[Pmwiki-users] Question about the pub/ structure and "safe" directories

[chr@home.se]

Hi Patrick

Below I've tried to summarize the directories of PmWiki, and who is
allowed to read/write to specific places. Could you comment on wether this
is accurate?

First a directory structure with minimal access rights, i.e. no more
access than is necessary to have a working system. The administrator is
me, 'chr', and Pmwiki executes as 'wwwrun'.

Directory	Access rights User Group  Comment
.		rw  r-  r-     chr users  Root of PmWiki installation
|-- cookbook	rw  r-  --     chr www	  
|-- local	rw  r-  --     chr www	  
|-- pub		rw  r-  r-     chr www	  
|   |-- cache	rw  r-  r-  wwwrun www	  Written to by Pmwiki 
|   |-- css	rw  r-  r-     chr www	  
|   `-- skins	rw  r-  r-     chr www	  
|       `--...	rw  r-  r-     chr www	  
|-- scripts	rw  r-  --     chr www	  
|-- uploads	rw  r-  r-  wwwrun www	  Written to by PmWiki
|   `-- ...	rw  r-  r-  wwwrun www	  Written to by PmWiki
|-- wiki.d	rw  r-  r-  wwwrun www    Written to by PmWiki
`-- wikilib.d	rw  r-  r-     chr www	  

Note:
* The public does not need to read cookbook/, local/ or scripts/.

* The public needs to read pub/..., uploads/, wiki.d/ and wiklib.d/

* PmWiki ('wwwrun') never writes to cookbook/ or local/. However, during
  installation or update of PmWiki, files may be written there.

* The directories uploads/, wiki.d/ and pub/cache/ needs to be created
  by a running PmWiki instance, e.g. by 'wwwrun'

Initially I'd forgotten about 'wwwrun' writing to /pub/cache, but it is 
used by the MimeTeX extension.

Comments? Is it correct?

I guess the information above should be put on a wiki page somewhere, any 
suggestions where? (Or maybe there already is such a page?)

/Christian

-- 
Christian Ridderstr?m, +46-8-768 39 44               http://www.md.kth.se/~chr