Question

This is a new install. It is on an ISP machine and I only have ftp access.

Everything I have tried works ok except that I cannot save TWikiPreferences or WebPreferences. I've tried it with the TWiki web and the Main web.

I get some kind of access or missing page error. It isn't a 404. But I don't have access to the httpd logs, so I don't really know what the specific error number is.

I have gone through the file permissions under data and pub and done a chmod -R o+w on everything under those two.

I am able to edit other stuff in the TWiki and Main webs, just not the Preferences pages. Very strange. Is there something I should be looking for in addition to the file permissions?

Testenv script seems to be happy.

My directory structure:

$HOME/twiki/data
$HOME/twiki/templates
$HOME/public_html/twiki/pub
$HOME/public_html/twiki/lib
$HOME/public_html/twiki/bin

Environment

-- ChrisHoward - 11 Dec 2005

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Try DakarRelease - the diagnostics are better.

-- MartinCleaver - 11 Dec 2005

I do not think that this is a Cairo vs Dakar question.

Chris:

• Could you post the exact error message you get.
• Do you get the error at topic save time?
• Check file permissions.
• Check RCS lock user in .txt,v file.
• Do you have permission to edit those topics? There might be a configuration issue with the oops error messages.
• Also, TWikiDebugging might give you some more ideas where to look.

-- PeterThoeny - 12 Dec 2005

The error happens when I push 'save' from the edit page.

The error message I get is:

You have triggered a security violation, which has been reported. If you feel you have reached this message in error, please contact support@frii.com.

It looks like it comes from my ISP's webserver directly, not from TWiki (?) The RCS files have the original timestamp as when I installed. The ,v file says:

head   1.73;
access;
symbols;
locks
   nobody:1.73; strict;
comment   @# @;
...

.                         yipyap  user   drwxrwxrwx
TWikiPreferences.txt,v    yipyap  user   -r--r--rw-
TWikiPreferences.txt      yipyap  user   -rw-r--rw-

(I'm looking at $HOME/twiki/data/TWiki/TWikiPreferences* is that the right ones?)

Maybe something failing in the save script?

I'm going see if my ISP support guys can let me peek at the Apache error log.

-- ChrisHoward - 15 Dec 2005

This error message is from the ISP.

It is kind of hard to diagnose without more info. Please read the SupportGuidelines and post the testenv output.

• Make sure the files are locked by your cgi user. TWikiInstallationNotes has more.
• Make sure $HOME/twiki/data and $HOME/public_html/twiki/pub and all its subdirectories and files are writable by the cgi user.

For security I'd move the directories to this structure:

$HOME/twiki/data
$HOME/twiki/templates
$HOME/twiki/lib
$HOME/public_html/twiki/pub
$HOME/public_html/twiki/bin

-- PeterThoeny - 15 Dec 2005

I moved the lib directory as you suggested. Thanks!

I downloaded the latest testenv and ran it:

Test the environment for TWiki
Please read the TWikiInstallationNotes for more information on TWiki installation.
Environment variables:
DOCUMENT_ROOT   /u/vp/users.frii.com/www
GATEWAY_INTERFACE   CGI/1.1
HTTP_ACCEPT   text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET   ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING   gzip,deflate
HTTP_ACCEPT_LANGUAGE   en-us,en;q=0.5
HTTP_CACHE_CONTROL   max-age=0
HTTP_CONNECTION   keep-alive
HTTP_HOST   users.frii.com
HTTP_KEEP_ALIVE   300
HTTP_USER_AGENT   Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7
PATH   /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin
QUERY_STRING   
REMOTE_ADDR   216.17.140.106
REMOTE_PORT   40965
REQUEST_METHOD   GET
REQUEST_URI   /yipyap/twiki/bin/testenv
SCRIPT_FILENAME   /u/yipyap/public_html/twiki/bin/testenv
SCRIPT_NAME   /~yipyap/twiki/bin/testenv
SCRIPT_URI   http://users.frii.com/yipyap/twiki/bin/testenv
SCRIPT_URL   /yipyap/twiki/bin/testenv
SERVER_ADDR   216.17.184.34
SERVER_ADMIN   webmaster@frii.com
SERVER_NAME   users.frii.com
SERVER_PORT   80
SERVER_PROTOCOL   HTTP/1.1
SERVER_SIGNATURE   
SERVER_SOFTWARE   Apache
UNIQUE_ID   Q6I8BdgRgEEAAErmjf4
CGI Setup:
Operating system:   Unix (freebsd)
Perl version:   5.8.2
@INC library path:   /u/yipyap/twiki/lib/TWiki
/u/yipyap/twiki/lib
/usr/local/lib/perl5/5.8.2/i386-freebsd
/usr/local/lib/perl5/5.8.2
/usr/local/lib/perl5/site_perl/5.8.2/i386-freebsd
/usr/local/lib/perl5/site_perl/5.8.2
/usr/local/lib/perl5/site_perl
.
   Note: This is the Perl library path, used to load TWiki modules, third-party modules used by some plugins, and Perl built-in modules.
TWiki module in @INC path:   
   OK, TWiki.pm found (TWiki version: 04 Sep 2004 $Rev: 1742 $)
Required Perl modules:   
   CGI (3.05)
   CGI::Carp (1.28)
   File::Copy (2.06)
   File::Spec (0.87)
   FileHandle (2.01)
Optional Perl modules:   
   Algorithm::Diff (1.02)
   MIME::Base64 (3.01)
   POSIX (1.06)
   Encode (2.00)
   Note: Optional module 'Unicode::MapUTF8' not installed - check TWiki documentation to see if your configuration needs this module.
   Unicode::Map (0.112)
   Note: Optional module 'Unicode::Map8' not installed - check TWiki documentation to see if your configuration needs this module.
   Jcode (0.83)
   Digest::MD5 (2.33)
   Digest::SHA1 (2.10)
   MIME::Base64 (3.01)
   Net::SMTP (2.28)
PATH_INFO:   
   Note: For a URL such as http://users.frii.com/yipyap/twiki/bin/testenv/foo/bar, the correct PATH_INFO is /foo/bar, without any prefixed path components. Test this now - particularly if you are using mod_perl, Apache or IIS, or are using a web hosting provider. The page resulting from the test link should have a PATH_INFO of /foo/bar.
mod_perl:   Not used for this script (mod_perl not loaded into Apache)
User:   nobody
   Note: Your CGI scripts are executing as this user.
   Fix: If needed, relock all the rcs files to user nobody
Group(s):   nobody httpd vp www ftp nobody nobody
Test of TWiki.cfg Configuration:
$defaultUrlHost:   http://users.frii.com/yipyap/
   Note: This must match the protocol and host part (with optional port number) of the TWiki URL.
$scriptUrlPath:   /yipyap/twiki/bin
   Note: This must match the 'cgi-bin' part of the URL used to access the TWiki cgi-bin directory.
$pubUrlPath:   /yipyap/twiki/pub
   Note: This must be the URL of the public directory.This is not set correctly if the /yipyap/twiki/pub/wikiHome.gif image below is broken:
$pubDir:   /u/yipyap/public_html/twiki/pub
   Note: This is the public directory, as seen from the file system. It must correspond to $pubUrlPath.
$templateDir:   /u/yipyap/twiki/templates
   Note: This is the TWiki template directory, as seen from the file system.
$dataDir:   /u/yipyap/twiki/data
   Note: This is the data directory where TWiki stores all topics.
$mailProgram:   /usr/sbin/sendmail -t -oi -oeq
   Note: This is the mail program TWiki uses to send mail.
$rcsDir:   /usr/bin
   Note: This is the directory where RCS is located.
RCS Version:   5.7
   Note: This is the version of RCS which will be used.
$lsCmd:   /bin/ls
   Note: This is the file list program TWiki uses to list topics.
$egrepCmd:   /usr/bin/egrep
   Note: This is a program TWiki uses for search.
$fgrepCmd:   /usr/bin/fgrep
   Note: This is a program TWiki uses for search.
$safeEnvPath:   /bin:/usr/bin
   Note: This is used to initialise the PATH variable, and is used to run the 'diff' program used by RCS, as well as to run shell programs such as Bourne shell or 'bash'.
Path and Shell Environment
Original PATH:   /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin
   Note: This is the PATH value passed in from the web server to this script - it is reset by TWiki scripts to the PATH below, and is provided here for comparison purposes only.
Current PATH:   /bin:/usr/bin
   Note: This is the actual PATH setting that will be used by Perl to run programs. It is normally identical to $safeEnvPath, unless that variable is empty.
diff:   GNU diff was found on the PATH - this is the recommended diff tool.
   Note: The 'diff' command is used by RCS to compare files.
User Authentication
htpasswd Format Family:   htpasswd
htpasswd Encoding:   crypt
htpasswd Filename:   /u/yipyap/twiki/data/.htpasswd
   Note: only some combinations of Format, Encoding and Filename are valid, and fewer are tested

Your cgi user is nobody. The RCS files are locked by nobody, so that is fine. However, your data and pub directories and files within are owned by yipyap. You need to change that recursively to user nobody. Ask your ISP's support in case you do not have root access.

-- PeterThoeny - 16 Dec 2005

Yes, I cannot figure out how to do chown via ftp. So, I changed data and pub to be read/write/executable by 'other' (chmod -R o+w). I can edit pages other than TWikiPreferences just fine.

I don't mean to be argumentative... but I thought that would cover it.

I'll see if I can find a way to change ownership to nobody. Also, I'm waiting to hear back from ISP support about the apache error log.

-- ChrisHoward - 16 Dec 2005

Here is the reply I just received from my ISP. I don't understand it. My scripts are already on the server via FTP. Does the send script attempt to do some file transfer or something? Do you have any suggestions on how I should respond to this?

Hello Chris,

Our security filter is rejecting the upload of your executable script, generating the error that you received. I would suggest trying to upload the executable via ftp instead. Should this not be possible, please let us know and we may be able to briefly open up a window to allow you to run that cgi perl program.

Please let us know if we may be of further assistance,

Thank you,

-- Jesse E - Customer Support

I want to re-iterate: everything works fine for 99% of the pages. So far the only ones I cannot edit are TWikiPreferences and WebPreferences. It is not a generic edit/save problem. At least, I don't think it is.

-- ChrisHoward - 16 Dec 2005

New info from the ISP:

Hello Chris,

This is what I have found out from our developers:

In our log notes we can see that program was trying to save something with perl in it. Our security program was suspicious that it was trying to write executable code to disk.

I have spoken with them about the possibility of making an exception in this case but, unfortunately that is just not feasible. I would recommend continuing in the direction of querying the twiki community to see if anyone else has encountered this problem.

Thank you,

Any ideas? I'm thinking maybe I will just have to edit the preferences offline and send them up via ftp.

-- ChrisHoward - 19 Dec 2005

I am sorry, but I do not know how to fix that. It seems over restrictive to prevent saving the preferences topic. If all other topics are fine I suggest to use FTP as a workaround just for the preferences topics.

-- PeterThoeny - 04 Feb 2006