[Fusionforge-general] Improvements on the mediawiki-plugin

Roland Mas lolando at debian.org
Wed Mar 24 14:21:41 CET 2010


Olaf Lenz, 2010-03-24 11:58:15 +0100 :

> Hi!

[...]

>>   There's also the problem of permissions.  We don't necessarily want to
>> grant the "www-data" user (or "nobody") to have write access to the wiki
>> code.
>
> Hmm, if you don't allow the *-init.php scripts to modify anything in
> /var/lib/gforge, then I'm not surprised that there are no such scripts
> yet, as they can not really do anything in that case. In general, if
> you want to allow uploads for mediawiki, the www-data user must have
> write permissions at some subdirectory of /var/lib/gforge.

  Yes, the one with the images.  The initial implementation created one
directory for each project, but it was up to the admin to do the actual
chown so the wikis could upload stuff there.

> However, I'm currently thinking anyway that it is probably better to
> just shoot the man-in-the-middle and completely remove the "master"
> directory containing the links, and instead install the links directly
> into the project directory when the wiki is created by
> create-wiki.php.  This would remove the problem.

  Not really, because you'd still give write access to www-data to the
wiki code.  Besides, if a new version of Mediawiki (or the plugin) needs
to change/add/delete one of the links, you'd need to go through all the
directories.

Roland.
-- 
Roland Mas

All tribal myths are true, for a given value of 'true'.
  -- in The Last Continent (Terry Pratchett)




More information about the Fusionforge-general mailing list