hi rogut
thanks for the email, but since i'm not a trained web-admin, that
page you sent is simply mystifying, and doesn't seem to say anything
about changing permissions of folders to 775 as Dave suggested.
if pmwiki is so open to multiple levels of users, and what you say is
true, wouldn't the pmwiki documentation somewhere simply say:
step 1: change permissions to 777
step 2: create your directories
step 3: change your permissions back to ___
?
i don't see anything anywhere on the site that says this in layman's
language. everything else is so clear and straight-forward, but this
huge security issue doesn't say anywhere what to set. and, as stated
in the safe-mode section, if i recall correctly i had to change those
two directories, uploads and wiki.d, to 777 in order to be able to
write into them.
so, following what the pmwiki website seems to say, i've bascially
got everything set to 755 except uploads and wiki.d which are set to
777. if this is not right, can someone (preferably patrick) put
directly in layman's terms what should be the correct settings? i
really don't want to make a drastic move dealing with security
without seeing something in print on the site that says "everything
is going to just fine if ___", know what i mean?
thx again!
adam
Message: 3
Date: Tue, 23 Dec 2008 00:13:30 +0200
From: Rogut?s <[email protected]>
Subject: Re: [pmwiki-users] Security breach?
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
adam overton (2008-12-22 13:00):
hi, is this true?
Either way, don't set
anything to 777.
b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/
PmWiki/Installation) say setting uploads and wiki.d to 777. should
they be 775 instead? just wondering if there's any consensus on this
before i go start twiddling, changing permissions...
thx
adam
When starting with a clean PmWiki installation and navigating to
pmwiki.php, one is greeted with this rather familiar error message:
"PmWiki needs to have a writable $dir/ directory before it can
continue."
and an explanation how to set appropriate permissions for wiki.d/. Two
suggestions are provided by Pm:
1. Chmod wiki.d to 777.
2. Chmod wiki.d to 2777 (use the setguid bit), reload and chmod it to
whatever it was before.
The second option is said to lead to "a slightly more secure
installation", but it is only displayed (and usable) if PHP
safemode is
turned off.
Refer to pmwiki.org for explanations:
http://pmwiki.org/wiki/PmWiki/FilePermissions
Anyway, this kind of security (hiding of world writable directories to
other users) should be provided by the ones selling shared hosting
services.
-- Rogut?s
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
