Technical resources
From TELwiki
Mediawiki blog at LeedsBlogs https://elgg.leeds.ac.uk/mediawiki/weblog/
Contents |
Getting started
Consult the User's Guide for information on using the wiki software.
Other web resources
http://kb.siteground.com/category/MediaWiki_issues.html
http://db.glug-bom.org/wiki/index.php/Setup_a_MediaWiki
http://www.mediawiki.org/wiki/Extension:Group_Based_Access_Control access control extension
http://www.mediawiki.org/wiki/Extension:Cite/Cite.php foot notes extension
http://www.mediawiki.org/wiki/Manual:%24wgGroupPermissions
http://www.mediawiki.org/wiki/Manual:User_rights
http://www.mediawiki.org/wiki/Manual:Namespace using Namespaces in Mediawiki
Site system files
http://wiki.terrywassall.net/index.php?title=MediaWiki:Sidebar edit to change content of navigation area in sidebar
Basic Configuration and Customisation
Insert in LocalSettings.php:
require that users log in to read
$wgGroupPermissions['*']['read'] = false;
require that users log in to edit
$wgGroupPermissions['*']['edit'] = false;
allow these pages for anonymous users
$wgWhitelistRead = array( "Main Page", "Special:Userlogin", "-", "MediaWiki:Monobook.css" );
Need to look at above line as I think $wgWhitelist is now obsolete and a new line does the same in localSettings.php
remove the link to the talk page for non-logged in users
$wgShowIPinHeader = false;
Create user groups
Insert in LocalSettings.php:
Create user groups
$wgGroupPermissions['Employees']['read'] = true;
$wgGroupPermissions['Customers']['read'] = true;
$wgGroupPermissions['Guests']['read'] = true;
$wgGroupPermissions['Documentation']['read'] = true;
$wgGroupPermissions[utf8_encode('Façade')]['read'] = true;
Use utf8_encode if the group name contains special characters.
These groups are already created and have special meanings for MediaWiki:
*: Any user. May be referred to as "all" in security definitions.
user: Authenticated users.
bureaucrat: Users that have user management rights. See Wikipedia:Bureaucrats.
sysop: System administrators. Perform wiki maintenance. See Wikipedia:Administrators.
bot: A software that reads or writes wiki pages.
Assign users to groups
Use the Special:Userrights page to make each user a member of the groups he should belong to. You must have bureaucrat rights for this.
Optionally, you can write a program to insert records directly into the "user_groups" table on the wiki database.
For help on assigning bureaucrat and other rights to users, see User rights and Setting user rights in MediaWiki.
Copies of blog posts
Mediawiki installation check
When you have copied all the Mediwiki files to your server the installation is completed by an installer that runs when you first open wiki in a browser. This brings up a configuraion screen where you have to enter the information about the mysql database and user you have set up. You then get a report and if all is well the installation is completed and you're in business. This worked ok for me but the confguration report had some worrying lines in it which I may need to sort out. I copy the report text here incase anyone has seen these problems before, understands them and has fixed them. Any advice would be very welcome. Worrying things are in bold.
MediaWiki 1.12.0 Installation Don't forget security updates! Keep an eye on the low-traffic release announcements mailing list.
Checking environment... Please include all of the lines below when reporting installation problems.
PHP 5.1.6 installed Found database drivers for: MySQL PostgreSQL
Warning: PHP's safe mode is active. You may have problems caused by this, particularly if using image uploads.
PHP server API is apache2handler; ok, using pretty URLs (index.php/Page_Title) Have XML / Latin1-UTF-8 conversion support.
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/terrywassall.net/subdomains/wiki/httpdocs:/tmp) in /var/www/vhosts/terrywassall.net/subdomains/wiki/httpdocs/config/index.php on line 424
Warning: Your session.save_path value (/var/lib/php/session) appears to be invalid or is not writable. PHP needs to be able to save data to this location for correct session operation.
PHP's memory_limit is 32M.
Couldn't find Turck MMCache, eAccelerator, APC or XCache; cannot use these for object caching.
GNU diff3 not found.
Found GD graphics library built-in, image thumbnailing will be enabled if you enable uploads. Installation directory: /var/www/vhosts/terrywassall.net/subdomains/wiki/httpdocs Script URI path: Installing MediaWiki with php file extensions Environment checked. You can install MediaWiki.
Changing Mediwiki access defaults
The default setting for a new Mediwiki installation is that pages can be created and edited by the public at large anonymously and that anyone can create a user account. To make the wiki secure it is neccesary to add the following lines at the end of the localSettings .php file. This will disable anonymous editing and account creation.
$wgGroupPermissions['*' ]['read'] = true; $wgGroupPermissions['*' ]['edit'] = false; $wgGroupPermissions['*' ]['createaccount'] = false;
Users will now have to be created by a Sysop. This is practical if only a small number of users is required. I have no idea if they can be created in batches.
All pages remain publically readable, unless
$wgGroupPermissions['*' ]['read'] = true;
is changed to false. This would make the entire wiki only readable to logged in users. Howeer, it is possible to specify specific pages to be publically readable, for instance you might want the Main Page to be publically readable, but I'm not sure yet how to do this.
Page by page access control in Mediawiki
I have managed to set up page by page access control on my MW installation. This requires the installation of an MW extension which can be downloaded via http://www.mediawiki.org/wiki/Extension:Group_Based_Access_Control
Once this extension is installed you can create special pages with the title Usergroup:groupname. This page must include only a bulleted list of usernames. Once this page is created the following code can be put as the first line of a page that requires restricting to that group's members:
(accesscontrol)groupname(accesscontrol) change ( and ) with < and >
More than one group can be incuded between the tags, seperated by double commas (,,). Groups can be given read only access if required with additional switches i.e (ro) for read only.
To activate the extension a couple of lines of code have to be pasted into the localSettings.php file and one of the extension php files has to have some german language lines deleted or commented out and the english language lines un-commented. I also found I had to add some lines to the localSettings.php file to disable caching. Without this what were supposed to be private pages were sometimes publically readable. I found this fix at: the http://www.mediawiki.org/wiki/Extension_talk:Group_Based_Access_Control talk page.
There are a couple issues with the access control extension.
Only sysops can edit and modify the Usergroup: pages. Any one can create one but once saved they can't get back in again if they are not a sysop. This means it is not a viable system for a large multiuser installation unless you have sysops with plenty of spare time.
This is page by page access control. Pages linked to from a restricted page are not restricted. This is a very labour intensive way of protecting a series of pages. The documentation makes it quite clear that Mediawiki is not a good system if sophisticated hierarchical protection is needed and suggests you use another wiki system if that is what is required. However, I believe there are ways of doing things in a rather more sophisticated way using Mediawiki Groups, user rights and possibly MW Name Spaces. If anyone has any ideas or experience of this I would grateful to hear about it. If anyone wants more detailed info on how I set up access control on my installation and how to use it, please ask.
