Hi.
I am using Arch Linux and did a fresh install of mediawiki-1.43.0.tar.gz
in a fresh created directory (untar was done using user root). After
copying my individual file to the fresh install, I set up my file
permission according to these instructions at
https://www.mediawiki.org/wiki/Manual:Security - chapter "File permissions".
I ended up with a non functional wiki because of wrong permissions.
Then I started to walk to the error messages and did this:
chgrp http mediawiki-1.43.0/includes/
chmod g+rx mediawiki-1.43.0/includes/
This raises the next error (composer needs access to
vendor/autoload.php). I do not want walk through all the code and errors
just to notice somewhen in production that I do not have access to x or
y. Instead I want to be sure to start with the right and save setup.
Internet search did not help a lot. Docs mentioned above have been
missunderstood, are incomplete or wrong.
My goal is to have a secure wiki with all permissions as low as needed
for files and directories.
What would you suggest? Does anyone have a link to a good and proven doc?
Thanks,
Steffi
This is what I have so far:
drwxr-x--- 14 root http 4096 1. Feb 13:19 ./
drwxrwx--- 9 root http 4096 1. Feb 13:08 ../
-rw-r--r-- 1 root utmp 1511 5. Dez 16:41 api.php
-rw-r--r-- 1 root utmp 352410 5. Dez 16:42 autoload.php
drwx------ 2 root root 4096 1. Feb 13:08 cache/
-rw-r--r-- 1 root utmp 168 5. Dez 16:41 CODE_OF_CONDUCT.md
-rw-r--r-- 1 root utmp 8358 5. Dez 16:42 composer.json
-rw-r--r-- 1 root utmp 125 5. Dez 16:41 composer.local.json-sample
-rw-r--r-- 1 root utmp 19421 5. Dez 16:41 COPYING
-rw-r--r-- 1 root utmp 15957 5. Dez 16:42 CREDITS
-rw-r--r-- 1 root utmp 1762 20. Dez 19:45 docker-compose.yml
drwx------ 5 root root 4096 1. Feb 13:08 docs/
drwx------ 35 root root 4096 1. Feb 13:08 extensions/
-rw-r--r-- 1 root utmp 95 5. Dez 16:41 FAQ
-rw-r--r-- 1 root utmp 1639880 5. Dez 16:42 HISTORY
drwx------ 23 http root 4096 1. Feb 13:18 images/
-rw-r--r-- 1 root utmp 2221 5. Dez 16:41 img_auth.php
drwxr-x--- 96 root http 4096 1. Feb 13:08 includes/
-rw-r--r-- 1 root utmp 2213 5. Dez 16:41 index.php
-rw-r--r-- 1 root utmp 3685 5. Dez 16:42 INSTALL
-rw-r--r-- 1 root utmp 1302 5. Dez 16:41 jsdoc.json
drwx------ 5 root root 4096 1. Feb 13:08 languages/
-rw-r--r-- 1 root utmp 1464 5. Dez 16:41 load.php
-rw-r----- 1 root http 6838 1. Feb 13:19 LocalSettings.php
drwx------ 11 root root 12288 1. Feb 13:08 maintenance/
drwx------ 4 root root 4096 1. Feb 13:08 mw-config/
-rw-r--r-- 1 root utmp 1761 5. Dez 16:41 opensearch_desc.php
-rw-r--r-- 1 root utmp 1643 5. Dez 16:41 README.md
-rw-r--r-- 1 root utmp 54673 20. Dez 19:45 RELEASE-NOTES-1.43
drwx------ 5 root root 4096 1. Feb 13:08 resources/
-rw-r--r-- 1 root utmp 1239 5. Dez 16:41 rest.php
-rw-r--r-- 1 root utmp 199 5. Dez 16:41 SECURITY
drwx------ 6 root root 4096 1. Feb 13:08 skins/
drwx------ 11 root root 4096 1. Feb 13:08 tests/
-rw-r--r-- 1 root utmp 1659 5. Dez 16:41 thumb_handler.php
-rw-r--r-- 1 root utmp 1357 5. Dez 16:41 thumb.php
-rw-r--r-- 1 root utmp 4394 5. Dez 16:41 UPGRADE
drwx------ 21 root root 4096 1. Feb 13:08 vendor/
_______________________________________________
MediaWiki-l mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/
