1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
DokuWiki for Debian
-------------------
You can consult the page <http://www.dokuwiki.org/install:debian> for
more information.
Security: CVE-2016-7964
-----------------------
By default fetching external media files is disabled in
/etc/dokuwiki/dokuwiki.conf like so:
$conf['fetchsize'] = 0;
If this is enabled, DokuWiki will allow users to (try to) access
any ressources from any system that the DokuWiki server can
connect to (e.g. the internal network):
https://www.cve.org/CVERecord?id=CVE-2016-7964
Upstream considers this wontfix and recommends to guard against this
by using firewall rules:
https://github.com/splitbrain/dokuwiki/issues/1708
Security: CVE-2016-7965
-----------------------
When multiple websites are served by the same webserver that
DokuWiki is installed from, the password reset URLs can be
manipulated by an attacker to redirect users to a different
website:
https://www.cve.org/CVERecord?id=CVE-2016-7965
Upstream allows to fix this by setting the baseurl in
/etc/dokuwiki/dokuwiki.conf like so:
$conf['baseurl'] = 'https://wiki.example.org/dokuwiki';
Default password
----------------
During the package installation, you are normally asked for a wiki administrator
name and password. If you have a system on which debconf is configured to skip
even high priority questions and no password has been preseeded either,
you will not be asked, and no default wiki administrator credentials will be
set.
Please manually run 'dpkg-reconfigure -phigh dokuwiki' to set a password.
File locations
--------------
DokuWiki's installation directory is /usr/share/dokuwiki/. Some files
and directories were moved and symlinked to comply with the Debian
policy and the FHS:
* data/ is located in /var/lib/dokuwiki/;
* lib/plugins/ and lib/tpl/ are in /var/lib/dokuwiki/;
* conf/ is /etc/dokuwiki/.
A few tips for Debian's DokuWiki (last update for dokuwiki 2005-02-18a)
--------------------------------
(courtesy from Frédéric Lehobey)
Q: How to handle a local configuration file?
A: Create a file /etc/dokuwiki/local.php where you put all your
preferred values for the configuration variables like:
<?
$conf['superuser'] = '@admin';
?>
(this gives to the 'admin' group the dokuwiki superuser power). Do
not leave any empty line at the end of this file.
Q: How can I select my language for dokuwiki?
A: Put your language in 'lang' variable like with adding the following
line to /etc/dokuwiki/local.php:
$conf['lang'] = 'fr';
(available languages may by found in /usr/share/dokuwiki/lang).
Q: How to enable ACL?
A: For the 'plain' authentication type, chosen by the (default)
$conf['authtype'] = 'plain';
variable, ACL is enabled by the
$conf['useacl'] = 1;
variable.
This authentication is ruled by the /etc/dokuwiki/acl.auth, and
/etc/dokuwiki/users.auth files. You have templates of them in
/etc/dokuwiki/ with a .dist suffix appended.
Notice, that if you want to allow users to register themselves, as
$conf['openregister']= 1;
is enabled by default you must have /etc/dokuwiki/users.auth writable
by the web server. If you are using apache or apache2 with Debian a
# chown www-data /etc/dokuwiki/users.auth
should do the trick.
Notice also clear text emails are sent by dokuwiki containing the
password (used in clear text later anyways). The dokuwiki email
sender is (optionally) set by the
$conf['mailfrom'] = 'your.email@example.foo';
variable (empty default). Remember that on a standard Debian
installation, exim4 requires rewriting of the email sender through the
/etc/email-addresses mechanism which would allow dokuwiki issued mail
to go outside only with some
www-data: relevant.email@example.foo
entry in /etc/email-addresses system configuration file.
Finally notice that the (editable) /var/lib/dokuwiki/acl/users.auth.php text file
expects fields in the following order:
user:MD5password:Real Name:email@example.foo:groups,comma,separated
groups being listed _without_ the usual leading '@' for groups.
The default group for new users is chosen by
$conf['defaultgroup']= 'user';
The 'md5sum.textutils --string=password' command (from coreutils
package) may be useful.
Q: What do I have to save when moving (or backuping) dokuwiki
somewhere else?
A: According to the online documentation the files (or directories) to
be saved are:
/var/lib/dokuwiki/attic/, var/lib/dokuwiki/data,
/var/lib/dokuwiki/media, and (if any) etc/dokuwiki/local.php
and, for ACL, /var/lib/dokuwiki/acl/acl.auth.php and /var/lib/dokuwiki/acl/users.auth.php
should also be preserved.
In case of inconsistencies, .cache directories in data and media, may
have to be cleared (maybe also your browser ones).
Q: Why won't the new version update the pages?
A: Try removing the files in the cache directory
(rm -r /var/lib/dokuwiki/data/cache/*)
Stylesheet Loading
------------------
It is possible to customise the default stylesheet by creating a CSS
file in /etc/dokuwiki:
- userstyle.css makes your changes available in screen mode.
- userprint.css makes your changes available in print mode.
More information is available at
<https://www.dokuwiki.org/devel:css#user_styles>.
|
