04:35 permissions
PM
Please respond to
MediaWiki
announcements and
site admin list
<mediawiki-l@list
s.wikimedia.org>
I would suggest, if you want maximum security, to make it so that account
under which website is running has read-only permissions to all files on
your website, unless it really needs to have write permissions -
specifically for MediaWiki, it would need write permissions in /images
directory and its children. I don't believe it needs write access anywhere
else in the filesystem. If you are only medium-paranoid, you can leave file
owner to account under which website is running, and change permissions to
read only. If you are extra-paranoid, you can change owner to a user other
then web server, give group read permissions to group that web server is
in,
and no permissions to anyone else. I am extra-paranoid and it works fine -
I
simply ftp to site with owner account to make changes to files, and I leave
them readable by group that web server is in.
Also, the way MediaWiki works, you never (at least off the top of my head)
need direct access to any .php files other then index.php. All other files
are used with includes or requires. Many of them have something like this
as
first lines in the file:
if ( !defined( 'MEDIAWIKI' ) ) {
die( "This file is part of MediaWiki, it is not a valid entry point" );
}
This effectively prevents them from being used without having been called
from index.php. Not the most robust security mechanism, so you might want
to
deny web access files ending with .php except for index.php through
settings
on your web server.
Marko
On 10/31/07, Emufarmers Sangly <emufarmers(a)gmail.com> wrote:
> I have a fundamental question: who is the owner of Localsettings.php
and
who is (or
should be) the group for Localsettings.php? I assume both
owner
and group have to "rw" right to Localsettings.php.
LocalSettings.php should probably belong to your Web user and group, as
presumably would all of the files for your Web site. I would recommend
that
you CHMOD LocalSettings.php to 600 unless your setup requires otherwise.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l