Question
Hi,
I am setting up Twiki on Win2003 so far so good, my installation didnt create a htpasswd in the twiki directory. The welcome to twiki default page loads up and i click on configure and i get a prompt for user name and password, i dont ever recall during install or setup creating this file or setting up passwords. Anyway strange enough the file i got to appear. So when i put a NT user name and password i get an internal error and looking at the log file i see this...
The system cannot find the file specified. : Could not open password file: C:/twiki/data/.htpasswd
I know the file is there i can see it in the directory c:/twiki/data/
sorry for such a newbie question but i am obviously overlooking something obvious and i cant spot it.
Help.
Environment
--
JasonOKeeffe - 25 Feb 2007
Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
I think i found my problem, for now i got it working by changing the httpd.conf file. I changed
<FilesMatch "^\.ht">
Order allow,deny
deny from all
</FilesMatch>
to
<FilesMatch "^\.ht">
Order allow,deny
Allow from all
</FilesMatch>
and it worked..
--
JasonOKeeffe - 25 Feb 2007
The "Allow from all" for the
.ht*
allows browsers to view that file, which should never be the case because this exposes the system setup to users. See
SecuringYourTWiki and
SettingFileAccessRightsLinuxUnix.
--
PeterThoeny - 25 Feb 2007
Hi Peter,
Thanks for your help, I am determined to get this setup right as i know my organisation will have hundreds of people using it if successfully if not thousands and i am taking alot of notes... i conitune to have access/permissions problems again so i started the TWiki install ( left apache, cygwin etc as them appear o.k. ) just did the TWiki install again from scratch taking my time and step by step going through
DakarOnWindows2003AndApache amonsgt the installsummary and others but i have my doughts about the file permissions. When it comes to checking if Configure works ( i copied my twiki_httpd.conf from the previous install as i had the confiure working then ) , i contiune to get the pop up box for login... my twiki_httpd.conf has;
# Password file for TWiki users
#
AuthUserFile /var/www/twiki/data/.htpasswd
AuthUserFile /twiki/data/.htpasswd
AuthName 'Enter your
WikiName: (First name and last name, no space, no dots, capitalized, e.g.
JohnSmith). Cancel to register if you do not have one.'
AuthType Basic
SetHandler cgi-script
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx
Require user administrator
Satisfy Any
the i.d. address is the one i am logging in from which is the server i am running from.
when i do get the login pop up box i put in administrator & password which i have ran passwd.exe in the bin directory to add administrator and password to the .htpasswd . But when i enter the user name and password i get internal server error contain admin and in the apache log file i have;
Could not open password file: C:/twiki/data/.htpasswd
the permission on this file from doing ls -al in cygwin are;
-rwx--------+
I also tried changing permissions to
-rwxr-xr-x
and still got the internal server error contact admin and the log file in apache says
Could not open password file: C:/twiki/data/.htpasswd
If i hit cancel at the login i am taken to the registration Twiki page, but the problem with that is when i registered i get another oermission denied after i put in the activation code...web pages says
TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.
RCS: failed to create file path: Permission denied
apache log file says...
RCS: failed to create file /twiki/data/Main/TWikiUsers.lock: Permission denied at c:/twiki/lib/TWiki/Store/RcsFile.pm line 769
my complete twiki_httpd.conf is ;
# Example httpd.conf file for TWiki.
#
# You are recommended to take a copy of this file and edit
# the paths to match your installation. Then add:
# include "/home/httpd/twiki/twiki_httpd.conf"
# to the end of your main httpd.conf file.
#
# The first parameter will be part of the URL to your installation e.g.
#
http://my.co.uk/twiki/bin/view/...
# The second parameter must point to the physical path on your disk. Be
# careful not to lose any trailing /'s.
#### Change the
second path to match your local installation
ScriptAlias /twiki/bin/ "C:/twiki/bin/"
# This defines a url that poins to the root of the twiki installation. It is
# used to access files in the pub directory (attachments etc)
# It must come
after the
ScriptAlias.
#### Change the path to match your local installation
Alias /twiki/ "c:/twiki/"
# We set an environment variable called anonymous_spider
# Setting a
BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
# You can expand this by adding more
BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
# Example:
#
BrowserMatchNoCase ^SiteSucker anonymous_spider
BrowserMatchNoCase ^$ anonymous_spider
# This specifies the options on the TWiki scripts directory. The
ExecCGI
# and
SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
#### Change the path to match your local installation
Options +ExecCGI FollowSymLinks
SetHandler cgi-script
Allow from all
# Deny from env=anonymous_spider
Options ExecCGI FollowSymLinks
SetHandler cgi-script
# Password file for TWiki users
# AuthUserFile /var/www/twiki/data/.htpasswd
AuthUserFile /twiki/data/.htpasswd
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic
# File to return on access control error (e.g. wrong password)
# By convention this is the TWikiRegistration page, that allows users
# to register with the TWiki. Apache requires this to be a local path.
ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration
# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# The configure script is designed for administrators only.
# The script itself and the information it reveals can be abused by
# attackers if not properly protected against public access.
# Replace JohnDoe with the login name of the administrator
SetHandler cgi-script
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx
Require user administrator
Satisfy Any
# When using Apache type login the following defines the TWiki scripts
# that makes Apache ask the browser to authenticate. It is correct that
# scripts such as view are not authenticated. (un-comment to activate)
require valid-user
# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons.
AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Finally all execution of PHP and other scripts is disabled.
# Note that files in pub are
not protected by TWiki Access Controls,
# so if you want to control access to files attached to topics, you may
# need to add your own .htaccess files to subdirectories of pub. See the
# Apache documentation on .htaccess for more info.
#### Change the path to match your local installation
Options FollowSymLinks +Includes
AllowOverride None
Allow from all
# If you have PHP4 or PHP5 installed make sure the directive below is enabled
# If you do not have PHP installed you will need to comment out the directory below
# to avoid errors.
# php_admin_flag engine off
#If you have PHP3 installed make sure the directive below is enabled
#php3_engine off
# This line will redefine the mime type for the most common types of scripts
# It will also deliver HTML files as if they are text files
AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi
#
# Security note: All other directories should be set so
# that they are
not visible as URLs, so we set them as
deny from all
.
#### Change the paths to match your local installation
deny from all
deny from all
deny from all
deny from all
deny from all
Any help would be greatly appricated
--
JasonOKeeffe - 26 Feb 2007
I am new to this whole area of Twiki, Apache, Perl etc... but i finally got the permissions all sorted.. and my Twiki is up and running and loveing it thanks again
--
JasonOKeeffe - 27 Feb 2007
Hi
JasonOKeeffe
It is not working for me
"""I am setting up Twiki on Win2003 so far so good, my installation didnt create a htpasswd in the twiki directory. The welcome to twiki default page loads up and i click on configure and i get a prompt for user name and password, i dont ever recall during install or setup creating this file or setting up passwords. Anyway strange enough the file i got to appear. So when i put a NT user name and password i get an internal error and looking at the log file i see this... The system cannot find the file specified. : Could not open password file: C:/twiki/data/.htpasswd ""
--
Chetan Mathapati - 2013-11-22
Chetan, this is a answered question. Best to open a new support question with details.
In any case I recommend using the
TWiki-VM on VMware on Windows. This performs better, and is also dead simple to install.
--
Peter Thoeny - 2013-11-22