[Moin-user] Problems stopping the spam

R.Bauer rb.proj at gmail.com
Tue Jan 25 14:31:55 EST 2011 

Am 25.01.2011 05:24, schrieb Richard Jones:
> On Tue, Jan 25, 2011 at 3:00 PM, John Hurst <john.hurst at monash.edu> wrote:
>> Make sure your up/down-stream settings are correct.  ACL scanning stops as soon as a user group matches, which may happen before your explicit settings.  Or even worse, fall through to the end, with no explicit setting.
>>
>> Check what your HelpOnAccessControlLists page says, particularly section 5.
>>
>> From what you say, I think you need to add
>>
>>  acl_rights_after = u"All:read"  (or even u"All:", i.e., no rights)
>>
>> to make sure that "All" is not overlooked.
> 
> I gave that a try just to be sure and it didn't fix the problem. For
> the record it now says:
> 
>     acl_enabled = 1
>     acl_rights_default = u"All:read"
>     acl_rights_before = u"stefan:read,write,delete,revert,admin
> DanielDiniz:read,write,delete,revert,admin
> RichardJones:read,write,delete,revert,admin"
>     acl_rights_after = u"All:read"
> 
> Even better, I've just discovered that it's just the one page (as far
> as I can tell) that is editable. The rest of the wiki is protected.
> 
> The wiki is at http://www.roundup-tracker.org/cgi-bin/moin.cgi/FrontPage
> ... the TranslationStatus page is editable by Known, but they can't
> edit anything else...
> 
> 
>      Richard
> 

Hi Richard

I copied your setup lines to my local 1.9 dev instance and I don't get
this problem

just the usual questions:
 1. is that the right wikiconfig.py you edit?, see logs, moin.cgi, or
SystemInfo (as superuser)
 2. can you show me more lines, without secrets
 3. it looks like there are also some outdated config vars in your
wikiconfig.py (acl_enabled = 1) but this did not matter now


I just created an account on your wiki and I only can edit
TranslationStatus. Others pages I tried are readonly. At least now,

4. disable superuser account, see http://moinmo.in/SecurityFixes or
better update.


cheers
Reimar







> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
> February 28th, so secure your free ArcSight Logger TODAY! 
> http://p.sf.net/sfu/arcsight-sfd2d

More information about the Moin-user mailing list