Set permissions


Administrators need to restrict the permissions of the files, so that only the web server (and the administrator of course) can read and write them. For maximum security, no other user on the machine should be able to read or write anything in the wiki instance directory. Don't forget that this directory contains sensitive information, notably the (encrypted) passwords of the wiki users.

On Linux, the following commands should be enough:

> chown -R $USER.$GROUP $INSTANCE   # check that USER and GROUP are correct
> chmod -R ug+rwX $INSTANCE         # USER.GROUP may read and write
> chmod -R o-rwx $INSTANCE          # everybody else is rejected

Normal users

Normal users, on the contrary, need to broaden the permissions of the files, so that the web server can read and write them. On recent Windows versions, and on some versions of Linux and other systems, access control lists can be used to that effect. They are, however, powerful and complicated, much beyond the scope of this document. Ask a knowledgeable person about them.

Without them, normal users have to allow everybody to access the instance directory. This is the only way the web server can enter it and do its work. This is, of course, VERY INSECURE, since any other user and program on the server can read the directory. You should not use such a setup for a wiki open to the public.

On Linux, the following commands will open the instance directory to the whole world:

> chmod -R a+rwX $INSTANCE
