Media Wiki Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 47: Line 47:


The first administrator of the site is configured during the [[Media_Wiki_Installation#Administrator|wiki initialization procedure]], where the username of the administrator is requested. Spaces are accepted ("John Doe"). The configuration procure will automatically capitalize the first character.
The first administrator of the site is configured during the [[Media_Wiki_Installation#Administrator|wiki initialization procedure]], where the username of the administrator is requested. Spaces are accepted ("John Doe"). The configuration procure will automatically capitalize the first character.
===Administrator Account Email Address===
==User Operations==
==User Operations==
{{Internal|Media_Wiki_Operations#User_Operations|User Operations}}
{{Internal|Media_Wiki_Operations#User_Operations|User Operations}}


==Administrator Account Email Address==
=Group=
=Group=
==<tt>sysop</tt>==
==<tt>sysop</tt>==
The [[#User|users]] that are members of the <code>sysop</code> group have site administration privileges.
The [[#User|users]] that are members of the <code>sysop</code> group have site administration privileges.

Revision as of 03:11, 30 December 2023

External

Internal

Overview

User Rights Profile

https://www.mediawiki.org/wiki/Manual:User_rights

Open wiki

The Open wiki model allows anyone to edit, without even logging in.

Account creation required

A wiki with "Account creation required" provides extra accountability, but may deter casual contributors.

Authorized editors only

The "Authorized editors only" scenario allows approved users to edit, but the public can view the pages, including history.

Private wiki

A "Private wiki" only allows approved users to view pages, with the same group allowed to edit. A user that does not authenticate is not allowed to access anything on the server.

Reading

Disable reading by anonymous users:

$wgGroupPermissions['*']['read'] = false;

To allow anonymous users access to the login page:

$wgWhitelistRead = array ("Special:Userlogin");

Editing

Controlled by LocalSettings.php. To disable anonymous editing:

$wgGroupPermissions['*']['edit'] = false;

Account Creation

Controlled by LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = false;

This prevents account creation by anyone (logged in or not), except by sysops.

User

The Media Wiki users, including administrators are maintained in the database in the user table.

Administrator

A user becomes an administrator by being included in to the sysop. The association is maintained in the user_groups table.

The first administrator of the site is configured during the wiki initialization procedure, where the username of the administrator is requested. Spaces are accepted ("John Doe"). The configuration procure will automatically capitalize the first character.

Administrator Account Email Address

User Operations

User Operations

Group

sysop

The users that are members of the sysop group have site administration privileges.