1. Install ikiwiki using yum (Don't remember which repo was used. I have fedora, updates and rpmfusion configured and enabled)
yum install ikiwiki
2. Add a user for this wiki
useradd wiki
3. Login as that user
su - wiki
4. Setup wiki (Catch: You need gcc for this. yum install gcc if you don't have one yet). This will ask you the folder to setup your wiki and also a user to edit wiki. Answer them with whatever folder name and username that you choose. (Rest of the article assumes that you installed it in "wiki" folder)
ikiwiki -setup /etc/ikiwiki/auto.setup5. Configure your apache (Not needed if you have already allowed user directories and permitted executable scripts in them). This will have to be done as root
5.1 Allow user directories
Look for public_html in /etc/httpd/conf/httpd.conf. Comment "UserDir disabled" and uncomment "UserDir public_html"5.2 Allow executable files in them
Add the following to your httpd.conf5.3 Save your configuration and restart httpd
Options ExecCGI
AddHandler cgi-script cgi pl
Do not use a SetHandler. It will result in errors from httpd (When you open the directory, it will try to execute the directory itself and fail)
service httpd restart6. Make changes to your wiki directories (Access control changes). This will have to be done as wiki user
6.1 Make your public_html accessible to other
chmod 711 ~
chmod 755 public_html
6.2 ikiwiki does not set certain permissions correctly and it leaves the cgi file suid. Take care of them
chmod g-w public_html/wiki
chmod a-s public_html/wiki/ikiwiki.cgi
6.3 You can also use some basic http authentication if you need.
Now your wiki should be ready to be used. Go to http://localhost/wiki/wiki to start using it
7. Last but not least, if you run into trouble, keep watching the httpd logs and then perform the action that caused the problem
tail -f /var/log/httpd/*
These logs are very useful and you can use them for debugging any issues regarding apache in general.
3 comments:
Hi, I suggest you double-check the ikiwiki documentation, the cgi is *supposed* to be suid. How else is it to write out pages which are edited via the web to the filestore?
It should not set the directory to be world-writeable. I'd double check your umask (or the umask of the apache process).
Hi Jon,
Thanks for your suggestions. I will check this by installing one more instance and post what I observe here. You are correct about umask which was 0002 and I was expecting 0022. But, I am having a wiki cgi that is not suid. If I make it suid, I am getting the following error when I try to edit a page.
[Fri Mar 06 16:04:47 2009] [error] [client cli4] suexec policy violation: see suexec log for more details, referer: http://srv2/~wiki/kb/
[Fri Mar 06 16:04:47 2009] [error] [client cli4] Premature end of script headers: ikiwiki.cgi, referer: http://srv2/~wiki/kb/
Since I am able to edit the pages without suid, I guess, it is better not to have it. Now, I don't know how apache manages to write as 'wiki' user! Will see that later sometime and post here.
Thanks,
Sarin
Hello, it appears your apache is configured with "suexec", that is, it changes the uid of the process to match the owner of the CGI before executing it. This is essentially what the CGI actually does too - so in your case, not having the CGI suid prevents it from doing the job, but that's ok because your apache is using suexec to do it anyway. (once the priviledges are obtained, the CGI just invokes the ikiwiki perl script)
Post a Comment