Wednesday, March 4, 2009

installing ikiwiki

Well, I have a machine running from a 2gb pen drive. When I wanted to install a wiki, all I saw was the size needed. (Ok, I was also interested in this when I saw it can use git -- one of my new fascination -- ). This one runs fedora 10. I followed the following steps to install it. Since it took me a while to get it working, I thought I will add it here

1. Install ikiwiki using yum (Don't remember which repo was used. I have fedora, updates and rpmfusion configured and enabled)
yum install ikiwiki

2. Add a user for this wiki
useradd wiki

3. Login as that user
su - wiki

4. Setup wiki (Catch: You need gcc for this. yum install gcc if you don't have one yet). This will ask you the folder to setup your wiki and also a user to edit wiki. Answer them with whatever folder name and username that you choose. (Rest of the article assumes that you installed it in "wiki" folder)
ikiwiki -setup /etc/ikiwiki/auto.setup
5. Configure your apache (Not needed if you have already allowed user directories and permitted executable scripts in them). This will have to be done as root

5.1 Allow user directories
Look for public_html in /etc/httpd/conf/httpd.conf. Comment "UserDir disabled" and uncomment "UserDir public_html"
5.2 Allow executable files in them

Add the following to your httpd.conf

Options ExecCGI
AddHandler cgi-script cgi pl

Do not use a SetHandler. It will result in errors from httpd (When you open the directory, it will try to execute the directory itself and fail)
5.3 Save your configuration and restart httpd

service httpd restart
6. Make changes to your wiki directories (Access control changes). This will have to be done as wiki user

6.1 Make your public_html accessible to other

chmod 711 ~
chmod 755 public_html

6.2 ikiwiki does not set certain permissions correctly and it leaves the cgi file suid. Take care of them

chmod g-w public_html/wiki
chmod a-s public_html/wiki/ikiwiki.cgi

6.3 You can also use some basic http authentication if you need.

Now your wiki should be ready to be used. Go to http://localhost/wiki/wiki to start using it

7. Last but not least, if you run into trouble, keep watching the httpd logs and then perform the action that caused the problem

tail -f /var/log/httpd/*

These logs are very useful and you can use them for debugging any issues regarding apache in general.


Jon Dowland said...

Hi, I suggest you double-check the ikiwiki documentation, the cgi is *supposed* to be suid. How else is it to write out pages which are edited via the web to the filestore?

It should not set the directory to be world-writeable. I'd double check your umask (or the umask of the apache process).

Sarin said...

Hi Jon,

Thanks for your suggestions. I will check this by installing one more instance and post what I observe here. You are correct about umask which was 0002 and I was expecting 0022. But, I am having a wiki cgi that is not suid. If I make it suid, I am getting the following error when I try to edit a page.

[Fri Mar 06 16:04:47 2009] [error] [client cli4] suexec policy violation: see suexec log for more details, referer: http://srv2/~wiki/kb/
[Fri Mar 06 16:04:47 2009] [error] [client cli4] Premature end of script headers: ikiwiki.cgi, referer: http://srv2/~wiki/kb/

Since I am able to edit the pages without suid, I guess, it is better not to have it. Now, I don't know how apache manages to write as 'wiki' user! Will see that later sometime and post here.


Jon Dowland said...

Hello, it appears your apache is configured with "suexec", that is, it changes the uid of the process to match the owner of the CGI before executing it. This is essentially what the CGI actually does too - so in your case, not having the CGI suid prevents it from doing the job, but that's ok because your apache is using suexec to do it anyway. (once the priviledges are obtained, the CGI just invokes the ikiwiki perl script)