Setup a Project Wiki: Difference between revisions
m fixed whitespace |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 21: | Line 21: | ||
By default, our wikis are publicly viewable, but a user must login with their research account to edit pages. | By default, our wikis are publicly viewable, but a user must login with their research account to edit pages. | ||
To customize access and viewing restrictions, look at this article on [ | To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights]. | ||
Common tasks are listed below. Add them to InstanceLocalSettings.php to implement them. | Common tasks are listed below. Add them to '''InstanceLocalSettings.php''' (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, '''NOT''' the typical LocalSettings.php. | ||
To restrict anonymous viewing: | To restrict anonymous viewing: | ||
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | <font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | ||
#Allow some special pages | #Allow some special pages | ||
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" ); | $wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" ); | ||
#Restrict general Public from viewing all pages. | #Restrict general Public from viewing all pages. | ||
$wgGroupPermissions['*']['read'] = false; | $wgGroupPermissions['*']['read'] = false; | ||
$wgGroupPermissions['*']['createtalk'] = false; | $wgGroupPermissions['*']['createtalk'] = false; | ||
$wgGroupPermissions['*']['createpage'] = false; | $wgGroupPermissions['*']['createpage'] = false; | ||
$wgGroupPermissions['*']['writeapi'] = false; | $wgGroupPermissions['*']['writeapi'] = false; | ||
Disable even research users from reading. Members of "trusted" group can view (as can sysop) | Disable even research users from reading. Members of "trusted" group can view (as can sysop) | ||
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | <font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | ||
#Restrict wiki to only users in the trusted group. | #Restrict wiki to only users in the trusted group. | ||
$wgGroupPermissions['user']['read'] = false; | $wgGroupPermissions['user']['read'] = false; | ||
$wgGroupPermissions['user']['edit'] = false; | $wgGroupPermissions['user']['edit'] = false; | ||
$wgGroupPermissions['trusted']['read'] = true; | $wgGroupPermissions['trusted']['read'] = true; | ||
$wgGroupPermissions['trusted']['edit'] = true; | $wgGroupPermissions['trusted']['edit'] = true; | ||
$wgGroupPermissions['sysop']['read'] = true; | $wgGroupPermissions['sysop']['read'] = true; | ||
$wgGroupPermissions['sysop']['edit'] = true; | $wgGroupPermissions['sysop']['edit'] = true; | ||
For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: | |||
They have to '''attempt''' to log in first, and '''fail''' :-O This will make a username entry in the wiki-database, which can '''only then''' be modified (by a WikiSysop) to add them to the "trusted" group. | |||
Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:<br> | |||
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers<br> | |||
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights<br> | |||
To allow bans by account name in lieu of IP address: | To allow bans by account name in lieu of IP address: | ||
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | <font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php''' | ||
# allows bans to be typed in by account name rather than IP | |||
$wgSysopUserBans=true; | |||
== Customizing == | == Customizing == | ||
==== sr-hercules01 (Wiki-city) ==== | ==== sr-hercules01 (Wiki-city) ==== | ||
All changes should be made to '''/var/www/localhost/htdocs'''''<project_name>'''''/ | All changes should be made to '''/var/www/localhost/htdocs'''''<project_name>'''''/InstanceLocalSettings.php'''. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!! | ||
==== Tirpitz (Research wiki) ==== | ==== Tirpitz (Research wiki) ==== | ||
Things are Different on Tirpitz (tm) :-)<br> | Things are Different on Tirpitz (tm) :-)<br> | ||
Changes are made on an NFS-mounted directory: '''/home/projects/infrastructure/htdocs/wiki''' | <s>Changes are made on an NFS-mounted directory: '''/home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/'''</s> | ||
Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php): | Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php): | ||
Line 123: | Line 130: | ||
Command to reset User password in mySQL: | Command to reset User password in mySQL: | ||
<font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name= | <font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�; | ||
''' | ''' | ||
Latest revision as of 21:43, 13 November 2014
sr-hercules01 is our wiki server. Check out the wiki index to see existing wikis.
Add a New Instance of MediaWiki
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.
<YourHost> ~ # ssh root@hercules sr-hercules01 ~ # ssh 10.0.1.58 sr-hercules01 ~ # newWiki -N $projectName [-R $sqlRootPassword]
Your wiki should be completely setup at: http://wiki.iat.sfu.ca/$projectname I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)
A wikiSysOp account is created with a strong password unique to the wikis
A log is kept at /var/log/newWiki.log
Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.
Access Restrictions
By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.
To customize access and viewing restrictions, look at this article on Rights.
Common tasks are listed below. Add them to InstanceLocalSettings.php (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, NOT the typical LocalSettings.php.
To restrict anonymous viewing:
sr-hercules01 wiki_name # vim InstanceLocalSettings.php #Allow some special pages $wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" ); #Restrict general Public from viewing all pages. $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['writeapi'] = false;
Disable even research users from reading. Members of "trusted" group can view (as can sysop)
sr-hercules01 wiki_name # vim InstanceLocalSettings.php #Restrict wiki to only users in the trusted group. $wgGroupPermissions['user']['read'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['trusted']['read'] = true; $wgGroupPermissions['trusted']['edit'] = true; $wgGroupPermissions['sysop']['read'] = true; $wgGroupPermissions['sysop']['edit'] = true;
For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: They have to attempt to log in first, and fail :-O This will make a username entry in the wiki-database, which can only then be modified (by a WikiSysop) to add them to the "trusted" group.
Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights
To allow bans by account name in lieu of IP address:
sr-hercules01 wiki_name # vim InstanceLocalSettings.php # allows bans to be typed in by account name rather than IP $wgSysopUserBans=true;
Customizing
sr-hercules01 (Wiki-city)
All changes should be made to /var/www/localhost/htdocs<project_name>/InstanceLocalSettings.php. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
Tirpitz (Research wiki)
Things are Different on Tirpitz (tm) :-)
Changes are made on an NFS-mounted directory: /home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/
Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, and also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):
tirpitz ~ # emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' ); /** Files with these extensions will never be allowed as uploads. */ $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); # 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); temporarily uncomment for .exe uploads
Upload (filesize) Limits
Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank Upload file page again. Let's increase these limits (tirpitz - our main Research wiki - used as an example):
hostname ~ # emacs -nw /etc/php/cgi-php5/php.ini memory_limit "128M" file_uploads "On" post_max_size "25M" upload_max_filesize "25M"
Adding an RSS Feed
Some users have made the request for an RSS feed. This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url. For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:
http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif
Note that I have added a space after the "http"s to force the syntax rather than show the actual link.
Reset Passwords on MediaWiki
Determine User Name:
To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:
mysql> use wiki_databasename; SELECT * FROM user;
Determine ID:
To find out the user_id of a particular user (necessary to generate hash):
mysql> SELECT user_id, user_name from user WHERE user_name="UserName";
Reset Password:
Command to reset User password in mySQL:
mysql> UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;
Remove a wiki
webapp-config is used to create the wikis.
Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it. Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.