urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

combine two pages

master
Joey Hess 2009-01-12 20:01:03 -05:00
parent 1c4357b13e
commit 756197f30f
6 changed files with 53 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
View File

@ -43,7 +43,7 @@ In the end, I did the following. I created a directory /srv/ikiwiki/ which is ow
## cgi_wrapper
I do not understand those wrappers completely. The cgi is a script, which can be called by a webserver, e. g. [[Apache_2|/tips/apache_cgi]]. But www-data is normally not allowed to write to the source directory (which is owned by gitosis or push to the repository). Therefore it should be run as the user gitosis. And because cgi scripts can not be made suid, I wrapper (in this case a C program) is created (cgi\_wrapper) which can be made suid and therefore be run as the user gitosis. Is this correct?
I do not understand those wrappers completely. The cgi is a script, which can be called by a webserver, e. g. [[Apache_2|/tips/dot_cgi]]. But www-data is normally not allowed to write to the source directory (which is owned by gitosis or push to the repository). Therefore it should be run as the user gitosis. And because cgi scripts can not be made suid, I wrapper (in this case a C program) is created (cgi\_wrapper) which can be made suid and therefore be run as the user gitosis. Is this correct?
> It seems to me like you understand the wrapper pretty well. It's main reson to exist is to safely be suid, yes.

3
doc/setup.mdwn
View File

@ -47,8 +47,7 @@ Now you can go to the url it told you, and edit pages in your new wiki
using the web interface.
(If the web interface doesn't seem to allow editing or login, you may
need to configure [[apache|tips/apache_cgi]] or
[[lighttpd|tips/lighttpd_cgi]].)
need to configure [[configure_the_web_server|tips/dot_cgi]].)
## Checkout and edit wiki source

25
doc/tips/apache_cgi.mdwn
View File

@ -1,25 +0,0 @@
It's common to name the [[cgi]] "ikiwiki.cgi", and put it somewhere
like `~/public_html/ikiwiki.cgi`, or `/var/www/wiki/ikiwiki.cgi`.
If you do that, you may find that when trying to edit a page in your wiki,
you see the raw contents of the ikiwiki.cgi program. Or get a permission
denied problem.
This is because apache is generally not configured to run cgi scripts
unless they're in `/usr/lib/cgi-bin/`. While you can put ikiwiki.cgi in
there if you like, here's how to configure apache (version 2) to run `.cgi`
programs from anywhere.
These instructions are for Debian systems, but the basic apache
configuration should work anywhere.
* Edit /etc/apache2/apache2.conf and add a line like this:
AddHandler cgi-script .cgi
* Find the "Options" line for the directory where you've put the
ikiwiki.cgi, and add "ExecCGI" to the list of options. For example, if
ikiwiki.cgi is in /var/www/, edit `/etc/apache2/sites-enabled/000-default`
and add it to the "Options" line in the "Directory /var/www/" stanza.
Or, if you've put it in a `~/public_html`, edit
`/etc/apache2/mods-available/userdir.conf`.

50
doc/tips/dot_cgi.mdwn 100644
View File

@ -0,0 +1,50 @@
It's common to name the [[cgi]] "ikiwiki.cgi", and put it somewhere
like `~/public_html/ikiwiki.cgi`, or `/var/www/wiki/ikiwiki.cgi`.
If you do that, you may find that when trying to edit a page in your wiki,
you see the raw contents of the ikiwiki.cgi program. Or get a permission
denied problem.
This is because web servers are generally not configured to run cgi scripts
unless they're in `/usr/lib/cgi-bin/`. While you can put ikiwiki.cgi in
there if you like, it's better to configure your web server to
run `.cgi` programs from anywhere.
These instructions are for Debian systems, but the basic
configuration changes should work anywhere.
## apache 2
* Edit /etc/apache2/apache2.conf and add a line like this:
AddHandler cgi-script .cgi
* Find the "Options" line for the directory where you've put the
ikiwiki.cgi, and add "ExecCGI" to the list of options. For example, if
ikiwiki.cgi is in /var/www/, edit `/etc/apache2/sites-enabled/000-default`
and add it to the "Options" line in the "Directory /var/www/" stanza.
Or, if you've put it in a `~/public_html`, edit
`/etc/apache2/mods-available/userdir.conf`.
## lighttpd
Here is how to enable cgi on [lighttpd](http://www.lighttpd.net/) and
configure it in order to execute ikiwiki.cgi wherever it is located.
* Activate cgi by linking `/etc/lighttpd/conf-available/10-cgi.conf` into `/etc/lighttpd/conf-enabled` ([doc](http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)).
* Create `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` and add a line like this:
cgi.assign = ( "ikiwiki.cgi" => "", )
* Activate ikiwiki-cgi by linking `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` into `/etc/lighttpd/conf-enabled`.
* Restart lighttpd server with something like `/etc/init.d/lighttpd restart`.
Note that the first part enables cgi server wide but depending on default
configuration, it may be not enough. The second part creates a specific
rule that allow `ikiwiki.cgi` to be executed.
**Warning:** I only use this on my development server (offline). I am not
sure of how secure this approach is. If you have any thought about it, feel
free to let me know.

2
doc/tips/laptop_wiki_with_git.mdwn
View File

@ -15,7 +15,7 @@ for setting up ikiwiki with git.
Next, `git clone` the source (`$REPOSITORY`, not `$SRCDIR`)
from the server to the laptop.
Now, set up a [[web_server|apache_cgi]] on your laptop, if it doesn't
Now, set up a [[web_server|dot_cgi]] on your laptop, if it doesn't
already have one.
Now you need to write a setup file for ikiwiki on the laptop. Mostly this

15
doc/tips/lighttpd_cgi.mdwn
View File

@ -1,15 +0,0 @@
Here is how to enable cgi on [lighttpd](http://www.lighttpd.net/) and configure it in order to execute ikiwiki.cgi wherever it is located.
* Activate cgi by linking `/etc/lighttpd/conf-available/10-cgi.conf` into `/etc/lighttpd/conf-enabled` ([doc](http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)).
* Create `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` and add a line like this:
cgi.assign = ( "ikiwiki.cgi" => "", )
* Activate ikiwiki-cgi by linking `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` into `/etc/lighttpd/conf-enabled`.
* Restart lighttpd server with something like `/etc/init.d/lighttpd restart`.
Note that the first part enables cgi server wide but depending on default configuration, it may be not enough. The second part creates a specific rule that allow `ikiwiki.cgi` to be executed.
**Warning:** I only use this on my development server (offline). I am not sure of how secure this approach is. If you have any thought about it, feel free to let me know.