Hi Chris,

Out of the box, I don't think there is any failed-login logging, although I think some of the auth plugins may. You could write a simple hook for LoginAuthenticateAudit, similar to how ConfirmEdit hooks failed logins to present a captcha after too many failed logins.

For permissions (I'm assuming you mean after install, when LocalSettings.php has to get into your webroot somehow), your webserver can get by with only read permission to the MediaWiki directory. If you enable file uploads, the server needs to also write and lock files and subdirectories in the /images directory. If you have a debug log, obvious the server needs to write to that, but please don't put that in your webroot. Also, if you have file uploads enabled, the webserver will need to read and write to /tmp (or whatever temp directory that your webserver is configured to use).

Different extensions or caching methods may need some other permissions, but those are the basics.

On Wed, Oct 31, 2012 at 2:03 PM, Chris cdm33.com@gmail.com wrote:

Does anyone know how to detect or log failed logins ?

Also, there doesn't seem to be a consensus on file permissions in the wiki directory - can anyone say with some authority ?

thanks, Chris _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l