[Mediawiki-l] Wiki, IIS and Permissions

Jamie Bliss astronouth7303 at gmail.com
Fri Jun 10 15:49:28 UTC 2005 

I believe that this is more of an NT permissions thing than an IIS
permissions thing.

For those who have no clue about this, permissions in 2k and XP are
based on ACLs. The basic options for permissisions are as follows
(each category can be allowed, denied, or neither):
* Full Control
* Modify
* Read & Execute
* List Folder Contents
* Read
* Write
* Special Permissions
(According to the properties dialog in XP Pro)
The full list of perms are:
* Full control
* Traverse Folder / Execute File
* List Folder / Read Data
* Read Attributes
* Read Extended Attributes
* Create Files / Write Data
* Create Folders / Append Data
* Write Attributes
* Write Extended Attributes
* Delete Subfolders and Files
* Delete
* Read Permissions
* Change Permissions
* Take Ownership

Some of the special NT "security objects" are CREATOR OWNER and
CREATOR GROUP. These substitute for the *nix USER and GROUP.

"Everyone" is a special group meaning all users.

(I'm adding this to <http://meta.wikimedia.org/wiki/NT_permissions_overview>)
On 6/10/05, Rowan Collins <rowan.collins at gmail.com> wrote:
> On 10/06/05, Arthur Guy <arthur at astarsolutions.co.uk> wrote:
> > I have got Media Wiki installed and working on an IIS server, today I
> > decided to take a look at the file permissions for the instillation and I
> > found that the everyone group had full permission, I removed this and added
> > IIS User giving it read permission; unfortunately the site now doesn't work
> > when you try and edit a page and error is returned.

Try giving the IIS user Full Control and everyone Read and List.

What error?

> Well, I have no knowledge of IIS and suchlike, so I may not be much help, but:
> * is there such a thing as an "execute" permission, like there would be on *nix?

Kinda, but I am unsure of how exactly it difers from just Read.

> * the page editting shouldn't cause anything to be written to the file
> system, only to the MySQL database; the only directory that needs to
> be writable is the "images" one, IIRC (some versions try to compile
> the skin template on first run and save that somewhere, but I forget
> where and recent versions don't bother with this).

I'm assuming that the MySQL server runs as a different user from IIS.

The PHPTAL skin compilation is only done in v1.3. It compiles to some
odd temporary directory. I think this would happen on first view.

> * the other way editting would be different from viewing is caches of
> various sorts - are you sure the wiki can actually output fresh
> content if you by-pass your browser cache etc?

Especially if you are using an SHM (like Turck or eAccelerator).
Otherwise, I think caching is done through MySQL.

> In fact, perhaps the most helpful thing (which people so rarely think
> to do) would be to say exactly *what* error is returned, in case
> someone on the list knows what it means, or can deduce.

Yes! What's the error? It's akin to telling your mechanic, "My car
doesn't work. How do I fix it?"

-- 
-------------------------------------------------------------------
http://endeavour.zapto.org/astro73/
Thank you to JosephM for inviting me to Gmail!
Have lots of invites. Gmail now has 2GB.

More information about the MediaWiki-l mailing list