Not logged in. · Lost password · Register
Forum: General Help and Support Server Setup RSS
Security-Access Questions, when creating a new instance of OpenCPN Dokuwiki on Github
Avatar
rgleason #1
Member since Sep 2016 · 273 posts
Group memberships: Members
Show profile · Link to this post
Subject: Security-Access Questions, when creating a new instance of OpenCPN Dokuwiki on Github
We are considering uploading the Dokuwiki files to a new repository in Github to enable streamlining Debian builds.
See this post please https://forum.dokuwiki.org/thread/16158 Request to move/copy Wiki to Github for streamlining Debian Packaging

I am unfamiliar with this process and would like to know if there is a problem with exposing login and access codes if we are doing this.
I would like to upload only "Public" pages to github and if there is something I should do to protect the admin and manager/editor logins that would be very useful to know.

Is it the exact same thing as creating a backup?  Is a backup safe insofar as security and access?

Thank you.

Leamas suggested:

Adding conf/acl.auth.php, to .gitignore should remove all ACL:s on the replicated repo if I get it right.
Likewise, adding conf/acl.auth.php, to .gitignore should remove all ACL:s on the replicated repo if I git it right.

I would do something like:

$ cd /wherever/docuwiki/data
$ echo conf/acl_auth.php > .gitignore
$ echo conf/users.auth.php  >> .gitignore
$ git add .
$ git commit -am "Initial release"
$ git ls-files    # check that acl_auth.php and users.auth.php are not listed
$ git remote add origin https://my-repo-address
$ git push --set-upstream origin master


Would this solve the security problem?  - can I just delete those files and dokuwiki will make new ones?
Now I don't think so after some reading.

I've been reading to get my head around this.
https://www.dokuwiki.org/install:permissions
https://www.dokuwiki.org/acl
https://www.dokuwiki.org/faq:regdisable

I am still unclear what to do.

1. How to have the github copy:  as everyone read, anyone edit?  -With none of the ACL passwords in it. Who is admin?
I think this would be an opensource setup.

2. How to have the github copy be read only?
This post was edited 4 times, last on 2018-08-21, 17:36 by rgleason.
Avatar
rgleason #2
Member since Sep 2016 · 273 posts
Group memberships: Members
Show profile · Link to this post
Subject: Keep everything the same on Github acl, etc. - Not open
I think if I just upload Opencpn Dokuwiki to github, as it is with ACL enabled and the users working,
the Dokuwiki will require registration process and only USERS with Passwords will be able to edit/modify.

In that case, will the Users and PW be hackable, discoverable?

How would I remove thee Users and PW completely and make this version open as in opensource?
Avatar
rgleason #3
Member since Sep 2016 · 273 posts
Group memberships: Members
Show profile · Link to this post
Subject: Users and PW will be exposed in a backup (and also an upload to a Github Repository)
Found this under the Backup section in the Dokuwiki program while backing up. It pretty much answers the question, I've got to get rid of those Users & PW before upload!

 
   If you are backing up anything confidential (e.g., private pages, or configuration files that include account passwords), you should set the backup namespace to be viewable only by administrators, or delete your backup files immediately after creating them.

Avatar
rgleason #4
Member since Sep 2016 · 273 posts
Group memberships: Members
Show profile · Link to this post
Subject: Critical files for security.
config/acl.auth.php   <--- has permissions for pages and namespaces
config/acl.auth.php.dist  <---don't know
config/users.auth.php     <---user names, hashed passwords, group access level
config/users.auth.php.dist <---don't know

Do I just delete these?  
How do I remove any non-public files?
Are there other files that need to be changed?
How about the configuration file setting it to authenticated.

What do I do with these files to make it open as in opensource?
Avatar
rgleason #5
Member since Sep 2016 · 273 posts
Group memberships: Members
Show profile · Link to this post
Decided not to do this. The files are too big anyway and Andreas suggested not to do this due to ACL etc.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-10-14, 20:57:57 (UTC +02:00)