Question

Hi,

I am setting up Twiki on Win2003 so far so good, my installation didnt create a htpasswd in the twiki directory. The welcome to twiki default page loads up and i click on configure and i get a prompt for user name and password, i dont ever recall during install or setup creating this file or setting up passwords. Anyway strange enough the file i got to appear. So when i put a NT user name and password i get an internal error and looking at the log file i see this... The system cannot find the file specified. : Could not open password file: C:/twiki/data/.htpasswd

I know the file is there i can see it in the directory c:/twiki/data/

sorry for such a newbie question but i am obviously overlooking something obvious and i cant spot it. Help.

Environment

-- JasonOKeeffe - 25 Feb 2007

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

I think i found my problem, for now i got it working by changing the httpd.conf file. I changed

<FilesMatch "^\.ht">
    Order allow,deny
    deny from all
</FilesMatch>

to

<FilesMatch "^\.ht">
    Order allow,deny
    Allow from all
</FilesMatch>

and it worked..

-- JasonOKeeffe - 25 Feb 2007

The "Allow from all" for the .ht* allows browsers to view that file, which should never be the case because this exposes the system setup to users. See SecuringYourTWiki and SettingFileAccessRightsLinuxUnix.

-- PeterThoeny - 25 Feb 2007

Hi Peter,

Thanks for your help, I am determined to get this setup right as i know my organisation will have hundreds of people using it if successfully if not thousands and i am taking alot of notes... i conitune to have access/permissions problems again so i started the TWiki install ( left apache, cygwin etc as them appear o.k. ) just did the TWiki install again from scratch taking my time and step by step going through DakarOnWindows2003AndApache amonsgt the installsummary and others but i have my doughts about the file permissions. When it comes to checking if Configure works ( i copied my twiki_httpd.conf from the previous install as i had the confiure working then ) , i contiune to get the pop up box for login... my twiki_httpd.conf has; # Password file for TWiki users # AuthUserFile /var/www/twiki/data/.htpasswd AuthUserFile /twiki/data/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic

SetHandler cgi-script Order Deny,Allow Deny from all Allow from xx.xx.xx.xx Require user administrator Satisfy Any

the i.d. address is the one i am logging in from which is the server i am running from. when i do get the login pop up box i put in administrator & password which i have ran passwd.exe in the bin directory to add administrator and password to the .htpasswd . But when i enter the user name and password i get internal server error contain admin and in the apache log file i have; Could not open password file: C:/twiki/data/.htpasswd

the permission on this file from doing ls -al in cygwin are; -rwx--------+ I also tried changing permissions to -rwxr-xr-x and still got the internal server error contact admin and the log file in apache says Could not open password file: C:/twiki/data/.htpasswd If i hit cancel at the login i am taken to the registration Twiki page, but the problem with that is when i registered i get another oermission denied after i put in the activation code...web pages says TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.

RCS: failed to create file path: Permission denied

apache log file says... RCS: failed to create file /twiki/data/Main/TWikiUsers.lock: Permission denied at c:/twiki/lib/TWiki/Store/RcsFile.pm line 769

my complete twiki_httpd.conf is ;

# Example httpd.conf file for TWiki. # # You are recommended to take a copy of this file and edit # the paths to match your installation. Then add: # include "/home/httpd/twiki/twiki_httpd.conf" # to the end of your main httpd.conf file. #

# The first parameter will be part of the URL to your installation e.g. # http://my.co.uk/twiki/bin/view/... # The second parameter must point to the physical path on your disk. Be # careful not to lose any trailing /'s.

#### Change the second path to match your local installation ScriptAlias /twiki/bin/ "C:/twiki/bin/"

# This defines a url that poins to the root of the twiki installation. It is # used to access files in the pub directory (attachments etc) # It must come after the ScriptAlias.

#### Change the path to match your local installation Alias /twiki/ "c:/twiki/"

# We set an environment variable called anonymous_spider # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # Example: # BrowserMatchNoCase ^SiteSucker anonymous_spider BrowserMatchNoCase ^$ anonymous_spider

# This specifies the options on the TWiki scripts directory. The ExecCGI # and SetHandler tell apache that it contains scripts. "Allow from all" # lets any IP address access this URL.

#### Change the path to match your local installation Options +ExecCGI FollowSymLinks SetHandler cgi-script Allow from all # Deny from env=anonymous_spider

Options ExecCGI FollowSymLinks SetHandler cgi-script

# Password file for TWiki users # AuthUserFile /var/www/twiki/data/.htpasswd AuthUserFile /twiki/data/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic

# File to return on access control error (e.g. wrong password) # By convention this is the TWikiRegistration page, that allows users # to register with the TWiki. Apache requires this to be a local path. ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration

# Limit access to configure to specific IP addresses and or users. # Make sure configure is not open to the general public. # The configure script is designed for administrators only. # The script itself and the information it reveals can be abused by # attackers if not properly protected against public access. # Replace JohnDoe with the login name of the administrator SetHandler cgi-script Order Deny,Allow Deny from all Allow from xx.xx.xx.xx Require user administrator Satisfy Any

# When using Apache type login the following defines the TWiki scripts # that makes Apache ask the browser to authenticate. It is correct that # scripts such as view are not authenticated. (un-comment to activate) require valid-user

# This sets the options on the pub directory, which contains attachments and # other files like CSS stylesheets and icons. AllowOverride None stops a # user installing a .htaccess file that overrides these options. # Finally all execution of PHP and other scripts is disabled.

# Note that files in pub are not protected by TWiki Access Controls, # so if you want to control access to files attached to topics, you may # need to add your own .htaccess files to subdirectories of pub. See the # Apache documentation on .htaccess for more info.

#### Change the path to match your local installation Options FollowSymLinks +Includes AllowOverride None Allow from all

# If you have PHP4 or PHP5 installed make sure the directive below is enabled # If you do not have PHP installed you will need to comment out the directory below # to avoid errors. # php_admin_flag engine off

#If you have PHP3 installed make sure the directive below is enabled #php3_engine off

# This line will redefine the mime type for the most common types of scripts # It will also deliver HTML files as if they are text files AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi # # Security note: All other directories should be set so # that they are not visible as URLs, so we set them as deny from all.

#### Change the paths to match your local installation deny from all

deny from all

deny from all

deny from all

deny from all

Any help would be greatly appricated

-- JasonOKeeffe - 26 Feb 2007

I am new to this whole area of Twiki, Apache, Perl etc... but i finally got the permissions all sorted.. and my Twiki is up and running and loveing it thanks again

-- JasonOKeeffe - 27 Feb 2007

• twiki_httpd.conf.txt: twiki_httpd.conf