From rb.proj at gmail.com Mon Jul 2 08:44:09 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Mon, 02 Jul 2012 14:44:09 +0200 Subject: [Moin-user] cache issue In-Reply-To: <20120622201729.5ddcfa7b@arcor.com> References: <20120622083043.245dfe85@arcor.com> <20120622201729.5ddcfa7b@arcor.com> Message-ID: Am 22.06.2012 20:17, schrieb Manfred Lotz: > On Fri, 22 Jun 2012 11:00:59 +0200 > "R.Bauer" wrote: > >> On 22.06.2012 08:30, Manfred Lotz wrote: >>> Hi there, For some reason I have a moinmoin wiki locally on two >>> different laptops. As these are both my laptops I do not work on >>> both laptops the same time. I synchronize both wikis by using 3rd >>> server where I use unison to sync to in both directions. >>> >>> This works fine. However, when a wiki on a laptop gets synced the >>> cache gets out of sync. Is there anybody I can do to also sync the >>> cache, or to delete the cache after syncing. As the syncing is >>> done by a cron job the cache handling should also be done via >>> script. >>> >>> Any idea? >>> >> >> Hi >> >> you can just call >> >> moin ... maint cleancache >> moin ... maint makecache >> >> see HelpOnMoinCommand >> > > Thanks, yes this does it. > > One more question: I'm running a standalone moinmoin wiki. Do I have to > stop it when I want do delete the cache or is the standalone server > smart enough to deal with the situation? > If you stop it you don't have something in the memory cache Reimar From Sebastien.Hinderer at ens-lyon.org Mon Jul 2 13:00:40 2012 From: Sebastien.Hinderer at ens-lyon.org (=?iso-8859-1?Q?Sh=E9rab?=) Date: Mon, 2 Jul 2012 19:00:40 +0200 Subject: [Moin-user] Diffs sent by e-mail, fancy diffs... Message-ID: <20120702170039.GA7618@pema> Dear all, I'm wondering what the fancy diff feature does. I enabled it but the diffs I receive by e-mail when a page is changed are just the plain old diffs. Does it perhaps change the way the diffs are displayed on the web interface? If that's the case, what exactly does it do, please ? I'm currently using moin to work on a book. The paragraphs are not formatted, meaning that a paragraph is just one very long line. So wen I receive diffs, it is practically impossible for me to figure out where the changes have occurred. Would there be a possibility to get more readable diffs by e-mail for this kind of wiki pages, please ? Perhaps is there a way to call wdiff rather than diff ? Many thanks in advance for any hint ! Best wishes, Sherab. PS: being blind, solutions using colors are not very useful to me. From tw-public at gmx.de Tue Jul 3 12:46:50 2012 From: tw-public at gmx.de (Thomas Waldmann) Date: Tue, 03 Jul 2012 18:46:50 +0200 Subject: [Moin-user] Diffs sent by e-mail, fancy diffs... In-Reply-To: <20120702170039.GA7618@pema> References: <20120702170039.GA7618@pema> Message-ID: <1341334010.4166.5.camel@x300.localdomain> Hi Sh?rab, > I'm wondering what the fancy diff feature does. IIRC it is displaying 2 column html diffs (yellow/green) instead of a simple text diff (like on the console). > I enabled it but the > diffs I receive by e-mail when a page is changed are just the plain old > diffs. IIRC, it is only on the web. We do not send html emails, just text. > I'm currently using moin to work on a book. > The paragraphs are not formatted, meaning that a paragraph is just one > very long line. Well, the diff is just using the text data as you entered it. If you just enter all text in one line, diff will see that as one line. If that's a problem, you could hit ENTER now and then, do hard format the paragraph in the wiki markup text. The output will still be a single paragraph (it only splits paragraphs if you hit ENTER 2 times). > So wen I receive diffs, it is practically impossible for > me to figure out where the changes have occurred. Isn't there also a URL (link) in the email, so you could just view the fancy diff on the web, it should be better visible there. Cheers, Thomas From Sebastien.Hinderer at ens-lyon.org Tue Jul 3 15:49:51 2012 From: Sebastien.Hinderer at ens-lyon.org (=?iso-8859-1?Q?Sh=E9rab?=) Date: Tue, 3 Jul 2012 21:49:51 +0200 Subject: [Moin-user] Diffs sent by e-mail, fancy diffs... In-Reply-To: <1341334010.4166.5.camel@x300.localdomain> References: <20120702170039.GA7618@pema> <1341334010.4166.5.camel@x300.localdomain> Message-ID: <20120703194950.GA4479@pema> Dear Thomas, thanks a lot for your kind response ! > IIRC it is displaying 2 column html diffs (yellow/green) instead of a > simple text diff (like on the console). Okay, thanks. > > I enabled it but the > > diffs I receive by e-mail when a page is changed are just the plain old > > diffs. > > IIRC, it is only on the web. > > We do not send html emails, just text. Yes, that's the conclusion to which I arrived, too. > > I'm currently using moin to work on a book. > > The paragraphs are not formatted, meaning that a paragraph is just one > > very long line. > > Well, the diff is just using the text data as you entered it. If you > just enter all text in one line, diff will see that as one line. If > that's a problem, you could hit ENTER now and then, do hard format the > paragraph in the wiki markup text. The output will still be a single > paragraph (it only splits paragraphs if you hit ENTER 2 times). Well the other contributors use the graphical interface so I presume tey do not have much control over how the text in the wiki itself is formatted, regarding line breaks inside of paragraphs. Of course, if everybody inthe team would use text editing, we could agree on some formatitng convetnion, such as not more than 80 characters per line. That being said, een such a convention would not be that helful since just adding a word, say, may change the formatting completely and thus produce not so readable diffs, when the traditional diff is used. So, being able to use wdiff would reallybe helpful in he project e use moins for, here. > > So wen I receive diffs, it is practically impossible for > > me to figure out where the changes have occurred. > > Isn't there also a URL (link) in the email, so you could just view the > fancy diff on the web, it should be better visible there. Yes, there is a link, indeed. The point is, since I'm blind, I hardly believe the fancy diff to be really that useful to me. Cheers, Sherab. From tw-public at gmx.de Wed Jul 4 14:04:03 2012 From: tw-public at gmx.de (Thomas Waldmann) Date: Wed, 04 Jul 2012 20:04:03 +0200 Subject: [Moin-user] Diffs sent by e-mail, fancy diffs... In-Reply-To: <20120703194950.GA4479@pema> References: <20120702170039.GA7618@pema> <1341334010.4166.5.camel@x300.localdomain> <20120703194950.GA4479@pema> Message-ID: <1341425043.13014.10.camel@x300.localdomain> > being able to use wdiff would reallybe helpful in he project e use moins > for, here. Well, I'll have a look at this. It is unlikely that we will call a external binary (like wdiff) though (as this is usually a platform dependant pain), but I'll search whether it can be solved in python (painless for everybody). I personally don't use email notifications a lot, I usually read changes on the web interface (RecentChanges page, using bookmarks). I just checked the non-fancy diff and it is really not that usable for long lines, so maybe it should be worked on to improve it. No promises though, I am currently primarily working on moin2 (not 1.x), but if I find something easy and you could help us with testing it, it could be improved for everybody including blind / vision impaired people. From manfred.lotz at arcor.de Wed Jul 4 15:01:55 2012 From: manfred.lotz at arcor.de (Manfred Lotz) Date: Wed, 4 Jul 2012 21:01:55 +0200 Subject: [Moin-user] cache issue References: <20120622083043.245dfe85@arcor.com> <20120622201729.5ddcfa7b@arcor.com> Message-ID: <20120704210155.1f0dff33@arcor.com> On Mon, 02 Jul 2012 14:44:09 +0200 Reimar Bauer wrote: > Am 22.06.2012 20:17, schrieb Manfred Lotz: > > On Fri, 22 Jun 2012 11:00:59 +0200 > > "R.Bauer" wrote: > > > >> On 22.06.2012 08:30, Manfred Lotz wrote: > >>> Hi there, For some reason I have a moinmoin wiki locally on two > >>> different laptops. As these are both my laptops I do not work on > >>> both laptops the same time. I synchronize both wikis by using 3rd > >>> server where I use unison to sync to in both directions. > >>> > >>> This works fine. However, when a wiki on a laptop gets synced the > >>> cache gets out of sync. Is there anybody I can do to also sync > >>> the cache, or to delete the cache after syncing. As the syncing is > >>> done by a cron job the cache handling should also be done via > >>> script. > >>> > >>> Any idea? > >>> > >> > >> Hi > >> > >> you can just call > >> > >> moin ... maint cleancache > >> moin ... maint makecache > >> > >> see HelpOnMoinCommand > >> > > > > Thanks, yes this does it. > > > > One more question: I'm running a standalone moinmoin wiki. Do I > > have to stop it when I want do delete the cache or is the > > standalone server smart enough to deal with the situation? > > > > > If you stop it you don't have something in the memory cache > > Reimar > > Ok, I see. Thanks. -- Manfred From eisoab at gmail.com Thu Jul 5 05:55:13 2012 From: eisoab at gmail.com (Eiso AB) Date: Thu, 05 Jul 2012 11:55:13 +0200 Subject: [Moin-user] Fwd: displaying svg In-Reply-To: <4FEAF355.2040608@chem.leidenuniv.nl> References: <4FEAF355.2040608@chem.leidenuniv.nl> Message-ID: <4FF56481.2030800@gmail.com> Hi, I'm using moinmoin-1.8.9 and would like to display .svg figures. From the docs I get the impression that this should just work: {{attachment:picture.svg}} But it doesn't. I've added this to my wikiconfig.py but that makes no difference. mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', 'application/xhtml+xml',] mimetypes_embed = ['application/x-dvi', 'application/postscript', 'application/pdf', 'application/ogg', 'application/vnd.visio', 'image/x-ms-bmp', 'image/svg+xml', 'image/tiff', 'image/x-photoshop', 'audio/mpeg', 'audio/midi', 'audio/x-wav', 'video/fli', 'video/mpeg', 'video/quicktime', 'video/x-msvideo', 'chemical/x-pdb', 'x-world/x-vrml',] any ideas ? thanks, Eiso From Sebastien.Hinderer at ens-lyon.org Thu Jul 5 07:37:39 2012 From: Sebastien.Hinderer at ens-lyon.org (=?iso-8859-1?Q?Sh=E9rab?=) Date: Thu, 5 Jul 2012 13:37:39 +0200 Subject: [Moin-user] Diffs sent by e-mail, fancy diffs... In-Reply-To: <1341425043.13014.10.camel@x300.localdomain> References: <20120702170039.GA7618@pema> <1341334010.4166.5.camel@x300.localdomain> <20120703194950.GA4479@pema> <1341425043.13014.10.camel@x300.localdomain> Message-ID: <20120705113739.GA11147@pema> Dear Thomas, many thanks for your attention and your so kind response. > Well, I'll have a look at this. It is unlikely that we will call a > external binary (like wdiff) though (as this is usually a platform > dependant pain), but I'll search whether it can be solved in python > (painless for everybody). Well... it is perhaps not necessary that you spend too much time and effort on that. Indeed, I think it is possible to pipe the patches one receives by e-mail through wdiff and to compute a better diff that way. > I personally don't use email notifications a lot, I usually read changes > on the web interface (RecentChanges page, using bookmarks). I understand. I like e-mail notifications because I have nothing to do to know what's happening. It's true that this approach would probably not be very convenient on a bigger project. > I just checked the non-fancy diff and it is really not that usable for > long lines, so maybe it should be worked on to improve it. > > No promises though, I am currently primarily working on moin2 (not 1.x), > but if I find something easy and you could help us with testing it, it > could be improved for everybody including blind / vision impaired > people. I'd be happy to test whatevr solution you could come up with but as I said, it's probably not worth spending too much energy. Thanks again for your assistance ! Best wishes, Sherab. From rb.proj at gmail.com Thu Jul 5 10:03:06 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Thu, 05 Jul 2012 16:03:06 +0200 Subject: [Moin-user] Fwd: displaying svg In-Reply-To: <4FF56481.2030800@gmail.com> References: <4FEAF355.2040608@chem.leidenuniv.nl> <4FF56481.2030800@gmail.com> Message-ID: Am 05.07.2012 11:55, schrieb Eiso AB: > Hi, > > I'm using moinmoin-1.8.9 and would like to display .svg > figures. From the docs I get the impression that this > should just work: > > {{attachment:picture.svg}} > > > But it doesn't. > > I've added this to my wikiconfig.py but that makes no difference. > > mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', > 'application/xhtml+xml',] > mimetypes_embed = ['application/x-dvi', 'application/postscript', > 'application/pdf', 'application/ogg', > 'application/vnd.visio', 'image/x-ms-bmp', 'image/svg+xml', > 'image/tiff', 'image/x-photoshop', > 'audio/mpeg', 'audio/midi', 'audio/x-wav', 'video/fli', 'video/mpeg', > 'video/quicktime', > 'video/x-msvideo', 'chemical/x-pdb', 'x-world/x-vrml',] > > > any ideas ? > which browser do you try? Reimar > > thanks, > > Eiso > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > From eisoab at gmail.com Thu Jul 5 11:00:24 2012 From: eisoab at gmail.com (Eiso AB) Date: Thu, 05 Jul 2012 17:00:24 +0200 Subject: [Moin-user] Fwd: displaying svg In-Reply-To: References: <4FEAF355.2040608@chem.leidenuniv.nl> <4FF56481.2030800@gmail.com> Message-ID: <4FF5AC08.9010501@gmail.com> Reimar Bauer wrote: > Am 05.07.2012 11:55, schrieb Eiso AB: >> Hi, >> >> I'm using moinmoin-1.8.9 and would like to display .svg >> figures. From the docs I get the impression that this >> should just work: >> >> {{attachment:picture.svg}} >> >> >> But it doesn't. >> >> I've added this to my wikiconfig.py but that makes no difference. >> >> mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', >> 'application/xhtml+xml',] >> mimetypes_embed = ['application/x-dvi', 'application/postscript', >> 'application/pdf', 'application/ogg', >> 'application/vnd.visio', 'image/x-ms-bmp', 'image/svg+xml', >> 'image/tiff', 'image/x-photoshop', >> 'audio/mpeg', 'audio/midi', 'audio/x-wav', 'video/fli', 'video/mpeg', >> 'video/quicktime', >> 'video/x-msvideo', 'chemical/x-pdb', 'x-world/x-vrml',] >> >> >> any ideas ? >> > > which browser do you try? > Reimar firefox 13.0 and seamonkey 2.5 I don't think the browser is the problem because I see the svg fine in both browsers at the bottom of this page: http://moinmo.in/ScalableVectorGraphics so I suspect something with my moin setup is not good. Eiso >> >> thanks, >> >> Eiso >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Moin-user mailing list > Moin-user at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/moin-user > From rb.proj at gmail.com Sun Jul 8 07:09:38 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Sun, 08 Jul 2012 13:09:38 +0200 Subject: [Moin-user] Fwd: displaying svg In-Reply-To: <4FF5AC08.9010501@gmail.com> References: <4FEAF355.2040608@chem.leidenuniv.nl> <4FF56481.2030800@gmail.com> <4FF5AC08.9010501@gmail.com> Message-ID: Am 05.07.2012 17:00, schrieb Eiso AB: > Reimar Bauer wrote: >> Am 05.07.2012 11:55, schrieb Eiso AB: >>> Hi, >>> >>> I'm using moinmoin-1.8.9 and would like to display .svg >>> figures. From the docs I get the impression that this >>> should just work: >>> >>> {{attachment:picture.svg}} >>> >>> >>> But it doesn't. >>> >>> I've added this to my wikiconfig.py but that makes no difference. >>> >>> mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', >>> 'application/xhtml+xml',] >>> mimetypes_embed = ['application/x-dvi', 'application/postscript', >>> 'application/pdf', 'application/ogg', >>> 'application/vnd.visio', 'image/x-ms-bmp', 'image/svg+xml', >>> 'image/tiff', 'image/x-photoshop', >>> 'audio/mpeg', 'audio/midi', 'audio/x-wav', 'video/fli', 'video/mpeg', >>> 'video/quicktime', >>> 'video/x-msvideo', 'chemical/x-pdb', 'x-world/x-vrml',] >>> >>> >>> any ideas ? Having it in mimetypes_xss_protect did not help,that blocks it. The macro EmbedObject can be used if the type is in mimetypes_embed That macro is also called from the moin wiki parser. wikiconfig.py: mimetypes_embed = multiconfig.DefaultConfig.mimetypes_embed[:] wikiconfig.py: mimetypes_embed.append('image/svg+xml-compressed') wikiconfig.py: mimetypes_embed.append('image/svg+xml') cheers Reimar >>> >> >> which browser do you try? >> Reimar > > firefox 13.0 and seamonkey 2.5 > > I don't think the browser is the problem > because I see the svg fine in both browsers > at the bottom of this page: > > http://moinmo.in/ScalableVectorGraphics > > so I suspect something with my moin setup is not good. > > Eiso > >>> >>> thanks, >>> >>> Eiso >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> >> >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Moin-user mailing list >> Moin-user at lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/moin-user >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > From rb.proj at gmail.com Sun Jul 8 07:47:23 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Sun, 08 Jul 2012 13:47:23 +0200 Subject: [Moin-user] cache issue In-Reply-To: <20120622201729.5ddcfa7b@arcor.com> References: <20120622083043.245dfe85@arcor.com> <20120622201729.5ddcfa7b@arcor.com> Message-ID: Am 22.06.2012 20:17, schrieb Manfred Lotz: > On Fri, 22 Jun 2012 11:00:59 +0200 > "R.Bauer" wrote: > >> On 22.06.2012 08:30, Manfred Lotz wrote: >>> Hi there, For some reason I have a moinmoin wiki locally on two >>> different laptops. As these are both my laptops I do not work on >>> both laptops the same time. I synchronize both wikis by using 3rd >>> server where I use unison to sync to in both directions. >>> >>> This works fine. However, when a wiki on a laptop gets synced the >>> cache gets out of sync. Is there anybody I can do to also sync the >>> cache, or to delete the cache after syncing. As the syncing is >>> done by a cron job the cache handling should also be done via >>> script. >>> >>> Any idea? >>> >> >> Hi >> >> you can just call >> >> moin ... maint cleancache >> moin ... maint makecache >> >> see HelpOnMoinCommand >> > > Thanks, yes this does it. > > One more question: I'm running a standalone moinmoin wiki. Do I have to > stop it when I want do delete the cache or is the standalone server > smart enough to deal with the situation? > well you have memory and file cache. Stopping it is therefore the savest way :) Reimar From rabbit6440 at gmail.com Mon Jul 9 04:48:31 2012 From: rabbit6440 at gmail.com (=?windows-1252?Q?=8Atefan_Sakal=EDk?=) Date: Mon, 09 Jul 2012 10:48:31 +0200 Subject: [Moin-user] REMOTE_USER authentication Message-ID: <4FFA9ADF.40807@gmail.com> Hello, I want my users to be able to access https://wiki.com unauthenticated and optionally login through https://wiki.com/_login using apache authentication and REMOTE_USER variable. I have put this in apache config: AuthType Basic AuthName "auth" AuthExternal auth-db AuthBasicProvider external Require valid-user However this doesn't work because apache does not provide REMOTE_USER variable outside _login. If I comment out this code in request function in MoinMoin/auth/__init__.py, it works: # always revalidate auth if user_obj and user_obj.auth_method == self.name: user_obj = None Can you provide option always_revalidate_auth, so I can setup that in farmconfig? I guess it might cause some security issues but I use similar mechanism in trac. I'm using moinmoin 1.9.3-1ubuntu2 on ubuntu 12.04. Regards, -Stefan From Peter.Watson at mrc-cbu.cam.ac.uk Tue Jul 10 06:26:33 2012 From: Peter.Watson at mrc-cbu.cam.ac.uk (Peter Watson) Date: Tue, 10 Jul 2012 10:26:33 +0000 Subject: [Moin-user] Wiki Page corruption Message-ID: Dear all, We are using a MoinMoin wiki here which is having some of its pages corrupted. Things like the below appear in existing pages which seems to be some randomly added http addresses. Even when I delete the pages they are recreated with similar gobbledegook in them. Never had anything like this before but obviously something attacking the pages - anyone got any advice please on what we could do here as the attacks are starting to escalate. Many thanks in advance Peter 0, http://shannongroveforassembly.com/advancedsearch.php cheap amoxil, http://cmtofbartlesville.com/som.htm propecia without prescription, http://rrbuckles.com/buck16.html cialis, http://shannongroveforassembly.com/cloud.php acyclovir, http://rrbuckles.com/showcase.html tretinoin cream, http://cmtofbartlesville.com/ celexa.com, http://cmtofbartlesville.com/phpbb2/ valtrex, ________________________________ CategoryCategory --------------------------------------------------------------------- Peter Watson MRC Cognition and Brain Sciences Unit 15 Chaucer Road Cambridge CB2 7EF Direct line: +44 (0)1223 273712 Line (via reception): +44 (0)1223 355294 x801 Fax: +44 (0)1223 359062 -------------- next part -------------- An HTML attachment was scrubbed... URL: From Peter.Watson at mrc-cbu.cam.ac.uk Tue Jul 10 06:32:44 2012 From: Peter.Watson at mrc-cbu.cam.ac.uk (Peter Watson) Date: Tue, 10 Jul 2012 10:32:44 +0000 Subject: [Moin-user] Wiki Page corruption Message-ID: Dear all, We are using a MoinMoin wiki here which is having some of its pages corrupted. Things like the below appear in existing pages which seems to be some randomly added http addresses. Even when I delete the pages they are recreated with similar gobbledegook in them. Never had anything like this before but obviously something attacking the pages - anyone got any advice please on what we could do here as the attacks are starting to escalate. Many thanks in advance Peter 0, http://shannongroveforassembly.com/advancedsearch.php cheap amoxil, http://cmtofbartlesville.com/som.htm propecia without prescription, http://rrbuckles.com/buck16.html cialis, http://shannongroveforassembly.com/cloud.php acyclovir, http://rrbuckles.com/showcase.html tretinoin cream, http://cmtofbartlesville.com/ celexa.com, http://cmtofbartlesville.com/phpbb2/ valtrex, ________________________________ CategoryCategory -------------- next part -------------- An HTML attachment was scrubbed... URL: From rb.proj at gmail.com Tue Jul 10 06:46:06 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Tue, 10 Jul 2012 12:46:06 +0200 Subject: [Moin-user] Wiki Page corruption In-Reply-To: References: Message-ID: Am 10.07.2012 12:32, schrieb Peter Watson: > > > > > > > Dear all, > > > > We are using a MoinMoin wiki here which is having some of its pages > corrupted. Things like the below appear in existing pages which seems to > be some randomly added http addresses. Even when I delete the pages they > are recreated with similar gobbledegook in them. > > Never had anything like this before but obviously something attacking > the pages ? anyone got any advice please on what we could do here as the > attacks are starting to escalate. > > > > Many thanks in advance > > > > Peter > Now we have the spam also on our mailinglist :( Have you readed HelpOnSpam and for example have configured TextChas or BadContent / LocalBadContent? Which moin version is it? cheers Reimar > > _______________________________________________ > Moin-user mailing list > Moin-user at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/moin-user > From Peter.Watson at mrc-cbu.cam.ac.uk Tue Jul 10 07:49:52 2012 From: Peter.Watson at mrc-cbu.cam.ac.uk (Peter Watson) Date: Tue, 10 Jul 2012 11:49:52 +0000 Subject: [Moin-user] Wiki Page corruption In-Reply-To: References: Message-ID: Many thanks Reimar. I should point out I am not a developer but a moinmoin wiki user so am not familiar with the behind the scenes python workings but do do a lot of editing of pages! There is no common user sending the spam (the spamming users are identified by different numbers and a lot seem to come from USA). The word http is in all the spamming but we do add http links to some of our pages so wouldn't want to disable that so I am not sure BadContent would work but the TextChas sound interesting which as I understand it prompt the user with a one-answer question to authorise page saving. I have passed your suggestion onto the IT and wiki superuser here for their thoughts. I am not sure of the moinmoin version we have but we have had this since at least 2006 and it uses valid HTML 4.01 and the moinmoin link we have links to an out-of-date URL http://moinmoin.wikiwikiweb.de/ so I am guessing it is quite an old one. With best wishes Peter --------------------------------------------------------------------- Peter Watson MRC Cognition and Brain Sciences Unit 15 Chaucer Road Cambridge CB2 7EF Direct line: +44 (0)1223 273712 Line (via reception): +44 (0)1223 355294 x801 Fax: +44 (0)1223 359062 -----Original Message----- From: Reimar Bauer [mailto:rb.proj at gmail.com] Sent: 10 July 2012 11:46 To: moin-user at lists.sourceforge.net Subject: Re: [Moin-user] Wiki Page corruption Am 10.07.2012 12:32, schrieb Peter Watson: > > > > > > > Dear all, > > > > We are using a MoinMoin wiki here which is having some of its pages > corrupted. Things like the below appear in existing pages which seems > to be some randomly added http addresses. Even when I delete the pages > they are recreated with similar gobbledegook in them. > > Never had anything like this before but obviously something attacking > the pages - anyone got any advice please on what we could do here as > the attacks are starting to escalate. > > > > Many thanks in advance > > > > Peter > Now we have the spam also on our mailinglist :( Have you readed HelpOnSpam and for example have configured TextChas or BadContent / LocalBadContent? Which moin version is it? cheers Reimar > > _______________________________________________ > Moin-user mailing list > Moin-user at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/moin-user > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Moin-user mailing list Moin-user at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user From paul at boddie.org.uk Tue Jul 10 08:41:15 2012 From: paul at boddie.org.uk (Paul Boddie) Date: Tue, 10 Jul 2012 14:41:15 +0200 Subject: [Moin-user] Wiki Page corruption In-Reply-To: References: Message-ID: <201207101441.15856.paul@boddie.org.uk> On Tuesday 10 July 2012 13:49:52 Peter Watson wrote: > Many thanks Reimar. I should point out I am not a developer but a moinmoin > wiki user so am not familiar with the behind the scenes python workings but > do do a lot of editing of pages! There is no common user sending the spam > (the spamming users are identified by different numbers and a lot seem to > come from USA). The word http is in all the spamming but we do add http > links to some of our pages so wouldn't want to disable that so I am not > sure BadContent would work but the TextChas sound interesting which as I > understand it prompt the user with a one-answer question to authorise page > saving. TextChas only affect users who are not regarded as trusted, so you can avoid annoying your regular users by putting them in a special group. Meanwhile, the BadContent mechanism blacklists URLs used by spammers. Although it isn't completely effective, it will stop widely observed spam messages provided that the master list is kept up-to-date. Otherwise, you can use LocalBadContent to identify spam URLs, but this can be exhausting work. If your Wiki isn't meant to be publicly editable or has a restricted editing group, you may wish to enforce restrictions on registration and editing. Some people deploy Wikis thinking that it is somehow "against the Wiki way" to impose restrictions on editing: this is nonsense and rather irresponsible, too, given the nature of the Internet today. > I have passed your suggestion onto the IT and wiki superuser here for their > thoughts. I am not sure of the moinmoin version we have but we have had > this since at least 2006 and it uses valid HTML 4.01 and the moinmoin link > we have links to an out-of-date URL http://moinmoin.wikiwikiweb.de/ so I am > guessing it is quite an old one. I'm sure people on this list will be happy to offer any advice to you or your IT administration about securing your Wiki. I feel that MoinMoin should probably be deployed in a "hardened" state by default, which I don't think it currently is, so no-one should feel bad about asking for advice on the matter. Paul From rb.proj at gmail.com Tue Jul 10 09:37:33 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Tue, 10 Jul 2012 15:37:33 +0200 Subject: [Moin-user] Wiki Page corruption In-Reply-To: <201207101441.15856.paul@boddie.org.uk> References: <201207101441.15856.paul@boddie.org.uk> Message-ID: Hi you can get the Wikis Version by reading the page SystemInfo on your wiki. The history of all Security Fixes to the MoinMoin Wiki Software can be looked up from http://moinmo.in/SecurityFixes If you have a very old version you should hand that page also to your IT department and of course ask for upgrade then, We provide a migration script for all wiki content to a newer version. But if you have own code added in your wiki which is not yet updated, see http://moinmo.in/CategoryMarket that will need modifications too. Also we offer lots of different possibilities for Support http://moinmo.in/Support and try to help whenever possible. You are welcome cheers Reimar Am 10.07.2012 14:41, schrieb Paul Boddie: > On Tuesday 10 July 2012 13:49:52 Peter Watson wrote: >> Many thanks Reimar. I should point out I am not a developer but a moinmoin >> wiki user so am not familiar with the behind the scenes python workings but >> do do a lot of editing of pages! There is no common user sending the spam >> (the spamming users are identified by different numbers and a lot seem to >> come from USA). The word http is in all the spamming but we do add http >> links to some of our pages so wouldn't want to disable that so I am not >> sure BadContent would work but the TextChas sound interesting which as I >> understand it prompt the user with a one-answer question to authorise page >> saving. > > TextChas only affect users who are not regarded as trusted, so you can avoid > annoying your regular users by putting them in a special group. Meanwhile, > the BadContent mechanism blacklists URLs used by spammers. Although it isn't > completely effective, it will stop widely observed spam messages provided > that the master list is kept up-to-date. Otherwise, you can use > LocalBadContent to identify spam URLs, but this can be exhausting work. > > If your Wiki isn't meant to be publicly editable or has a restricted editing > group, you may wish to enforce restrictions on registration and editing. Some > people deploy Wikis thinking that it is somehow "against the Wiki way" to > impose restrictions on editing: this is nonsense and rather irresponsible, > too, given the nature of the Internet today. > >> I have passed your suggestion onto the IT and wiki superuser here for their >> thoughts. I am not sure of the moinmoin version we have but we have had >> this since at least 2006 and it uses valid HTML 4.01 and the moinmoin link >> we have links to an out-of-date URL http://moinmoin.wikiwikiweb.de/ so I am >> guessing it is quite an old one. > > I'm sure people on this list will be happy to offer any advice to you or your > IT administration about securing your Wiki. I feel that MoinMoin should > probably be deployed in a "hardened" state by default, which I don't think it > currently is, so no-one should feel bad about asking for advice on the > matter. > > Paul > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > From Peter.Watson at mrc-cbu.cam.ac.uk Tue Jul 10 11:27:58 2012 From: Peter.Watson at mrc-cbu.cam.ac.uk (Peter Watson) Date: Tue, 10 Jul 2012 15:27:58 +0000 Subject: [Moin-user] Wiki Page corruption In-Reply-To: References: <201207101441.15856.paul@boddie.org.uk> Message-ID: Many thanks one and all. Some good news...As a result of our discussions this morning our superuser had a check at the config settings and this afternoon told me that he had found a typo putting the wrong letter in the authorisation code. It had actually been set up for anyone to edit the wiki pages which he inadvertently changed during an edit of the config file some weeks ago! By changing this one letter back to what it should be he now thinks secure editing rights have been restored. So it looks like the spamming has been stopped. Phew! I have noted down all your wise words if help is needed again. It is most reassuring to know that if anything goes amiss there is help available out there, With best wishes Peter --------------------------------------------------------------------- Peter Watson MRC Cognition and Brain Sciences Unit 15 Chaucer Road Cambridge CB2 7EF Direct line: +44 (0)1223 273712 Line (via reception): +44 (0)1223 355294 x801 Fax: +44 (0)1223 359062 -----Original Message----- From: Reimar Bauer [mailto:rb.proj at gmail.com] Sent: 10 July 2012 14:38 To: moin-user at lists.sourceforge.net Subject: Re: [Moin-user] Wiki Page corruption Hi you can get the Wikis Version by reading the page SystemInfo on your wiki. The history of all Security Fixes to the MoinMoin Wiki Software can be looked up from http://moinmo.in/SecurityFixes If you have a very old version you should hand that page also to your IT department and of course ask for upgrade then, We provide a migration script for all wiki content to a newer version. But if you have own code added in your wiki which is not yet updated, see http://moinmo.in/CategoryMarket that will need modifications too. Also we offer lots of different possibilities for Support http://moinmo.in/Support and try to help whenever possible. You are welcome cheers Reimar Am 10.07.2012 14:41, schrieb Paul Boddie: > On Tuesday 10 July 2012 13:49:52 Peter Watson wrote: >> Many thanks Reimar. I should point out I am not a developer but a >> moinmoin wiki user so am not familiar with the behind the scenes >> python workings but do do a lot of editing of pages! There is no >> common user sending the spam (the spamming users are identified by >> different numbers and a lot seem to come from USA). The word http is >> in all the spamming but we do add http links to some of our pages so >> wouldn't want to disable that so I am not sure BadContent would work >> but the TextChas sound interesting which as I understand it prompt >> the user with a one-answer question to authorise page saving. > > TextChas only affect users who are not regarded as trusted, so you can > avoid annoying your regular users by putting them in a special group. > Meanwhile, the BadContent mechanism blacklists URLs used by spammers. > Although it isn't completely effective, it will stop widely observed > spam messages provided that the master list is kept up-to-date. > Otherwise, you can use LocalBadContent to identify spam URLs, but this can be exhausting work. > > If your Wiki isn't meant to be publicly editable or has a restricted > editing group, you may wish to enforce restrictions on registration > and editing. Some people deploy Wikis thinking that it is somehow > "against the Wiki way" to impose restrictions on editing: this is > nonsense and rather irresponsible, too, given the nature of the Internet today. > >> I have passed your suggestion onto the IT and wiki superuser here for >> their thoughts. I am not sure of the moinmoin version we have but we >> have had this since at least 2006 and it uses valid HTML 4.01 and the >> moinmoin link we have links to an out-of-date URL >> http://moinmoin.wikiwikiweb.de/ so I am guessing it is quite an old one. > > I'm sure people on this list will be happy to offer any advice to you > or your IT administration about securing your Wiki. I feel that > MoinMoin should probably be deployed in a "hardened" state by default, > which I don't think it currently is, so no-one should feel bad about > asking for advice on the matter. > > Paul > > ---------------------------------------------------------------------- > -------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Moin-user mailing list Moin-user at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user From bobj at soc.duke.edu Wed Jul 11 10:44:47 2012 From: bobj at soc.duke.edu (Bob Jackson) Date: Wed, 11 Jul 2012 10:44:47 -0400 (EDT) Subject: [Moin-user] Wiki migration and synchronization Message-ID: This issue pertains to Moinmoin 1.9.3. I have a wiki that I maintain on a standalone basis that needs to migrate into a wiki farm on our web server. This farm is supporting other wikis fine. Both standalone and the web server environments are using version 1.9.3. I did the setup for this wiki in the farm environment and used rsync to transfer the data directory from the standalone location into the farm location. The web server is also running 1.9.3. As I now try to access pages on the web server, the browser reports the following for any existing page: =================================== Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, root at localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. =================================== The server log reports: Premature end of script headers: moin.wsgi The wiki itself is functional. For example, when I create a test page it displays a standard screen from which I am able to login and do the edits to create and save the test page. Recent changes can be viewed, including the history of edits for pages created or modified in the standalone environment, but all of those pages produce the error described above when accessed. I then discovered that I can search for any existing page by keyword and then display it. If I make a tiny edit (such add a space somewhere) and save, it becomes viewable henceforth. Can anyone explain what is happening here and how I might avoid having to search for and modify each page? Is rsync an appropriate way to transfer the data directory? Ultimately I would like to be able to continue to maintain sync'ed standalone and networked versions of this wiki. Thanks. ______________________________________________________ Bob Jackson IT Manager Department of Sociology Duke University Phone: (919) 660-5601 From eric at tibco.com Wed Jul 11 12:49:41 2012 From: eric at tibco.com (Eric Johnson) Date: Wed, 11 Jul 2012 09:49:41 -0700 Subject: [Moin-user] Wiki migration and synchronization In-Reply-To: References: Message-ID: <4FFDAEA5.6070102@tibco.com> At a guess, I'm betting that after you run the rsync, you need to run the maintenance scripts to delete the cache, and also run the maintenance script to rebuild the search index, if you're using it. -Eric. On 7/11/12 7:44 AM, Bob Jackson wrote: > This issue pertains to Moinmoin 1.9.3. > > I have a wiki that I maintain on a standalone basis that needs to migrate > into a wiki farm on our web server. This farm is supporting other wikis > fine. Both standalone and the web server environments are using version > 1.9.3. > > I did the setup for this wiki in the farm environment and used rsync to > transfer the data directory from the standalone location into the farm > location. The web server is also running 1.9.3. > > As I now try to access pages on the web server, the browser reports the > following for any existing page: > > =================================== > Internal Server Error > > The server encountered an internal error or misconfiguration and was > unable to complete your request. > > Please contact the server administrator, root at localhost and inform them of > the time the error occurred, and anything you might have done that may > have caused the error. > > More information about this error may be available in the server error > log. > =================================== > > The server log reports: > > Premature end of script headers: moin.wsgi > > The wiki itself is functional. For example, when I create a test page it > displays a standard screen from which I am able to login and do the edits > to create and save the test page. Recent changes can be viewed, including > the history of edits for pages created or modified in the standalone > environment, but all of those pages produce the error described above when > accessed. > > I then discovered that I can search for any existing page by keyword and > then display it. If I make a tiny edit (such add a space somewhere) and > save, it becomes viewable henceforth. > > Can anyone explain what is happening here and how I might avoid having to > search for and modify each page? Is rsync an appropriate way to transfer > the data directory? Ultimately I would like to be able to continue to > maintain sync'ed standalone and networked versions of this wiki. > > Thanks. > > ______________________________________________________ > Bob Jackson > IT Manager > Department of Sociology > Duke University > Phone: (919) 660-5601 > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Moin-user mailing list > Moin-user at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/moin-user From bobj at soc.duke.edu Wed Jul 11 19:48:07 2012 From: bobj at soc.duke.edu (Bob Jackson) Date: Wed, 11 Jul 2012 19:48:07 -0400 (EDT) Subject: [Moin-user] Wiki migration and synchronization In-Reply-To: <4FFDAEA5.6070102@tibco.com> References: <4FFDAEA5.6070102@tibco.com> Message-ID: Thank you sir! Cleaning the cache was the issue, as per: ./moin --config-dir= --wiki-url= maint cleancache After this all links became functional. On Wed, 11 Jul 2012, Eric Johnson wrote: > At a guess, I'm betting that after you run the rsync, you need to run the > maintenance scripts to delete the cache, and also run the maintenance script > to rebuild the search index, if you're using it. > > -Eric. > > On 7/11/12 7:44 AM, Bob Jackson wrote: >> This issue pertains to Moinmoin 1.9.3. >> >> I have a wiki that I maintain on a standalone basis that needs to migrate >> into a wiki farm on our web server. This farm is supporting other wikis >> fine. Both standalone and the web server environments are using version >> 1.9.3. >> >> I did the setup for this wiki in the farm environment and used rsync to >> transfer the data directory from the standalone location into the farm >> location. The web server is also running 1.9.3. >> >> As I now try to access pages on the web server, the browser reports the >> following for any existing page: >> >> =================================== >> Internal Server Error >> >> The server encountered an internal error or misconfiguration and was >> unable to complete your request. >> >> Please contact the server administrator, root at localhost and inform them of >> the time the error occurred, and anything you might have done that may >> have caused the error. >> >> More information about this error may be available in the server error >> log. >> =================================== >> >> The server log reports: >> >> Premature end of script headers: moin.wsgi >> >> The wiki itself is functional. For example, when I create a test page it >> displays a standard screen from which I am able to login and do the edits >> to create and save the test page. Recent changes can be viewed, including >> the history of edits for pages created or modified in the standalone >> environment, but all of those pages produce the error described above when >> accessed. >> >> I then discovered that I can search for any existing page by keyword and >> then display it. If I make a tiny edit (such add a space somewhere) and >> save, it becomes viewable henceforth. >> >> Can anyone explain what is happening here and how I might avoid having to >> search for and modify each page? Is rsync an appropriate way to transfer >> the data directory? Ultimately I would like to be able to continue to >> maintain sync'ed standalone and networked versions of this wiki. >> >> Thanks. >> >> ______________________________________________________ >> Bob Jackson >> IT Manager >> Department of Sociology >> Duke University >> Phone: (919) 660-5601 >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Moin-user mailing list >> Moin-user at lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/moin-user > > > ______________________________________________________ Bob Jackson IT Manager Department of Sociology Duke University Phone: (919) 660-5601 From Ole.H.Nielsen at fysik.dtu.dk Fri Jul 13 07:43:44 2012 From: Ole.H.Nielsen at fysik.dtu.dk (Ole Holm Nielsen) Date: Fri, 13 Jul 2012 13:43:44 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 Message-ID: <500009F0.2090608@fysik.dtu.dk> We run Moin 1.9.4 on a RHEL 6.2 Linux server which was upgraded to RHEL 6.3. After the upgrade we saw SELinux permission errors in the Apache errorlog: python: can't open file '/var/www/wiki/cgi-bin/moin.cgi': [Errno 13] Permission denied This is an issue with SELinux (as determined by turning off SELinux). There exists a Moin HowTo http://moinmo.in/HowTo/FedoraSELinux, but it doesn't seem to help any on RHEL6 Linux. After much googling and experimentation I found the following: SOLUTION: setsebool -P httpd_enable_cgi=on chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi Comments: The first line allows CGI scripts in the first place - that's simple. The second line disables SELinux completely for the moin.cgi script, see "man httpd_selinux" (on Fedora this man-page contains more details). The SELinux context httpd_sys_script_exec_t for moin.cgi recommended elsewhere simply doesn't work on RHEL 6.3. I hope this may help others with RHEL6 Moin servers. Best regards, Ole -- Ole Holm Nielsen Department of Physics, Technical University of Denmark From tw-public at gmx.de Fri Jul 13 10:51:22 2012 From: tw-public at gmx.de (Thomas Waldmann) Date: Fri, 13 Jul 2012 16:51:22 +0200 Subject: [Moin-user] Wiki migration and synchronization In-Reply-To: References: Message-ID: <1342191082.14651.46.camel@server.firma.waldmann-edv.de> > I have a wiki that I maintain on a standalone basis that needs to migrate > into a wiki farm on our web server. Aside from the issue you already solved, there is another one: you have 2 user bases (one in your farm wiki, one in your standalone wiki). So if you just copy the data/pages from standalone into the farm, the history will lose all user names (as they point to the standalone user base). You also can not just copy the standalone user base into the farm, as this might create duplicates. Unfortunately, there is no "wiki merge" script yet that can automatically or semi-automatically deal with such stuff. From paul at boddie.org.uk Fri Jul 13 15:10:07 2012 From: paul at boddie.org.uk (Paul Boddie) Date: Fri, 13 Jul 2012 21:10:07 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <500009F0.2090608@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> Message-ID: <201207132110.07377.paul@boddie.org.uk> On Friday 13 July 2012 13:43:44 Ole Holm Nielsen wrote: > We run Moin 1.9.4 on a RHEL 6.2 Linux server which was upgraded to RHEL > 6.3. After the upgrade we saw SELinux permission errors in the Apache > errorlog: > > python: can't open file '/var/www/wiki/cgi-bin/moin.cgi': [Errno 13] > Permission denied > > This is an issue with SELinux (as determined by turning off SELinux). > There exists a Moin HowTo http://moinmo.in/HowTo/FedoraSELinux, but it > doesn't seem to help any on RHEL6 Linux. After much googling and > experimentation I found the following: > > SOLUTION: > setsebool -P httpd_enable_cgi=on > chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi I'm not sure about the setsebool option, although I didn't set up Apache in my environment that uses SELinux, but I found that I needed to give my CGI script the httpd_sys_content_t type. > Comments: > The first line allows CGI scripts in the first place - that's simple. > The second line disables SELinux completely for the moin.cgi script, see > "man httpd_selinux" (on Fedora this man-page contains more details). > The SELinux context httpd_sys_script_exec_t for moin.cgi recommended > elsewhere simply doesn't work on RHEL 6.3. > > I hope this may help others with RHEL6 Moin servers. I'm using RHEL 6.3, so the above may be the solution. I also recommend using semanage to make security context information permanent. For example: semanage fcontext -a -t httpd_sys_content_t "/.../cgi-bin/moin.cgi" If you have other files that Apache processes need to access, it may be necessary to set this type for those files. For example: semanage fcontext -a -t httpd_sys_content_t "/var/lib/moin(/.*)?" This sets the type for a /var/lib/moin directory containing any separate Wiki configuration and data. To enforce security context information according to the policies stated above, do the following: restorecon -v /.../cgi-bin/moin.cgi restorecon -R -v /var/lib/moin This should ensure that files get labelled automatically. Paul P.S. I'm not an SELinux expert and found that it is generally poorly documented, so any refinements to the above would be welcome. From rb.proj at gmail.com Mon Jul 16 13:51:59 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Mon, 16 Jul 2012 19:51:59 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <201207132110.07377.paul@boddie.org.uk> References: <500009F0.2090608@fysik.dtu.dk> <201207132110.07377.paul@boddie.org.uk> Message-ID: Just a question is there no mod_wsgi on sel linux? Or why do you use CGI? Reunar Am 13.07.2012 21:10, schrieb Paul Boddie: > On Friday 13 July 2012 13:43:44 Ole Holm Nielsen wrote: >> We run Moin 1.9.4 on a RHEL 6.2 Linux server which was upgraded to RHEL >> 6.3. After the upgrade we saw SELinux permission errors in the Apache >> errorlog: >> >> python: can't open file '/var/www/wiki/cgi-bin/moin.cgi': [Errno 13] >> Permission denied >> >> This is an issue with SELinux (as determined by turning off SELinux). >> There exists a Moin HowTo http://moinmo.in/HowTo/FedoraSELinux, but it >> doesn't seem to help any on RHEL6 Linux. After much googling and >> experimentation I found the following: >> >> SOLUTION: >> setsebool -P httpd_enable_cgi=on >> chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi > > I'm not sure about the setsebool option, although I didn't set up Apache in my > environment that uses SELinux, but I found that I needed to give my CGI > script the httpd_sys_content_t type. > >> Comments: >> The first line allows CGI scripts in the first place - that's simple. >> The second line disables SELinux completely for the moin.cgi script, see >> "man httpd_selinux" (on Fedora this man-page contains more details). >> The SELinux context httpd_sys_script_exec_t for moin.cgi recommended >> elsewhere simply doesn't work on RHEL 6.3. >> >> I hope this may help others with RHEL6 Moin servers. > > I'm using RHEL 6.3, so the above may be the solution. I also recommend using > semanage to make security context information permanent. For example: > > semanage fcontext -a -t httpd_sys_content_t "/.../cgi-bin/moin.cgi" > > If you have other files that Apache processes need to access, it may be > necessary to set this type for those files. For example: > > semanage fcontext -a -t httpd_sys_content_t "/var/lib/moin(/.*)?" > > This sets the type for a /var/lib/moin directory containing any separate Wiki > configuration and data. > > To enforce security context information according to the policies stated > above, do the following: > > restorecon -v /.../cgi-bin/moin.cgi > restorecon -R -v /var/lib/moin > > This should ensure that files get labelled automatically. > > Paul > > P.S. I'm not an SELinux expert and found that it is generally poorly > documented, so any refinements to the above would be welcome. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > From paul at boddie.org.uk Mon Jul 16 14:44:09 2012 From: paul at boddie.org.uk (Paul Boddie) Date: Mon, 16 Jul 2012 20:44:09 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: References: <500009F0.2090608@fysik.dtu.dk> <201207132110.07377.paul@boddie.org.uk> Message-ID: <201207162044.09327.paul@boddie.org.uk> On Monday 16 July 2012 19:51:59 Reimar Bauer wrote: > Just a question > > is there no mod_wsgi on sel linux? I haven't really looked at mod_wsgi on RHEL. There might be complications involved with defining a SELinux policy since I understand that mod_wsgi deploys a daemon and that kind of activity has to be explicitly enabled. I think I had to do something similar to this for PHP and MediaWiki so that Apache processes could talk to MySQL. See here for more of this kind of thing: http://selinuxproject.org/page/ApacheRecipes > Or why do you use CGI? Actually, I often use CGI because it is very easy to deploy and because I haven't bothered to set up mod_wsgi. The principal pitfall with CGI occurs with Moin 1.9 because Moin wants to serve static content itself, rather than leave it to Apache, and doing so using CGI really affects performance. A few configuration changes to use Apache for static content, just as is done with Moin 1.8, and performance is reasonable again. Some people find setting Apache up to be too much work, but defining a ScriptAlias and an Alias is pretty easy - probably easier than troubleshooting mod_wsgi if that is causing trouble - and I have my moinsetup tool to handle the "pathname calculus" that usually causes problems when configuring Apache to serve content. I do aim to use mod_wsgi a bit more, though. Paul From Ole.H.Nielsen at fysik.dtu.dk Tue Jul 17 03:12:39 2012 From: Ole.H.Nielsen at fysik.dtu.dk (Ole Holm Nielsen) Date: Tue, 17 Jul 2012 09:12:39 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <500009F0.2090608@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> Message-ID: <50051067.9080303@fysik.dtu.dk> Thanks for your advice, Paul Boddie! To answer Reimar Bauer about the use of CGI: I use it because it's simple to implement, and performance isn't an issue at present. I did look at mod_wsgi a long time ago and found it way too complex for simple usages of Moin. >> SOLUTION: >> setsebool -P httpd_enable_cgi=on >> chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi > > I'm not sure about the setsebool option, although I didn't set up Apache in my > environment that uses SELinux, but I found that I needed to give my CGI > script the httpd_sys_content_t type. That's interesting! It would be better to give moin.cgi minimal permissions. I find it really hard to get Moin to work under SELinux, and once it miraculously works, you have a hard time figuring out the minimal SELinux setup which would actually work :-( I saw the setsebool command on http://moinmo.in/HowTo/FedoraSELinux but I don't know whether it's really required. It would be great if someone would have the time to write a similar HowTo for RHEL 6.x, since I think there may be differences (the Fedora HowTo didn't work for me, but I may have made mistakes). > I'm using RHEL 6.3, so the above may be the solution. I also recommend using > semanage to make security context information permanent. For example: > > semanage fcontext -a -t httpd_sys_content_t "/.../cgi-bin/moin.cgi" The semanage command isn't installed on my RHEL 6.3 systems by default, so now I did "yum install policycoreutils-python" to add it. Reading the semanage man-page, it's not at all obvious to me what the difference between "chcon" and "semanage fcontext -a" is? > If you have other files that Apache processes need to access, it may be > necessary to set this type for those files. For example: > > semanage fcontext -a -t httpd_sys_content_t "/var/lib/moin(/.*)?" > > This sets the type for a /var/lib/moin directory containing any separate Wiki > configuration and data. > > To enforce security context information according to the policies stated > above, do the following: > > restorecon -v /.../cgi-bin/moin.cgi > restorecon -R -v /var/lib/moin > > This should ensure that files get labelled automatically. The restorecon man-page says that it sets default SELinux security contexts, whatever those may be? Yes, a deep study of SELinux is something which I never bothered to do ;-) Best regards, Ole From Ole.H.Nielsen at fysik.dtu.dk Tue Jul 17 05:12:32 2012 From: Ole.H.Nielsen at fysik.dtu.dk (Ole Holm Nielsen) Date: Tue, 17 Jul 2012 11:12:32 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <50051067.9080303@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> <50051067.9080303@fysik.dtu.dk> Message-ID: <50052C80.5070207@fysik.dtu.dk> On 07/17/2012 09:12 AM, Ole Holm Nielsen wrote: >>> SOLUTION: >>> setsebool -P httpd_enable_cgi=on >>> chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi >> >> I'm not sure about the setsebool option, although I didn't set up Apache in my >> environment that uses SELinux, but I found that I needed to give my CGI >> script the httpd_sys_content_t type. I've found out that you can view the SELinux messages by "sealert -a /var/log/audit/audit.log". This gave the following interesting information: > SELinux is preventing /usr/sbin/httpd from execute access on the file /var/www/wiki/cgi-bin/moin.cgi. > > ***** Plugin restorecon (93.9 confidence) suggests ************************* > > If you want to fix the label. > /var/www/wiki/cgi-bin/moin.cgi default label should be httpd_unconfined_script_exec_t. > Then you can run restorecon. > Do > # /sbin/restorecon -v /var/www/wiki/cgi-bin/moin.cgi So that would seem to settle the question about moin.cgi contexts, right? Regards, Ole From paul at boddie.org.uk Tue Jul 17 05:30:04 2012 From: paul at boddie.org.uk (Paul Boddie) Date: Tue, 17 Jul 2012 11:30:04 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <50051067.9080303@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> <50051067.9080303@fysik.dtu.dk> Message-ID: <201207171130.04681.paul@boddie.org.uk> On Tuesday 17 July 2012 09:12:39 Ole Holm Nielsen wrote: > Thanks for your advice, Paul Boddie! To answer Reimar Bauer about the > use of CGI: I use it because it's simple to implement, and performance > isn't an issue at present. I did look at mod_wsgi a long time ago and > found it way too complex for simple usages of Moin. I aim to take a closer look and integrate it into moinsetup. I've used systems where mod_wsgi is deployed, but I haven't deployed it myself. > >> SOLUTION: > >> setsebool -P httpd_enable_cgi=on > >> chcon -t httpd_unconfined_script_exec_t /.../cgi-bin/moin.cgi > > > > I'm not sure about the setsebool option, although I didn't set up Apache > > in my environment that uses SELinux, but I found that I needed to give my > > CGI script the httpd_sys_content_t type. > > That's interesting! It would be better to give moin.cgi minimal > permissions. I find it really hard to get Moin to work under SELinux, > and once it miraculously works, you have a hard time figuring out the > minimal SELinux setup which would actually work :-( Indeed. I had to download and unpack various policy packages to find out what they were doing, such is the absence of decent concrete documentation on the topic. > I saw the setsebool command on http://moinmo.in/HowTo/FedoraSELinux but > I don't know whether it's really required. It would be great if someone > would have the time to write a similar HowTo for RHEL 6.x, since I think > there may be differences (the Fedora HowTo didn't work for me, but I may > have made mistakes). I think it probably is. I see that httpd_enable_cgi is "on", and that I had to set httpd_can_network_connect to "on" as well, although I now wonder whether that wasn't for mod_proxy and not MySQL. > > I'm using RHEL 6.3, so the above may be the solution. I also recommend > > using semanage to make security context information permanent. For > > example: > > > > semanage fcontext -a -t httpd_sys_content_t "/.../cgi-bin/moin.cgi" > > The semanage command isn't installed on my RHEL 6.3 systems by default, > so now I did "yum install policycoreutils-python" to add it. > > Reading the semanage man-page, it's not at all obvious to me what the > difference between "chcon" and "semanage fcontext -a" is? I think semanage changes are supposed to be "permanent" so that the system remembers that the file is supposed to have the given policy. Then... > > If you have other files that Apache processes need to access, it may be > > necessary to set this type for those files. For example: > > > > semanage fcontext -a -t httpd_sys_content_t "/var/lib/moin(/.*)?" > > > > This sets the type for a /var/lib/moin directory containing any separate > > Wiki configuration and data. > > > > To enforce security context information according to the policies stated > > above, do the following: > > > > restorecon -v /.../cgi-bin/moin.cgi > > restorecon -R -v /var/lib/moin > > > > This should ensure that files get labelled automatically. > > The restorecon man-page says that it sets default SELinux security > contexts, whatever those may be? Yes, a deep study of SELinux is > something which I never bothered to do ;-) ...restorecon should be able to reset such files to the default policy as set by semanage. Otherwise, you have to remember which files you've set yourself and then chcon them all if they somehow get replaced or changed at some point. Paul From paul at boddie.org.uk Tue Jul 17 07:29:55 2012 From: paul at boddie.org.uk (Paul Boddie) Date: Tue, 17 Jul 2012 13:29:55 +0200 Subject: [Moin-user] Moin CGI script permissions on RedHat RHEL6.3 and CentOS6.3 In-Reply-To: <50052C80.5070207@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> <50051067.9080303@fysik.dtu.dk> <50052C80.5070207@fysik.dtu.dk> Message-ID: <201207171329.56083.paul@boddie.org.uk> On Tuesday 17 July 2012 11:12:32 Ole Holm Nielsen wrote: > > I've found out that you can view the SELinux messages by "sealert -a > /var/log/audit/audit.log". Yes, I haven't had to deal with this for a while, but the audit log will tell you when things go wrong for no apparent reason, such as a user getting a "permission denied" error when they clearly have sufficient normal permissions. > This gave the following interesting information: > > SELinux is preventing /usr/sbin/httpd from execute access on the file > > /var/www/wiki/cgi-bin/moin.cgi. > > > > ***** Plugin restorecon (93.9 confidence) suggests > > ************************* > > > > If you want to fix the label. > > /var/www/wiki/cgi-bin/moin.cgi default label should be > > httpd_unconfined_script_exec_t. Then you can run restorecon. > > Do > > # /sbin/restorecon -v /var/www/wiki/cgi-bin/moin.cgi > > So that would seem to settle the question about moin.cgi contexts, right? I guess so. It's possible that my installation is a bit different as I wasn't the person who set up Apache, but httpd_sys_content_t works for me. Paul P.S. The classic "not working when it should" situation is where you get a "bad interpreter" error or something similar for no apparent reason when running a Python program that has all the appropriate permissions. That's when you should check to see if the filesystem is mounted with the noexec flag - a *really* annoying situation! From tw at waldmann-edv.de Mon Jul 23 12:14:05 2012 From: tw at waldmann-edv.de (Thomas Waldmann) Date: Mon, 23 Jul 2012 18:14:05 +0200 Subject: [Moin-user] cgi vs. mod_wsgi In-Reply-To: <50051067.9080303@fysik.dtu.dk> References: <500009F0.2090608@fysik.dtu.dk> <50051067.9080303@fysik.dtu.dk> Message-ID: <1343060045.15890.18.camel@server.firma.waldmann-edv.de> On Tue, 2012-07-17 at 09:12 +0200, Ole Holm Nielsen wrote: > Thanks for your advice, Paul Boddie! To answer Reimar Bauer about the > use of CGI: I use it because it's simple to implement, and performance > isn't an issue at present. I did look at mod_wsgi a long time ago and > found it way too complex for simple usages of Moin. Well, that's strange, as I found it way more simple than CGI. :D In the dark past, at some time I also used CGI, but I often needed additional stuff to get the job done (like mod_rewrite for running stuff at root url, suexec for running stuff under different users to isolate stuff). And of course, it was really slow and eating lots of resources. mod_rewrite and suexec was a pain, due to bugs and unflexilibity. After that, I played with persistent stuff, like mod_python (ugh), twisted, fastcgi etc., but I wasn't too happy, because it really was additional setup work to manage the daemon processes and reliability also wasn't that great in the configurations I tried. mod_wsgi (daemon mode) solves ALL that with 2 lines of configuration (see the sample moin.wsgi we provide) and has been a reliable and fast tool for me in the past years (on Debian). Note: RHEL/CENTOS 5 had bad/too old support for python stuff, including not providing mod_wsgi. So, if you mean that with "too complex" (to compile and setup all the stuff on your own, I agree, but that is a RHEL5/CENTOS5 specific issue). Another important note I want to give is to never ever use mod_python or even just have it loaded/installed. It is dead since years, smells and only makes trouble, so best is to deinstall it completely. From ndw at nwalsh.com Tue Jul 24 10:12:01 2012 From: ndw at nwalsh.com (Norman Walsh) Date: Tue, 24 Jul 2012 09:12:01 -0500 Subject: [Moin-user] Moving a moin wiki Message-ID: Hi folks, I need to move wiki.docbook.org moin wiki to another machine. I tested my ability to do this with a VM locally and it all worked fine. But when I try to set it up on the the actual other machine, attempting to access the wiki home page in the browser produces the following error log: [Tue Jul 24 13:52:08 2012] [error] 2012-07-24 13:52:08,245 WARNING MoinMoin.log:139 using logging configuration read from built-in fallback in MoinMoin.log module! [Tue Jul 24 13:52:08 2012] [error] 2012-07-24 13:52:08,420 INFO MoinMoin.config.multiconfig:127 using wiki config: /var/docbookwiki/wiki/wikiconfig.py [Tue Jul 24 13:52:08 2012] [error] [client 127.0.0.1] Premature end of script headers: moin.wsgi The only difference (AFAICT) is that the VM was using Python 2.7 and the real machine is using 2.6. I've attached the config files. Some further digging in the Apache error log reveals [Tue Jul 24 14:10:56 2012] [notice] child pid 16073 exit signal Segmentation fault (11) but I don't know if that's a cause or effect of the problem. Can anyone see what I've done wrong or suggest a way to debug the problem? This is Moin 1.9.2, btw. And I installed it with python setup.py install --force --record=install.log on both the machines in question. -------------- next part -------------- A non-text attachment was scrubbed... Name: moin.wsgi Type: application/octet-stream Size: 1922 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: wikiconfig.py Type: application/octet-stream Size: 6521 bytes Desc: not available URL: -------------- next part -------------- Be seeing you, norm -- Norman Walsh | It is so comic to hear oneself called http://nwalsh.com/ | old, even at ninety I suppose.--Alice | James -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From rb.proj at gmail.com Wed Jul 25 04:06:21 2012 From: rb.proj at gmail.com (Reimar Bauer) Date: Wed, 25 Jul 2012 10:06:21 +0200 Subject: [Moin-user] Moving a moin wiki In-Reply-To: References: Message-ID: Am 24.07.2012 16:12, schrieb Norman Walsh: > Hi folks, > > I need to move wiki.docbook.org moin wiki to another machine. I tested > my ability to do this with a VM locally and it all worked fine. But > when I try to set it up on the the actual other machine, attempting > to access the wiki home page in the browser produces the following > error log: > > [Tue Jul 24 13:52:08 2012] [error] 2012-07-24 13:52:08,245 WARNING MoinMoin.log:139 using logging configuration read from built-in fallback in MoinMoin.log module! > [Tue Jul 24 13:52:08 2012] [error] 2012-07-24 13:52:08,420 INFO MoinMoin.config.multiconfig:127 using wiki config: /var/docbookwiki/wiki/wikiconfig.py > [Tue Jul 24 13:52:08 2012] [error] [client 127.0.0.1] Premature end of script headers: moin.wsgi > > The only difference (AFAICT) is that the VM was using Python 2.7 and the > real machine is using 2.6. I've attached the config files. Hi because it is 1.9.2 and python 2.7 (1.9.2 released 2010-02-28) you need some fixes of moin for that "newer" python release, see http://hg.moinmo.in/moin/1.9/log?rev=2.7 or just use the 1.9.4 moin release (2012-02-07) http://hg.moinmo.in/moin/1.9/file/fc11712e0df0/docs/CHANGES You also should run moin .. maint cleancache if you haven't already because the byte compiled cache files of python 2.6 for the wiki pages won't load into 2.7 too Reimar > > Some further digging in the Apache error log reveals > > [Tue Jul 24 14:10:56 2012] [notice] child pid 16073 exit signal Segmentation fault (11) > > but I don't know if that's a cause or effect of the problem. > > Can anyone see what I've done wrong or suggest a way to debug the > problem? > > This is Moin 1.9.2, btw. And I installed it with > > python setup.py install --force --record=install.log > > on both the machines in question. > > > > > Be seeing you, > norm > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Moin-user mailing list > Moin-user at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/moin-user >