DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
install:fedora

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
install:fedora [2013-08-09 14:54] – SELinux 37.209.1.176install:fedora [2022-08-05 10:02] (current) – old revision restored (2022-07-31 23:28) schplurtz
Line 1: Line 1:
 ====== Fedora Package ====== ====== Fedora Package ======
  
-These instructions are written for Fedora, there may be differences for other versions.+DokuWiki is available in the Fedora repositories. These instructions are written for Fedora 19, there may be differences for other versions. Do
  
-DokuWiki is available in the Fedora repositories. So+  dnf install httpd php dokuwiki dokuwiki-selinux
  
-  yum install dokuwiki dokuwiki-selinux+The package ''dokuwiki-selinux'' is necessary for the Configuration Manager of DokuWiki to work. It configures [[wp>Security-Enhanced Linux|SELinux]] to allow dokuwiki to write to its configuration.
  
-The package dokuwiki-selinux does configure SELinux to allow dokuwiki to write to its configuration. Its necessary for the Configuration Manager of DokuWiki to work. +Package details are available at https://admin.fedoraproject.org/pkgdb/package/rpms/dokuwiki/
- +
-Package details are available at https://admin.fedoraproject.org/pkgdb/acls/name/dokuwiki+
  
 ===== httpd ===== ===== httpd =====
- +Apache HTTP Server, named ''httpd'' in Fedora, is not enabled by default. Since Fedora is [[wp>systemd]]-based you may start it with
-Apache, named httpd in Fedora, is not enabled by default. +
- +
-You may start it with+
  
   systemctl start httpd.service   systemctl start httpd.service
Line 28: Line 23:
  
 ===== Configuration ===== ===== Configuration =====
 +The basic configuration just lets you create and edit pages, but doesn't allow you to login and use the Configuration Manager!
  
-The basic configuration just lets you create and edit pagesbut doesn't allow you to login and use the Configuration Manager.+The configuration resides in ''/etc/dokuwiki''. ''local.php'' contains your local configuration, ''dokuwiki.php'' contains dokuwikis defaults and should be left alone. The Configuration Manager also writes to ''local.php''.
  
-The configuration resides in /etc/dokuwiki. local.php contains your local configuration, dokuwiki.php contains dokuwikis defaults and should be left alone. The Configuration Manager also writes to local.php. +To enable login, edit ''/etc/dokuwiki/local.php'' and set
- +
-To enable login, edit local.php and set+
  
   $conf['useacl'] = 1;   $conf['useacl'] = 1;
Line 40: Line 34:
 This enables ACL (Access Control) and gives all members of the group "admin" superuser rights. This enables ACL (Access Control) and gives all members of the group "admin" superuser rights.
  
-Now add a new user to users.auth.php+Now add a new user to ''users.auth.php'':
  
   admin:21232f297a57a5a743894a0e4a801fc3:Admin:example@example.com:admin   admin:21232f297a57a5a743894a0e4a801fc3:Admin:example@example.com:admin
Line 48: Line 42:
 You can now login as user "admin" and use DokuWikis admin tools to configure it, to add new users and the like. You can now login as user "admin" and use DokuWikis admin tools to configure it, to add new users and the like.
  
-===== Paths ====+==== Paths ==== 
- +| DokuWiki        ''/usr/share/dokuwiki''    
-| DokuWiki | /usr/share/dokuwiki | +| Configuration   ''/etc/dokuwiki''          
-| Configuration | /etc/dokuwiki | +| Data directory  ''/var/lib/dokuwiki/data'' |
-| Data directory | /var/lib/dokuwiki/data |+
  
 ===== Allowing access ===== ===== Allowing access =====
-Once this is installed, you should be able to access this on your local machine. A problem may arise when you try to access it through a network. This has to do with the config settings of Dokuwiki, to change them, Navigate to /etc/httpd/conf.d/ and there should be a file named dokuwiki.conf. +Once this is installed, you should be able to access this on your local machine. A problem may arise when you try to access it through a network. This has to do with the config settings of Dokuwiki, to change them, Navigate to ''/etc/httpd/conf.d/'' and there should be a file named ''dokuwiki.conf''.
   * For Fedora versions earlier than 18 (Apache 2.2): Edit the file and find the line that says "Allow 127.0.0.1 only" and change it to say "Allow from All"   * For Fedora versions earlier than 18 (Apache 2.2): Edit the file and find the line that says "Allow 127.0.0.1 only" and change it to say "Allow from All"
   * For Fedora 18 and later (Apache 2.4): Edit the file and find the line that says "Require local" and change it to say "Require all granted".   * For Fedora 18 and later (Apache 2.4): Edit the file and find the line that says "Require local" and change it to say "Require all granted".
-Save the file and restart the Apache server +Save the file and restart the Apache HTTP Server with the systemd user space utility ''systemctl'':
  
   systemctl restart httpd.service   systemctl restart httpd.service
  
-It should now allow remote requests to the site. Depending on your setup, you may have to allow incomming http(s) traffic in you firewall though.+It should now allow remote requests to the site. Depending on your setup, you may have to allow incoming http(s) traffic in you firewall though.
  
 ===== SELinux ===== ===== SELinux =====
-[[wp>Security-Enhanced Linux]] is pre-installed on Fedora.+[[wp>Security-Enhanced Linux|SELinux]] is pre-installed on Fedora.
  
 <code> <code>
Line 71: Line 64:
 </code> </code>
  
 +If you want to allow httpd to have write access on the file ''/etc/dokuwiki/users.auth.php'', then change the "label" of that file:
 +  - As root do:<code>
 +semanage fcontext -a -t FILE_TYPE '/etc/dokuwiki/users.auth.php'</code>\\ FILE_TYPE is one of the following strings:\\ abrt_retrace_spool_t, afs_cache_t, anon_inodefs_t, dirsrv_config_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_tmp_t, httpd_apcupsd_cgi_rw_content_t, httpd_awstats_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cache_t, httpd_collectd_rw_content_t, httpd_cvs_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_dspam_rw_content_t, httpd_git_rw_content_t, httpd_lock_t, httpd_man2html_rw_content_t, httpd_mediawiki_rw_content_t, httpd_mojomojo_rw_content_t, httpd_munin_rw_content_t, httpd_mythtv_rw_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_prewikka_rw_content_t, httpd_smokeping_cgi_rw_content_t, httpd_squid_rw_content_t, httpd_squirrelmail_t, httpd_sys_rw_content_t, httpd_tmp_t, httpd_tmpfs_t, httpd_user_rw_content_t, httpd_var_lib_t, httpd_var_run_t, httpd_w3c_validator_rw_content_t, httpd_webalizer_rw_content_t, httpd_zoneminder_rw_content_t, initrc_tmp_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, krb5_host_rcache_t, passenger_tmp_t, passenger_var_run_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, puppet_tmp_t, squirrelmail_spool_t, systemd_passwd_var_run_t, user_cron_spool_t, zarafa_var_lib_t, zoneminder_var_lib_t. 
 +  - Then execute<code>
 +restorecon -v '/etc/dokuwiki/users.auth.php'
 +</code>
 +
 +==== Solution ====
 +(at least for 2013-08-09 Fedora 19 "Schrödinger's Cat')
 +As root do:
 +<code bash>
 +semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki'
 +restorecon -v '/etc/dokuwiki'
 +semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki/users.auth.php'
 +restorecon -v '/etc/dokuwiki/users.auth.php'
 +semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki/local.php'
 +restorecon -v '/etc/dokuwiki/local.php'
 +</code>
 +
 +==== Solution 2 ====
 +
 +I'm not a SELinux or Fedora expert, but thanks to people from the #selinux Freenode IRC channel I managed to fix the problem in the following way:
 +<code>
 +# semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki(/.*)?'
 +# restorecon -v '/etc/dokuwiki' -R
 +</code>
 +
 +Tried with Fedora 20 on 2014-02-17.
 +
 +
 +==== Solution 3 ====
 +
 +The Fedora ''dokuwiki-selinux-0-0.24.20140929c.fc21.noarch.rpm'' package's postinstall-script is running the following commands:
 +<code>
 +semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki(/.*)?'
 +semanage fcontext -a -t httpd_sys_content_t '/usr/share/dokuwiki(/.*)?'
 +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/dokuwiki/lib/plugins(/.*)?'
 +restorecon -R '/etc/dokuwiki'
 +restorecon -R '/usr/share/dokuwiki'
 +</code>
 +
 +You may want to consider adapting and running these commands.
 +
 +==== Solution 4 ====
 +The ''chcon'' command changes the SELinux context for files temporary. These changes do not survive a file system relabel, or the ''restorecon'' command.
 +
 +    chcon -t httpd_sys_rw_content_t /etc/dokuwiki/ -R
 +    chcon -t httpd_sys_content_t /usr/share/dokuwiki/ -R
 +    chcon -t httpd_sys_rw_content_t /usr/share/dokuwiki/lib/plugins/ -R
 +
 +You can restore default SELinux context for this files by running:
 +    restorecon -R '/etc/dokuwiki/'
 +    restorecon -R '/usr/share/dokuwiki/'
 +    restorecon -R '/usr/share/dokuwiki/lib/plugins/'
 +
 +====== Install the package downloaded from the website ======
 +
 +See [[https://openhsc.org/wiki/install_nginx_and_dokuwiki_on_fedora_server_29|this wiki page on how to install DokuWiki with nginx on Fedora 29]]
install/fedora.1376052886.txt.gz · Last modified: 2013-08-09 14:54 by 37.209.1.176
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links