[pmwiki-users] pmwiki with hostile users?

Sandy sandy at onebit.ca
Thu Oct 29 09:58:27 CDT 2009 

W Randolph Franklin wrote:

PmWiki was originally written for this purpose, and the students were 
turned loose.

> 
> Is there a difference between giving the students access to single pages 
> vs to an entire group?
> 

Yes, there is. It's worth reading the pages in the manual about 
passwords and authorization. You can over-ride the default settings for 
individual groups and even individual pages. I don't recommend a 
complicated access structure because it's a pain to change later, but it 
can be done.

The next layer is AuthUser (not the same as UserAuth). It associates 
userIDs and passwords and allows userIDs to be assigned to user groups. 
Everywhere you would can authorize a password, you can also enter 
userIDs and user groups. This also makes it easier to read and edit the 
access structure later.

The core does not have self-registration. The admin has to type in all 
the names and passwords. As a matter of paranoia, if you use one of the 
recipes for self-registration, check who maintains it.

Whether you need AuthUser depends on how complicated your access 
structure will be and how often you want to change it. Pm's original 
installation didn't have it. It was entirely by password, and many 
passwords were shared.

The ID and password system seems clunky and unpolished at first, but 
once you get the hang of it, it's very versatile. Not great for adding a 
few every day, but good for mass additions.

With one additional line in config.php you can also record the ID of 
whoever makes any changes. I think it's under "require author". We're 
all used to having separate accounts, but for group work, shared 
accounts make sense. Separate accounts give credit to the typist, even 
if the rest of the group contributed. On the other hand, it might show 
you who is trying to break the system or add spam links.


> I haven't enabled separate farms, and would rather not have the hassle. 
>   However, is that worth it?

I don't think it's worth it. You say your wiki is already locked down 
tightly. Create a new password (or, if using AuthUser, user group) for 
the students, maybe one useper class, and create new page groups that 
are open only to the appropriate passwords.

Students will be able to create page groups on their own, and may do so 
accidently if they use punctuation in page names. I think there's a way 
to disable that. The person that created the group will be able to 
control access to it, if they know how, but admin can always access 
everything.

Hope this helps rather than confuses.

Regardless

Sandy

More information about the pmwiki-users mailing list