install:permissions
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
install:permissions [2017-11-19 13:31] – removed 2a03:f85:8::7 | install:permissions [2017-11-26 21:24] – Fix installer filename 78.53.78.174 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Setting up file permissions ====== | ||
+ | |||
+ | [[: | ||
+ | |||
+ | DokuWiki is executed by PHP, so the PHP process needs to be able to write to these files. | ||
+ | |||
+ | The following permissions must be modified for the respective DokuWiki functions to work: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | The following files are copied by the '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ===== Windows (using Microsoft IIS) ===== | ||
+ | |||
+ | To make the files in the '' | ||
+ | Internet Guest Account ('' | ||
+ | |||
+ | A good description with screenshots is available [[http:// | ||
+ | |||
+ | Note: If you are running PHP under IIS6 with the FastCGI module [[http:// | ||
+ | |||
+ | For IIS 7/7.5 this will be the application pools account. It is unclear if you can add this via the GUI. Try the following: | ||
+ | * Enter //IIS APPPOOL\YourAppPoolName// | ||
+ | * If this doesn' | ||
+ | * If you can't find or add the account via the GUI, consider the ' | ||
+ | |||
+ | Add this via the GUI: [[http:// | ||
+ | |||
+ | Note: Check out the web platform installer v3.0 for the necessary components and add IIS:IP and Domain Restrictions (under products) | ||
+ | |||
+ | Running **Windows Server 2008, R2 Standard. | ||
+ | Add a user as described above with the name: COMPUTERNAME\IUSER_COMPUTERNAME and give them full control. | ||
+ | Full Computer Name is ComputerName.Domain.com and the Computer Name was just ComputerName without the domain. Used the Computer Name rather than the Full Computer Name. | ||
+ | |||
+ | ===== Unix ===== | ||
+ | |||
+ | This will apply if you install DokuWiki on a Linux, MacOS X or other Unix-like system. It is most probably also true for rented web space. | ||
+ | |||
+ | Note: under Linux additional file system ACLs (FACL) may apply, confer the commands " | ||
+ | |||
+ | |||
+ | ==== File Permissions, | ||
+ | |||
+ | This is not the place to explain the UNIX file permission system in detail. See [[wp> | ||
+ | |||
+ | * Permissions for a file are dependent of the file's owner and group and the user who tries to access the file | ||
+ | * There are permissions for read, write and execute | ||
+ | * Each UNIX process runs with the permissions of an OS user and his/her groups | ||
+ | * The web server is a UNIX process | ||
+ | * PHP usually runs as part of the web server | ||
+ | * DokuWiki will run with the permissions of the PHP processor | ||
+ | * DokuWiki needs read, write and execute permissions for directories it needs to create files in | ||
+ | * DokuWiki needs read and write permissions for files it needs to write to | ||
+ | * DokuWiki needs read only permissions for files and directories it doesn' | ||
+ | |||
+ | To find the user and group your PHP process (web server) run under you could try to run the following PHP script: | ||
+ | |||
+ | <code php> | ||
+ | <?php | ||
+ | |||
+ | if(function_exists(' | ||
+ | // use posix to get current uid and gid | ||
+ | $uid = posix_geteuid(); | ||
+ | $usr = posix_getpwuid($uid); | ||
+ | $user = $usr[' | ||
+ | $gid = posix_getegid(); | ||
+ | $grp = posix_getgrgid($gid); | ||
+ | $group = $grp[' | ||
+ | }else{ | ||
+ | // try to create a file and read it's ids | ||
+ | $tmp = tempnam ('/ | ||
+ | $uid = fileowner($tmp); | ||
+ | $gid = filegroup($tmp); | ||
+ | |||
+ | // try to run ls on it | ||
+ | $out = `ls -l $tmp`; | ||
+ | $lst = explode(' | ||
+ | $user = $lst[2]; | ||
+ | $group = $lst[3]; | ||
+ | unlink($tmp); | ||
+ | } | ||
+ | |||
+ | echo "Your PHP process seems to run with the UID $uid ($user) and the GID $gid ($group)\n"; | ||
+ | </ | ||
+ | |||
+ | Alternatively, | ||
+ | <code php> | ||
+ | <?php | ||
+ | phpinfo(); | ||
+ | ?> | ||
+ | </ | ||
+ | |||
+ | === Common Permissions === | ||
+ | |||
+ | Here are the most commonly used values for setting permissions on directories and files. | ||
+ | |||
+ | ^ directories ^ files ^ result ^ | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | |||
+ | ==== Which permissions to set? ==== | ||
+ | |||
+ | So, how should you set the permissions of the directories mentioned above? In general you should try to set the permissions as restrictive as possible, but there is no general rule which permissions you need to set for your system. | ||
+ | |||
+ | If you have root (super user rights) you can change the owner of files and directories. This means you can change the owner of the DokuWiki files to the web server user (e.g. '' | ||
+ | |||
+ | If you are a normal user you may be a member of the web server group and can change the files to be owned by this group. Then set the files and directories to be writable by this group. E.g. '' | ||
+ | |||
+ | If you are alone on the server or running in a completely trusted environment you can simply change the permissions to give everyone access. E.g. '' | ||
+ | |||
+ | If you're running on a shared web server it is recommended to contact your web server administrator or hosting support and ask for help and recommendations. Point them to this page and they should know what you need to do. | ||
+ | |||
+ | Note: When you found the correct settings for your directories you should change the [[config: | ||
+ | |||
+ | ==== How to set permissions? | ||
+ | |||
+ | On the command line use [[man> | ||
+ | |||
+ | When accessing your server through FTP, consult the manual of your FTP tool. Most graphical FTP tools have a dialog to set permissions (often to be found in the right-click context menu). | ||
+ | |||
+ | On some UN*X-like systems, you may be able to use filesystem ACLs to allow the PHP user to write to the files as well. For Sun's ZFS, see the [[http:// | ||
+ | |||
+ | Check with your system administrator -- some backup systems will ignore ACLs on files. | ||
+ | |||
+ | |||
+ | ==== If things go wrong ==== | ||
+ | |||
+ | In certain situations, you may find that you are unable to delete or modify files created | ||
+ | by DokuWiki. | ||
+ | |||
+ | ==== Tip: Using the setgid Bit ==== | ||
+ | |||
+ | If you have commandline access to your server, you can use the '' | ||
+ | |||
+ | * data directory: | ||
+ | * '' | ||
+ | * '' | ||
+ | * everything below the data directory: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | In order to fully retain correct permissions, | ||
+ | |||
+ | |||
+ | ===== How do I make specific pages in the wiki read-only? ===== | ||
+ | |||
+ | See [[faq: | ||
+ | |||
install/permissions.txt · Last modified: 2023-12-12 16:17 by antwoorden