Media Wiki Security Concepts: Difference between revisions
| (19 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=External= | =External= | ||
* https://www.mediawiki.org/wiki/Manual:Security | * https://www.mediawiki.org/wiki/Manual:Security | ||
* https://www.mediawiki.org/wiki/Manual:Preventing_access | * https://www.mediawiki.org/wiki/Manual:Preventing_access | ||
=Internal= | =Internal= | ||
* [[Media Wiki Concepts#Security|MediaWiki Concepts]] | * [[Media Wiki Concepts#Security|MediaWiki Concepts]] | ||
=Overview= | =Overview= | ||
=User Rights Profile= | =User Rights Profile= | ||
{{External|https://www.mediawiki.org/wiki/Manual:User_rights}} | {{External|https://www.mediawiki.org/wiki/Manual:User_rights}} | ||
| Line 19: | Line 13: | ||
==Authorized editors only== | ==Authorized editors only== | ||
The "Authorized editors only" scenario allows approved users to edit, but the public can view the pages, including history. | The "Authorized editors only" scenario allows approved users to edit, but the public can view the pages, including history. | ||
Configuration: | |||
<syntaxhighlight lang='php'> | |||
$wgGroupPermissions['*']['createaccount'] = false; | |||
$wgGroupPermissions['*']['edit'] = false; | |||
$wgGroupPermissions['*']['read'] = true; | |||
</syntaxhighlight> | |||
==Private wiki== | ==Private wiki== | ||
A "Private wiki" only allows approved users to view pages, with the same group allowed to edit. A user that does not authenticate is not allowed to access anything on the server. | A "Private wiki" only allows approved users to view pages, with the same group allowed to edit. A user that does not authenticate is not allowed to access anything on the server. | ||
Configuration: | |||
<syntaxhighlight lang='php'> | |||
$wgGroupPermissions['*']['createaccount'] = false; | |||
$wgGroupPermissions['*']['edit'] = false; | |||
$wgGroupPermissions['*']['read'] = false; | |||
</syntaxhighlight> | |||
=Reading= | =Reading= | ||
Disable reading by anonymous users: | Disable reading by anonymous users: | ||
<syntaxhighlight lang='php'> | |||
$wgGroupPermissions['*']['read'] = false; | |||
</syntaxhighlight> | |||
To allow anonymous users access to the login page: | To allow anonymous users access to the login page: | ||
<syntaxhighlight lang='php'> | |||
$wgWhitelistRead = array ("Special:Userlogin"); | |||
</syntaxhighlight> | |||
=Editing= | |||
Controlled by <code>[[Media_Wiki_Concepts#LocalSettings.php|LocalSettings.php]]</code>. To disable anonymous editing: | |||
<syntaxhighlight lang='php'> | |||
$wgGroupPermissions['*']['edit'] = false; | |||
</syntaxhighlight> | |||
= | =Account Creation= | ||
Controlled by <code>[[Media_Wiki_Concepts#LocalSettings.php|LocalSettings.php]]</code>: | |||
<syntaxhighlight lang='php'> | |||
$wgGroupPermissions['*']['createaccount'] = false; | |||
</syntaxhighlight> | |||
This prevents account creation by anyone (logged in or not), except by [[#sysop|sysops]]. | |||
= | =User= | ||
The Media Wiki users, including [[#Administrator|administrators]] are maintained in the database in the <code>user</code> table. | |||
==<span id='#Administrator_Account'></span>Administrator== | |||
A user becomes an administrator by being included in to the <code>[[#sysop|sysop]]</code>. The association is maintained in the <code>user_groups</code> table. | |||
The first administrator of the site is configured during the [[Media_Wiki_Installation#Administrator|wiki initialization procedure]], where the username of the administrator is requested. Spaces are accepted ("John Doe"). The configuration procure will automatically capitalize the first character. | |||
===Administrator Account Email Address=== | |||
==User Operations== | |||
{{Internal|Media_Wiki_Operations#User_Operations|User Operations}} | |||
=Group= | |||
==<tt>sysop</tt>== | |||
The [[#User|users]] that are members of the <code>sysop</code> group have site administration privileges. | |||
Latest revision as of 00:44, 1 January 2024
External
- https://www.mediawiki.org/wiki/Manual:Security
- https://www.mediawiki.org/wiki/Manual:Preventing_access
Internal
Overview
User Rights Profile
Open wiki
The Open wiki model allows anyone to edit, without even logging in.
Account creation required
A wiki with "Account creation required" provides extra accountability, but may deter casual contributors.
Authorized editors only
The "Authorized editors only" scenario allows approved users to edit, but the public can view the pages, including history.
Configuration:
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = true;
Private wiki
A "Private wiki" only allows approved users to view pages, with the same group allowed to edit. A user that does not authenticate is not allowed to access anything on the server. Configuration:
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
Reading
Disable reading by anonymous users:
$wgGroupPermissions['*']['read'] = false;
To allow anonymous users access to the login page:
$wgWhitelistRead = array ("Special:Userlogin");
Editing
Controlled by LocalSettings.php. To disable anonymous editing:
$wgGroupPermissions['*']['edit'] = false;
Account Creation
Controlled by LocalSettings.php:
$wgGroupPermissions['*']['createaccount'] = false;
This prevents account creation by anyone (logged in or not), except by sysops.
User
The Media Wiki users, including administrators are maintained in the database in the user table.
Administrator
A user becomes an administrator by being included in to the sysop. The association is maintained in the user_groups table.
The first administrator of the site is configured during the wiki initialization procedure, where the username of the administrator is requested. Spaces are accepted ("John Doe"). The configuration procure will automatically capitalize the first character.
Administrator Account Email Address
User Operations
Group
sysop
The users that are members of the sysop group have site administration privileges.