Hi,
I'm updating an existing install and have resorted to using the current master
branch from the git repo because of some issues with PHP-8 compatibility.
The sites are visible but I've had to manually modify the conf/local.php
to disable the theme I had been using so I'm on the default DokuWiki theme. That's not a problem for now.
What I've encountered though is the Extension Manager page on both Wiki's reports that Extension directory is not writable
.
I've read carefully the permissions page and checked what my PHP service is running with using the script provided...
# php /tmp/quick2.php
Your PHP process seems to run with the UID 0 (root) and the GID 0 (root)
# ps aux | grep nginx
root 752408 0.0 0.0 5708 752 pts/1 S+ 10:12 0:00 tail -n30 -f /var/log/nginx/error.log
root 757065 0.0 0.0 31272 1332 ? Ss 11:49 0:00 nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; error_log stderr;
http 757066 0.0 0.3 31804 6772 ? S 11:49 0:00 nginx: worker process
http 757067 0.0 0.3 31900 7172 ? S 11:49 0:01 nginx: worker process
root 758245 0.0 0.1 6716 2328 pts/7 S+ 14:36 0:00 grep nginx
# ps aux | grep php
root 757058 0.0 1.3 87680 26080 ? Ss 11:49 0:01 php-fpm: master process (/etc/php/php-fpm.conf)
http 757060 0.1 1.5 169216 30316 ? S 11:49 0:17 php-fpm: pool www
http 757061 0.1 1.5 169440 31468 ? S 11:49 0:18 php-fpm: pool www
http 757339 0.2 1.3 93888 26600 ? S 12:26 0:16 php-fpm: pool www
root 758252 0.0 0.1 6716 2252 pts/7 S+ 14:37 0:00 grep php
Shows that the main processes are started as root
but spawned processes run as http
.
I've therefore gone with root:http
ownership for directories and set permissions to 775
...
chmod -R g=rwX,u=rwX,o=rX data/
cd data
chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp}
chmod -R g=rwX,u=rwX,o=rX lib
cd lib
chmod 2775 {exe,images,plugins,scripts,styles,tpl}
To be sure I restarted both php-fpm
and nginx
and I can edit and save pages and as per the security page I can not access https://mypersonalwebsite.url/data/pages/wiki/dokuwiki.txt
, it returns a 403 Forbidden. However, the Extension Manager still reports Extension directory is not writable
when the ownership and permissions are...
# cd lib
# ls -al
total 36K
drwxrwxr-x 8 root http 4.0K Feb 6 23:21 .
drwxrwsr-x 10 root http 4.0K Feb 6 23:28 ..
drwxrwsr-x 2 root http 4.0K Feb 6 23:21 exe
drwxrwsr-x 9 root http 4.0K Feb 6 23:21 images
-rw-rw-r-- 1 root http 241 Feb 6 23:21 index.html
drwxrwsr-x 18 root http 4.0K Feb 6 23:21 plugins
drwxrwsr-x 3 root http 4.0K Feb 6 23:21 scripts
drwxrwsr-x 2 root http 4.0K Feb 6 23:21 styles
drwxrwsr-x 5 root http 4.0K Feb 7 09:36 tpl
ls -al plugins/
total 100K
drwxrwsr-x 18 root http 4.0K Feb 6 23:21 .
drwxrwxr-x 8 root http 4.0K Feb 6 23:21 ..
drwxrwxr-x 4 root http 4.0K Feb 6 23:21 acl
-rw-rw-r-- 1 root http 135 Feb 6 23:21 action.php
-rw-rw-r-- 1 root http 135 Feb 6 23:21 admin.php
drwxrwxr-x 5 root http 4.0K Feb 6 23:21 authad
drwxrwxr-x 4 root http 4.0K Feb 6 23:21 authldap
drwxrwxr-x 5 root http 4.0K Feb 6 23:21 authpdo
-rw-rw-r-- 1 root http 135 Feb 6 23:21 auth.php
drwxrwxr-x 4 root http 4.0K Feb 6 23:21 authplain
-rw-rw-r-- 1 root http 135 Feb 6 23:21 cli.php
drwxrwxr-x 7 root http 4.0K Feb 6 23:21 config
drwxrwxr-x 6 root http 4.0K Feb 6 23:21 extension
-rw-rw-r-- 1 root http 244 Feb 6 23:21 index.html
drwxrwxr-x 2 root http 4.0K Feb 6 23:21 info
drwxrwxr-x 3 root http 4.0K Feb 6 23:21 logviewer
drwxrwxr-x 3 root http 4.0K Feb 7 00:17 markdowku
drwxrwxr-x 3 root http 4.0K Feb 6 23:21 popularity
-rw-rw-r-- 1 root http 135 Feb 6 23:21 remote.php
drwxrwxr-x 3 root http 4.0K Feb 6 23:21 revert
drwxrwxr-x 2 root http 4.0K Feb 6 23:21 safefnrecode
drwxrwxr-x 4 root http 4.0K Feb 6 23:21 styling
-rw-rw-r-- 1 root http 135 Feb 6 23:21 syntax.php
drwxrwxr-x 5 root http 4.0K Feb 6 23:21 testing
drwxrwxr-x 5 root http 4.0K Feb 6 23:21 usermanager
# cd ../conf
# ls -al
total 120K
drwxrwxr-x 2 root http 4.0K Feb 6 23:21 .
drwxrwsr-x 10 root http 4.0K Feb 6 23:28 ..
-rw-rw-r-- 1 root http 252 Feb 6 23:31 acl.auth.php
-rw-r--r-- 1 root http 448 Feb 6 23:21 acl.auth.php.dist
-rw-rw-r-- 1 root http 2.1K Feb 6 23:21 acronyms.conf
-rw-rw-r-- 1 root http 13K Feb 6 23:21 dokuwiki.php
-rw-rw-r-- 1 root http 354 Feb 6 23:21 entities.conf
-rw-r--r-- 1 root http 178 Feb 6 23:21 .htaccess
-rw-rw-r-- 1 root http 1.8K Feb 6 23:21 interwiki.conf
-rw-rw-r-- 1 root http 1.4K Feb 6 23:21 license.php
-rw-rw-r-- 1 root http 462 Feb 7 09:26 local.php
-rw-r--r-- 1 root http 459 Feb 6 23:28 local.php.bak
-rw-r--r-- 1 root http 462 Feb 6 23:21 local.php.dist
-rw-r--r-- 1 root http 32 Feb 6 23:21 manifest.json
-rw-rw-r-- 1 root http 2.6K Feb 6 23:21 mediameta.php
-rw-rw-r-- 1 root http 2.3K Feb 6 23:21 mime.conf
-rw-r--r-- 1 root http 12K Feb 6 23:21 mysql.conf.php.example
-rw-rw-r-- 1 root http 379 Feb 6 23:33 plugins.local.php
-rw-rw-r-- 1 root http 173 Feb 6 23:21 plugins.php
-rw-rw-r-- 1 root http 552 Feb 6 23:21 plugins.required.php
-rw-rw-r-- 1 root http 105 Feb 6 23:21 scheme.conf
-rw-rw-r-- 1 root http 645 Feb 6 23:21 smileys.conf
-rw-rw-r-- 1 root http 231 Feb 6 23:42 users.auth.php
-rw-r--r-- 1 root http 153 Feb 6 23:21 users.auth.php.dist
-rw-rw-r-- 1 root http 1.8K Feb 6 23:21 wordblock.conf
I'm using nginx and so as per the security page I have the following defined both in the server configuration section of /etc/nginx/nginx.conf
and also /etc/nginx/sites-available/default
the following...
location ~ /(data|conf|bin|inc|vendor)/ {
deny all;
}
I have noticed that there are some errors reported by nginx in the log...
2021/02/07 14:25:43 [error] 757067#757067: *628 directory index of "/usr/share/nginx/html/mypersonalwebsite/lib/" is forbidden, client: 12.34.56.78, server: mypersonalwebsite.url, request: "GET /lib/ HTTP/2.0", host: "mypersonalwebsite.url"
...which tallies with what the Extesnion Manager is reporting, but some other errors are to do with missing keys (and may or may not be related, I've no idea)...
2021/02/07 14:29:19 [error] 757067#757067: *635 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "path" in /usr/share/nginx/html/mypersonalwebsite/inc/HTTP/HTTPClient.php on line 181" while reading response header from upstream, client: 88.97.78.71, server: mypersonalwebsite.url, request: "GET /doku.php?do=check HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "mypersonalwebsite.url"
2021/02/07 14:31:05 [error] 757067#757067: *644 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "REMOTE_USER" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 36PHP message: PHP Warning: Undefined array key "media" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 219PHP message: PHP Warning: Undefined array key "date" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 226PHP message: PHP Warning: Undefined array key "media" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 228PHP message: PHP Warning: Undefined array key "media" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 292PHP message: PHP Warning: Undefined array key "media" in /usr/share/nginx/html/mypersonalwebsite/feed.php on line 397" while reading response header from upstream, client: 13.66.139.11, se
rver: mypersonalwebsite.url, request: "GET /feed.php?mode=list&ns=shopping HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "mypersonalwebsite.url"
EDIT : Forgot to include https://mypersonalwebsite.url/doku.php?do=check shows...
(green) DokuWiki version: Release 2020-07-29 "Hogfather"
(green) PHP version 8.0.2
(green) More than 32MB RAM (128 MB) available.
(green) Changelog is writable
(blue) Old changelog exists
(red) conf directory is not writable
(green) mb_string extension is available and will be used
(blue) Your locale C seems not to be a UTF-8 locale, you should fix this if you encounter problems.
(green) Debugging support is disabled
(blue) You are currently logged in as admin (you)
(blue) You are part of the groups admin, user
(green) Your current permission for this page is 255
(green) The current page is writable by the webserver
(green) The current page is writable by you
(green) The search index seems to be working
(blue) Your server's clock seems to be out of sync! Consider configuring a sync with a NTP server. Diff: -211s
I've looked at the conf directory too and all files and the directory itself are owned by root:http
and have read/write permissions for the directory itself and all .php
and .conf
files...
# ls -la
total 120
drwxrwxr-x 2 root http 4096 Feb 6 23:21 .
drwxrwsr-x 10 root http 4096 Feb 6 23:28 ..
-rw-rw-r-- 1 root http 252 Feb 6 23:31 acl.auth.php
-rw-r--r-- 1 root http 448 Feb 6 23:21 acl.auth.php.dist
-rw-rw-r-- 1 root http 2055 Feb 6 23:21 acronyms.conf
-rw-rw-r-- 1 root http 12918 Feb 6 23:21 dokuwiki.php
-rw-rw-r-- 1 root http 354 Feb 6 23:21 entities.conf
-rw-r--r-- 1 root http 178 Feb 6 23:21 .htaccess
-rw-rw-r-- 1 root http 1754 Feb 6 23:21 interwiki.conf
-rw-rw-r-- 1 root http 1356 Feb 6 23:21 license.php
-rw-rw-r-- 1 root http 462 Feb 7 09:26 local.php
-rw-r--r-- 1 root http 459 Feb 6 23:28 local.php.bak
-rw-r--r-- 1 root http 462 Feb 6 23:21 local.php.dist
-rw-r--r-- 1 root http 32 Feb 6 23:21 manifest.json
-rw-rw-r-- 1 root http 2572 Feb 6 23:21 mediameta.php
-rw-rw-r-- 1 root http 2293 Feb 6 23:21 mime.conf
-rw-r--r-- 1 root http 11396 Feb 6 23:21 mysql.conf.php.example
-rw-rw-r-- 1 root http 379 Feb 6 23:33 plugins.local.php
-rw-rw-r-- 1 root http 173 Feb 6 23:21 plugins.php
-rw-rw-r-- 1 root http 552 Feb 6 23:21 plugins.required.php
-rw-rw-r-- 1 root http 105 Feb 6 23:21 scheme.conf
-rw-rw-r-- 1 root http 645 Feb 6 23:21 smileys.conf
-rw-rw-r-- 1 root http 231 Feb 6 23:42 users.auth.php
-rw-r--r-- 1 root http 153 Feb 6 23:21 users.auth.php.dist
-rw-rw-r-- 1 root http 1754 Feb 6 23:21 wordblock.conf
I'm stumped as to what I've missed or done wrong and any suggestions are welcome.