Setup a Project Wiki: Difference between revisions

From Research
Jump to navigation Jump to search
Line 23: Line 23:
To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights].
To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights].


Common tasks are listed below.  Add them to InstanceLocalSettings.php to implement them.
Common tasks are listed below.  Add them to '''InstanceLocalSettings.php''' (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, '''NOT''' the typical LocalSettings.php.





Revision as of 21:43, 13 November 2014

sr-hercules01 is our wiki server. Check out the wiki index to see existing wikis.

Add a New Instance of MediaWiki

To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.

<YourHost> ~ # ssh root@hercules
sr-hercules01 ~ # ssh 10.0.1.58
sr-hercules01 ~ # newWiki -N $projectName [-R $sqlRootPassword]


Your wiki should be completely setup at: http://wiki.iat.sfu.ca/$projectname I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)

A wikiSysOp account is created with a strong password unique to the wikis

A log is kept at /var/log/newWiki.log

Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.

Access Restrictions

By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.

To customize access and viewing restrictions, look at this article on Rights.

Common tasks are listed below. Add them to InstanceLocalSettings.php (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, NOT the typical LocalSettings.php.


To restrict anonymous viewing:

sr-hercules01 wiki_name # vim InstanceLocalSettings.php

#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );

#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       

Disable even research users from reading. Members of "trusted" group can view (as can sysop)

sr-hercules01 wiki_name # vim InstanceLocalSettings.php
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']           = false;
$wgGroupPermissions['user']['edit']           = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;

For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: They have to attempt to log in first, and fail :-O This will make a username entry in the wiki-database, which can only then be modified (by a WikiSysop) to add them to the "trusted" group.

Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights


To allow bans by account name in lieu of IP address:


sr-hercules01 wiki_name # vim InstanceLocalSettings.php
 # allows bans to be typed in by account name rather than IP
 $wgSysopUserBans=true;

Customizing

sr-hercules01 (Wiki-city)

All changes should be made to /var/www/localhost/htdocs<project_name>/InstanceLocalSettings.php. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!


Tirpitz (Research wiki)

Things are Different on Tirpitz (tm) :-)
Changes are made on an NFS-mounted directory: /home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/

Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, and also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):

tirpitz ~ # emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php 
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' ); /** Files with these extensions will never be allowed as uploads. */ $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); # 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); temporarily uncomment for .exe uploads

Upload (filesize) Limits

Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank Upload file page again. Let's increase these limits (tirpitz - our main Research wiki - used as an example):

hostname ~ # emacs -nw /etc/php/cgi-php5/php.ini
         memory_limit "128M"
         file_uploads "On"
         post_max_size "25M"
         upload_max_filesize "25M"


Adding an RSS Feed

Some users have made the request for an RSS feed. This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url. For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:

http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif

Note that I have added a space after the "http"s to force the syntax rather than show the actual link.

Reset Passwords on MediaWiki

Determine User Name:

To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:

mysql> use wiki_databasename; SELECT * FROM user;


Determine ID:

To find out the user_id of a particular user (necessary to generate hash):

mysql> SELECT user_id, user_name from user WHERE user_name="UserName";


Reset Password:

Command to reset User password in mySQL:

mysql> UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;

Remove a wiki

webapp-config is used to create the wikis.

Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it. Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.