Question

Hello. My problem is a bit complicated to explain and I don't know how to split it up into smaler parts, because I don't know which behaviour is a follow up of something else...

If I want to edit and save a topic,

• it either works fine (only for TWiki/WelcomeGuest)
• or I get a Topic save error (for instance: TWiki/WebHome.txt not writable), but if I say "ok", the change is done anyway, but the revision number is not increased and the save time is not changed
• or I get the oopssave page (Inproper use of the save script) no matter how many times I go back in the browser and save again. If I hit "ok", I return to the unchanged page (for instance: Main/WebHome)

All this happens without any changes of the configuration (either Apache or twiki) done in between. I think, that my problem is connected with the permissions of the files (so I attached the content of several folders (gained with ls -al command).

I can register new users, and their files get owner SYSTEM and group root. at first all twiki files are user twiki and group none, until they are changed (if possible). Then they become user SYSTEM and group root. But not all files that are owned by SYSTEM / root can be edited and saved. For instance the page of a new registered user can not.

What I did try so far is the advice given by Matt Wilkie in AnotherInsecureDirectory on how to set windows permissions in the c:\cygwin directory. But my problem is still there.

An other thing that is somehow connected: the testenv says that it is a security issue, if twiki/templates is writable by user SYSTEM, but what am I supposed to change it to?

Does anyone have a clue on where I went wrong?

Environment

-- JuditMays - 10 Feb 2005

Answer

I have no experience in a windows setup, but i am sure that it is similar to linux. So my reply refers to my experience with linux.

I believe, that your problem is related to permissiones. In linux, you have to grant the account the webserver is running in, read and write (and probaly in windows also create) permissions for the /data directory. Maybe you have to change permissions for the exsiting topic *.txt files to allow modifications via web. The revision files *.v should be created and set automagically when the permissions of the directory are set, since the www process will create them.

You als need to set proper permissions for the /pub directory, to allow attachments to be uploaded.

-- WolfgangAlper - 11 Feb 2005

This is most certainly a permissions problem. What the correct fix is, I'm not sure. I would try something like going back to the beginning, permissions wise, and start over: remove all special permissions for all users and groups. You get to special permissions by slapping the Advanced button. You'll have to uncheck the inherited box first. Then in the basic permissions dialog (which is the first one), add system, creator owner, you, and your webserver user name if not system, and give them full permissions. Then test twiki and see if that works.

-- MattWilkie - 11 Feb 2005

Following your advice, Matt, I reset permissions for the cygwin folder. The result is as follows:

• everything still works fine for TWiki/WelcomeGuest
• for most of the other pages I get the Topic save error as stated above in the question section.

This means that by resetting the permissions, at least I got rid of the oopssave page coming up

It also turns out that now all pages owned by SYSTEM can be edited and saved properly. But from the beginning all files are owned by me (twiki), not by SYSTEM. So, should I "chown" all /twiki-files to SYSTEM?

- - -

While resetting permissions I wasn't sure about some of the options given:

• would I apply the full permissions to "this folder, subfolder and files" or to "this folder only"?
• would I need to check the box: "Apply these permissions to objects and/or containers within this container only"
• would I need to check the box: "Allow inheritable permissions from parent to propagate to this object"
• would I need to check the box: "Reset permissions on all child objects and enable propagation of inheritable permissions"

I didn't check any of these boxes. I set the permissions for

• SYSTEM and twiki(that's me): "This folder, subfolder and files"
• Administrators: "This folder only"
• CREATOR OWNER: "Subfolders and files only"

Would this be the correct way to do things? Somewhere along the line, I still seem to be missing something...

-- JuditMays - 15 Feb 2005

You are in a twisty maze of passages, all alike. (with a nod to Infocom)

sorry Judit, those are all good questions but I don't know the answers.

-- MattWilkie - 17 Feb 2005

Matt, thank you very much for your efford. I truely appreciate it.

By the way, Infocom was not known to me until I googled it up. My first reaction was: "computer games??? I never played those." But actually, my first game was "the hitchhikers guide to the galaxy", long before I read the books...

-- JuditMays - 18 Feb 2005

Solution

I worked it out! happy me!

This is what I did. May be it helps others ?

• the changes to permission of the cygwin directory are enough, if you follow Matts advice given in AnnotherInsecureDirectory

after going through the steps in WindowsInstallCookbook you should do the following (in case you still have problems):

• check the TWikiInstallationGuide, especially Step 2 and Step 3.

For the Windows User there are a few changes necessary:

Step 2 of TWikiInstallationGuide:

• the '../lib' entry in the file /twiki/bin/setlib.cfg needs to be changed to 'c:/path/to/twiki/lib' (compare TWikiCfgFileNotFound2)
• the described changes to TWiki.cfg are not necessary, because they were already covered in the WindowsInstallCookbook
• do the changes for Security setup as described, preferably in the httpd.conf of Apache.

Step 3 of TWikiInstallationGuide:

• Set the file permission of all Perl scripts in the twiki/bin directory as executable to -rwxr-xr-x (755). (This is: chmod 755 filename)
• 'This Guide assumes user nobody ownership for all files manipulated by the CGI scripts' needs to be changed from user 'nobody' to user 'SYSTEM', as this is the user that was used, when doing Step 7 in the WindowsInstallCookbook ('Re-locking RCS files')
• so at the point 'Set permissions manually' exchange 'nobody' with 'SYSTEM' for the first 3 of 4 given subpoints. (The 4th is not necessary because already covered by the WindowsInstallCookbook.)

After doing all this, my save-problem is solved I hope my explanation might be usefull to some other people. Maybe some of it might be usefull if added to the WindowsInstallationCookbook ?

-- JuditMays - 18 Feb 2005

Yes, indeed. Please create a change proposal in the Codev web with your proposed changes.

-- CrawfordCurrie - 20 Feb 2005