In Using Unix Groups For TWiki Security
I describe, well, Using Unix Groups For TWiki Security.
The most secure configuration is to have each "access path"
- a cgi directory full of setgid scripts -
use a different "TWiki Installation"
- a different set of TWiki scripts, twiki/pub,
and twiki webs such as twiki/data/Main.
Each TWiki installation can then be owned by the appropriate group,
and restricted in access as appropriate.
Or, the installation files might be owned by still another user or group,
and read-only access provided to most of the files,
with group readwrite access provided to the group that
this particular instalation of the twiki scripts will be running as.
This works pretty well.
It's pretty secure.
PROBLEM: it's a pain to administer,
especially if you are making changes to things
that you would like to share between installations,
such as Main web items, and so on.
I've experimented with sharing instalations via CVS,
via symlinks,
and via Different Security Levels In Same TWiki Installation,
but I think that any such shared installation has security risks.
-- AndyGlew - 15 Apr 2003
TWikiOnDebian uses shared directories for all Twiki sites on same server (IIRC). And Debian (I"ll like to think) is secure way to do things. So what is Right Thing(tm) to do? Is it Debian issue, then?
Disclaimer: I am not a security expert, or Debian expert, but like to have secure out-of-the-box Twiki distro.
-- PeterMasiar - 16 Apr 2003
I've been using Different Security Levels In Same TWiki Installation
for several months now,
using setgid scripts.
It's good enough.
It is fairly easy to break security accidentally.
Also, quite a few TWiki tools break, or are less secure than
they would be with MultipleSeparateTWikiInstallationsForSecurity.
But it's good enough for me to use now.
By the way - I don't call myself a security expert,
but I've hung around with Secure OS people,
and the odd NSA type.
Ahh, hell, I probably am a security expert.
Although my main expertise is in finding holes,
not necessarily finding all holes.
Anyway: I rather doubt that Debian's wiki is secure.
In may not allow a breakin to their server,
but I don't think they are trying to secure info
on the wiki itself very much.
-- AndyGlew - 25 Jun 2003
Topic revision: r6 - 2008-08-25 - TWikiJanitor
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.