I'm new to dokuwiki, but am pretty experienced with UNIX and programming. I would like to have a wiki to keep track of confidential information, with the following attributes:
- dokuwiki wiki is on a public server, and accessed by a few users.
- wiki is hidden from the public, eg mysite.com/secret_name URL.
- if someone chances on the wiki, cannot read any pages, cannot register.
- only admin account can add user accounts.
- joe account has full privileges (delete level).
- other accounts (eg, sally and bob) can only edit pages.
I don’t think this is real complicated. However, I couldn’t find any specific solution for this likely common scenario, other than 'ACL', which I already know. I don't want to do it wrong, so I thought I would ask.
----
Here is what I did:
1) On ubuntu 14.04 server, ran 'sudo dpkg-reconfigure dokuwiki', and specified 'secret_name' (substituting real secret name) as root directory. I think equivalent to editing AliasMatch and Alias in /etc/dokuwiki/apache.conf file.
2) Modified /var/lib/dokuwiki/acl/acl.auth.php to read as follows:
* @ALL 0 # root NS - everyone - none
* @user 2 # root NS - anyone logged in - edit
* joe 16 # root NS - joe logged in - delete
3) Disabled 'register' in the 'disableactions' config option.
----
It seems to work OK, based on my testing with several user accounts. Any other suggestions? Anything I might have missed?
FWIW, I don’t plan on creating any namespaces.
I know there is no guarantee the content is safe from prying eyes, and I saw the WARNING in the ACL doc. Given I would like to have the wiki, do the specific steps I have taken seem as safe as possible? Other specific steps anyone might suggest?
Thanks,
Daniel