[pmwiki-users] Newbie Alert!!! - basic site security?

Johnny Ernst Nielsen j_e_n_pub at yahoo.dk
Fri Oct 19 11:47:37 CDT 2007


Fredag 19 oktober 2007 17:38 kvad Jeff Schallenberg:
> I have just installed a pmwiki site on my Ubuntu server.
>
> It works and looks great - I have configured a logo and a skin, I
> can create and edit pages - but that is the problem. This site is
> to be used for a private non-profit group - less than a dozen
> users. I would like to allow viewing, editing and uploading only by
> this group.
>
> I have edited the config.php file to include the following lines:
>
> $DefaultPasswords['admin'] = crypt('secret');
> $EnableUpload = 1;
> $DefaultPasswords['upload'] = crypt('secret');
>
> But, even after restarting the server, I can still edit pages
> without entering any password. If I check the recent changes, I
> see:
>
>    -
> HomePage<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.HomeP
>age>. . . October 19, 2007, at 08:54 AM by ?:
>    -
> NewPage<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.NewPag
>e>. . . October 19, 2007, at 08:42 AM by ?:
>    -
> WikiSandbox<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.Wi
>kiSandbox>. . . October 18, 2007, at 08:49 PM by ?:
>
> So, pmwiki doesn't even know who is editing!
>
> How can I protect my pmwiki site so that I have admin privileges,
> and group members have read, write and upload privileges.
>
> I have read the documentation on security and passwords, and I
> understood that setting passwords in config.php was sufficient to
> limit edit privileges to users who know those passwords.
>
> What am I missing?
>
> Thanks for your help! And thanks for the great software!

We are all newbies in different fields. It's all right.

There are two ways.

One with passwords, but no usernames.

One with both user names and passwords.

For the first method you need to add the proper passwords to the 
proper actions.

Add to your config.php:
$DefaultPasswords['admin'] = crypt('adminpassword');
$DefaultPasswords['read'] = crypt('readpassword');
$DefaultPasswords['edit'] = crypt('editpassword');
$DefaultPasswords['attr'] = crypt('attributespassword');
And so forth.
You get the idea.
Se the details here:
<http://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin>

With this method you give the same password to all who should have the 
same permissions.

For the second method you enable the module AuthUser.
Then you define your users and your user groups in the page 
SiteAdmin.AuthUser
Finally you set the proper permissions for your users and groups in 
config.php
Se here:
<http://www.pmwiki.org/wiki/PmWiki/AuthUser>

With this method you can give indvidual permissions to individual 
people.

Best regards :o)

Johnny :o)



More information about the pmwiki-users mailing list