-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi:
Let me understand what is meant in setting user rights and permissions with '$wgGroupPermissions':
* Does this mean that some pages and/or groups of pages can be set to allow editing by only certain groups or individuals?
* And can page viewing be limited in the same manner?
* And if the above is so: is it necessary that said pages be inside certain directories with the write permissions set accordingly? Or is a 'flat' file model also an option, with access on a file-by-file ownership basis?
* Also: Was all the above functionality available in v1.4.x with settings such as '$wgWhitelistAccount' and '$wgWhitelistEdit', etc.?
- -- grok.
- -- *** FULL-SPECTRUM DOMINANCE! *************************************** * Boycott bourgeois mass-media * Political Comix & Cartoons * * * for enlightenment & enjoyment * ***** Critical endorsement only **** Most sites need donations ***** * http://www.crumbmuseum.com R. Crumb Museum **** BuzzFlash * * http://www.buzzflash.com/bradenton/archives.html Editorial toons * * http://weltschmerz.ca Weltschmerz * * http://www.mnftiu.cc/mnftiu.cc/war.html Get Your War On * * http://www.ucomics.com/boondocks The Boondocks * * http://www.mediachannel.org/reality Living the Reality * * http://www.crumbmuseum.com/history1.html R.Crumb History of U.S. * ********************* DEATH TO NEOLIBERALISM ********************* GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA
grok@resist.ca wrote:
Let me understand what is meant in setting user rights and permissions with '$wgGroupPermissions':
- Does this mean that some pages and/or groups of pages
can be set to allow editing by only certain groups or individuals?
If you hack around it _might_ work, but that's not really supported.
- And can page viewing be limited in the same manner?
Not supported at all.
- And if the above is so: is it necessary that said pages be
inside certain directories with the write permissions set accordingly? Or is a 'flat' file model also an option, with access on a file-by-file ownership basis?
No such thing.
- Also: Was all the above functionality available in v1.4.x
with settings such as '$wgWhitelistAccount' and '$wgWhitelistEdit', etc.?
No, and it's still not.
-- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
grok@resist.ca wrote:
Let me understand what is meant in setting user rights and permissions with '$wgGroupPermissions':
- Does this mean that some pages and/or groups of pages
can be set to allow editing by only certain groups or individuals?
If you hack around it _might_ work, but that's not really supported.
- And can page viewing be limited in the same manner?
Not supported at all.
So what is '$wgGroupPermissions' about, then?
- -- grok.
- -- *** FULL-SPECTRUM DOMINANCE! *************************************** * In advance of the Revolution: * Get facts & get organized * * Fight the Man! * thru these sites & movements * ***** Critical endorsement only **** Most sites need donations ***** * http://www.warresisters.org War Resisters League * * http://www.warresisters.org/wtr_menu.htm War Tax Resistance * * http://multinationalmonitor.org Multinational Monitor * * http://climateprediction.net Climate Prediction: * * Distributed Computing Project * * http://southbaymobilization.org South Bay Mobilization * * http://www.theocracywatch.org Theocracy Watch * ********** THE REVOLUTION WILL NOT GO BETTER WITH COKE *********** GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA
It determines which groups can perform actions on the wiki; page creation, editing, deletion, protection, blocking, etc. See the relevant lines in DefaultSettings.php and http://www.mediawiki.org/wiki/Help:$wgGroupPermissions for more details.
Rob Church
On 25/01/06, grok@resist.ca grok@resist.ca wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
grok@resist.ca wrote:
Let me understand what is meant in setting user rights and permissions with '$wgGroupPermissions':
- Does this mean that some pages and/or groups of pages
can be set to allow editing by only certain groups or individuals?
If you hack around it _might_ work, but that's not really supported.
- And can page viewing be limited in the same manner?
Not supported at all.
So what is '$wgGroupPermissions' about, then?
- -- grok.
*** FULL-SPECTRUM DOMINANCE! ***************************************
- In advance of the Revolution: * Get facts & get organized *
- Fight the Man! * thru these sites & movements *
***** Critical endorsement only **** Most sites need donations *****
- http://www.warresisters.org War Resisters League *
- http://www.warresisters.org/wtr_menu.htm War Tax Resistance *
- http://multinationalmonitor.org Multinational Monitor *
- http://climateprediction.net Climate Prediction: *
Distributed Computing Project *
- http://southbaymobilization.org South Bay Mobilization *
- http://www.theocracywatch.org Theocracy Watch *
********** THE REVOLUTION WILL NOT GO BETTER WITH COKE *********** GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD19znYkWTV6cFkfoRArOsAKC4s34rtlZRCYWidl9iJ8PEE47PGQCgplXN u4qH2dz98MPcueSu6f4TBTE= =11ed -----END PGP SIGNATURE----- _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It determines which groups can perform actions on the wiki; page creation, editing, deletion, protection, blocking, etc. See the relevant lines in DefaultSettings.php and http://www.mediawiki.org/wiki/Help:$wgGroupPermissions for more details.
Rob Church
This was my first impression -- but I've already been to that page, and it's pretty sparse. What you're saying above doesn't seem to completely jibe with what Brion Vibber said earlier either.
Unless you mean this is purely a _global_, "ON/OFF" setting, and not the "fine-grained" one I -- and it loox like about a thousand other people -- have asked about here. ;>
- -- grok.
- -- *** FULL-SPECTRUM DOMINANCE! *************************************** * NO ONE LEFT BEHIND: Free all political prisoners! * * Question authority -- before authority questions you! * ******************************************************************** * http://www.supportwendy.com Support Wendy Maxwell / Queen Nzinga * * http://tassc.org Torture Abolition & Survivors Support Coalition * * http://www.breakthechains.net Break the Chains * * http://www.abcf.net Anarchist Black Cross Federation * * http://www.anarchistblackcross.org Anarchist Black Cross Network * * http://www.criticalresistance.org Critical Resistance * * http://www.addameer.org Palestinian Prisoner Support Association * ******************* *NEVER* Vote Bourgeois ********************* GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA
That message makes no sense whatsoever. What is it you want to know? MediaWiki doesn't contain strong access controls; that's as much as it gets. Please go and read the relevant documentation before asking questions. See also http://www.catb.org/~esr/faqs/smart-questions.html
Rob Church
On 25/01/06, grok@resist.ca grok@resist.ca wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It determines which groups can perform actions on the wiki; page creation, editing, deletion, protection, blocking, etc. See the relevant lines in DefaultSettings.php and http://www.mediawiki.org/wiki/Help:$wgGroupPermissions for more details.
Rob Church
This was my first impression -- but I've already been to that page, and it's pretty sparse. What you're saying above doesn't seem to completely jibe with what Brion Vibber said earlier either.
Unless you mean this is purely a _global_, "ON/OFF" setting, and not the "fine-grained" one I -- and it loox like about a thousand other people -- have asked about here. ;>
- -- grok.
*** FULL-SPECTRUM DOMINANCE! ***************************************
NO ONE LEFT BEHIND: Free all political prisoners! *
Question authority -- before authority questions you! *
- http://www.supportwendy.com Support Wendy Maxwell / Queen Nzinga *
- http://tassc.org Torture Abolition & Survivors Support Coalition *
- http://www.breakthechains.net Break the Chains *
- http://www.abcf.net Anarchist Black Cross Federation *
- http://www.anarchistblackcross.org Anarchist Black Cross Network *
- http://www.criticalresistance.org Critical Resistance *
- http://www.addameer.org Palestinian Prisoner Support Association *
******************* *NEVER* Vote Bourgeois ********************* GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD1+5qYkWTV6cFkfoRAkL/AKDP9gvQaUMUxGYoiXmVD6ei9satCgCgomdZ of7t0NdIlOQZnRmxUiTKyN4= =1RcZ -----END PGP SIGNATURE----- _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
grok@resist.ca wrote:
Unless you mean this is purely a _global_, "ON/OFF" setting, and not the "fine-grained" one I -- and it loox like about a thousand other people -- have asked about here.
Bingo. :)
There is some limited ability to mark individual pages as protected, requiring additional privileges to edit them. There is not support for multiple different protection groups, ACLs, or view restrictions beyond a simple 'everybody can see / no one can see without login'.
If you require that kind of restrictions, MediaWiki is not for you. I recommend using software that is designed for that security model from the ground up.
-- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
grok@resist.ca wrote:
Unless you mean this is purely a _global_, "ON/OFF" setting, and not the "fine-grained" one I -- and it loox like about a thousand other people -- have asked about here.
Bingo. :)
There is some limited ability to mark individual pages as protected, requiring additional privileges to edit them. There is not support for multiple different protection groups, ACLs, or view restrictions beyond a simple 'everybody can see / no one can see without login'.
If you require that kind of restrictions, MediaWiki is not for you. I recommend using software that is designed for that security model from the ground up.
I understand very well the stance being taken by the Mediawiki developers; but it seems to me that there's a crying need for at least some sort of systematic extension/module capability for normal GNUnix-type permissions/file access, if not for ACL/SELinux type stuff.
I don't know yet how feasible this would be, but it doesn't seem impossible, or even difficult, to me. And I do understand that many Mediawiki developers have other priorities. ;>
- -- grok.
- -- *** FULL-SPECTRUM FIGHTBACK! *************************************** * In advance of the Revolution: * Get facts & get organized * * Fight the Man! * thru these sites & movements * ******************************************************************** * http://www.indyvoter.org League of Pissed Off Voters * * http://www.NewOrleansNetwork.org New Orleans Network * * http://www.innercitypress.org/citi.html Citigroup Watch * * http://www.venezuelafoia.info Venezuela Freedom Of Information * * http://www.thepraxisproject.org The Praxis Project * * http://www.alliancecm.org The Alliance for Community Media * * http://www.waronwant.org War On Want * **** NEW-WORLD-ORDER-SPEAK: "Law & Order" == Police State **** GPG fingerprint = 2830 CEE8 4B63 72A0 F86E 622D 6245 9357 A705 91FA
On 25/01/06, grok@resist.ca grok@resist.ca wrote:
I understand very well the stance being taken by the Mediawiki developers; but it seems to me that there's a crying need for at least some sort of systematic extension/module capability for normal GNUnix-type permissions/file access, if not for ACL/SELinux type stuff.
Well, it's time to roll out the old open source response: "so do it!" There are now a growing number of extension hooks (see docs/hooks.txt in the source) built in to the software, so it may in fact be possible to do all of this without major modification to the core code (maybe the addition of a few extra hooks, or tightening up general security in generally helpful ways). As you say, I'm sure such code would be extremely popular if it worked reliably (which is the biggest problem; if you want access controls, you presumably want them to be secure...)
One thing that ought to be pointed out straight away though, is that you seem to making a lot of mentions of "files", "directories", and technologies related to those. MediaWiki stores all pages in a database, in a basically 'flat' structure - it has no hierarchical structure, although pages are grouped into a small number of 'namespaces' (1 each for articles, discussions, policy, file descriptions, etc). You possibly already knew this, or would soon have discovered, but particularly your first message made me wonder if you had the wrong image.
-- Rowan Collins BSc [IMSoP]
grok at resist.ca wrote:
If you require that kind of restrictions, MediaWiki is not for you. I recommend using software that is designed for that security model from the ground up.
I understand very well the stance being taken by the Mediawiki developers; but it seems to me that there's a crying need for at least some sort of systematic extension/module capability for normal GNUnix-type permissions/file access, if not for ACL/SELinux type stuff.
Since there are a lot of ways to get at content in MediaWiki, a mixed- permissions model hacked on top is very likely to be insecure, allowing access to forbidden content in numerous ways.
I simply think it's very unwise to try taking a complicated system full of ugly hackish code that's based on the idea that everyone can see everything, and try to hack on 'but sometimes you can't' at a page/user level. It's likely to break, you're likely to leak data, and if you rely on this you could lose business/money/publicity/territory/lives/blah blah.
It's unsafe and insecure, and you're better off using a secure model if you require one. I *beg* you, for your own good, not to try using MediaWiki if you actually require that type of security. It'll bite you, I guarantee it.
-- brion vibber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org