-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
move wiki to non-root user #3
Comments
I'm not sure that the wiki is running as root after all. When I enabled logging, it wrote its logfile as the
So that I think at least the MediaWiki front-end (which is presumably running as part of the web server process) is running as Looking in |
The database is MySQL, and it's running on a separate server, @gbaz, based on this information, what do you want done? |
So I guess the question that motivated this was -- it seemed that one needed root perms to edit wiki files, etc. If we just created a user that was non-root and had perms specific to wiki files, so that wiki admining could be done without root, I think that would resolve it... |
OK, that should be fairly straightforward, up to a certain point. The wiki's config files are world-readable, so they could be owned by any old user and the wiki would still work. So, we could create a user Identifying all the files that might be needed could be tricky. For example, to fix the diff bug, am I going to need access to If that's acceptable, then I can move forward with it. If you want administration of the wiki to be completely self-sufficient, then I think the only way to ensure that would be to have the wiki on its own virtual machine. If that's not possible (e. g. the hosting provider would charge more for another virtual machine), then it could still be done by using a solution like Docker to create multiple virtual environments, each with its own root user, inside a single virtual machine. This would be considerably more involved that just creating a |
the 90% plan sounds plenty good to me. just cutting down root logins is a worthy goal on its own. |
OK, I'll get to work on that. |
This has been going well. One issue I ran into: |
iirc, platform-site is the specific sftp-only user created for the platform subsite. I suspect its totally fine to change the ownership. |
Also, some of the other files and directories under |
vis a vis |
I have finished this task. The wiki appears to still work. The file I copied root's |
Currently, the wiki is running as root. Would be nice if it was not.
The text was updated successfully, but these errors were encountered: