"MediaWiki is a free software wiki package originally written for Wikipedia. It is now used by several other projects of the non-profit Wikimedia Foundation and by many other wikis." I use it for one of my classes, simply because I am trying to introduce new technology that students are familiar with into the classroom. In general, a wiki can be edited by anyone — however, in my case, I only want the wiki to be edited by my students. To circumvent this problem, many Wiki's are setup so that you can only edit a page if you have logged in. Even so, this still does not preclude an unknown person from registering, logging in, and editing the pages. As a result, I setup my Wiki to include security contexts and groups, meaning that if a user does not have the proper permissions to edit the page, the page cannot be edited. Period.
Installation of MediaWiki requires first heading getting Apache, PHP, and MySQL running. I also find it useful to have phpMyAdmin installed as well. See the appropriate pages if you need help. I also strongly recommend reading over the Installation Guide on MediaWiki's web site.
Assuming that you have the appropriate software installed and configured, head over to their website:
Click on the Downloads from SVN link at the left, followed by the mediawiki-1.9.1.tar.gz link on the right, which is the current version of the software (at the time of this writing). Once the file downloads, move the source tarball to the /var/www/html directory:
~>
sudo mv ~/Desktop/mediawiki-1.9.1.tar.gz /var/www/html/.
Change into the /var/www/html
directory: ~>
cd /var/www/html
and decompress the source: ~>
sudo tar vfzx mediawiki-1.9.1.tar.gz
Once the package has been
decompressed, delete the source file, and move the mediawiki-1.9.1
directory to mediawiki. ~>
sudo rm mediawiki-1.9.1.tar.gz
~> sudo mv mediawiki-1.8.1 mediawiki
Before changing into the
directory, we need to set the security context and change the ownership:~> sudo mv mediawiki-1.8.1 mediawiki
~>
sudo chcon -R system_u:object_r:httpd_sys_content_t mediawiki
~> sudo chown -R apache.apache mediawiki
In this case, we want Apache to have control over
the directory so that we can upload files to the Wiki. Then change into
the directory
and make the config
directory writable by all:~> sudo chown -R apache.apache mediawiki
~>
cd mediawiki
~> sudo chmod go+w config
Next, open up Firefox and go
to:~> sudo chmod go+w config
http://[host].[domain].[name]/mediawiki/
Click
on the set up the
wiki link. If everything is setup properly, you should see
a
green bullet point that says "Environment
checked. You can
install MediaWiki". Scroll down to Wiki
name and type the Wiki
name for your site. My Wiki name is "Professor Kriehn".
Verify the contact e-mail address, the language, and click on the
appropriate copyright license that you want to use. Choose an
Admin
username (in this case, I have changed "WikiSysop" to
another
username), and type in the Password
for your Admin
user. Since I
am maintaining a small Wiki, I do not have Shared
memory caching
enabled. After this, click on the appropriate e-mail
authentication options.Under Database config, click on the MySQL button. The Database host is "localhost", and choose and appropriate Database name (in this case, I have changed it to "mediawiki"). Pick an appropriate DB username ("mediawiki" is fine), and choose a DB password. Since we have not created the database ahead of time, click on the User superuser account option, and type in the superuser password. Finally, type "mw_" for the Database table prefix. Then click Install MediaWiki.
After MediaWiki installs, you should see another green bullet point that says "Installation successful!" We now need to move the config/LocalSettings.php file to the parent directory:
~>
sudo mv config/LocalSettings.php .
While we are at it, we might
as well make a backup of the LocalSettings.php
file (we are going to be editing it extensively): ~>
sudo cp LocalSettings.php LocalSettings.php.bak
Finally, correct the write
permissions on the config
directory: ~>
sudo chmod go-w config
With this done, look again at
the last line, indicating
that installation was successful. Notice that when the
LocalSettings.php
file is moved from the config
directory, you can
click on the "this link"
to go to your Wiki. Do so now.Customizing the Wiki
Most of the customization of the Wiki occurs through the LocalSettings.php file. Before we begin editing that, click on the log in link and log into the Wiki with your Admin username and password. Next, go to the MediaWiki:Sidebar page, meaning that the web address is:
http://[host].[domain].[name]/mediawiki/index.php/MediaWiki:Sidebar
After you are there, click on
the edit link and
remove line
that says **
sitesupport-url|sitesupport
This will remove the Donations
link in the Navigation
menu on the left. Click the Save
page button when finished.Next, open up the LocalSettings.php file in a text editor. We are going to customize things like the logo up in the top left corner of the Wiki, create a re-direct for the Wiki so that it no longer displays "index.php" in the web address, along with a number of other changes. If you want to understand what each of the configuration options does, go to:
and read about the different Configuration settings.
The first thing we will configure is allow for users to upload files to the Wiki. Perform a search for $wgEnableUploads. Change the setting from "false" to "true" so that the line reads:
$wgEnableUploads
= true;
Scroll down a few lines, to
the $wgImageMagickConvertCommand
option. Under it, add the following lines: $wgFileExtensions
= array( 'png', 'gif', 'jpg', 'jpeg', 'tif', 'tiff', 'txt');
$wgMimeDetectorCommand = "file -bi";
The first line restricts what
kinds of files are
allowed to be uploaded to the Wiki, and the second line performs MIME
detection so that the Wiki knows how to
handle various file
types. If you want to allow other extensions, add them in the
$wgFileExtenstions
setting.$wgMimeDetectorCommand = "file -bi";
Scroll down a few lines and uncomment the $wgHashedUploadDirectory option to upload figures under safe mode:
$wgHashedUploadDirectory = false;
We will have to create the images/archive, images/thumb, and images/temp directories. In another terminal window type: ~> cd /var/www/html/mediawiki/images
~> sudo mkdir archive
~> sudo mkdir thumb
~> sudo mkdir temp
~> sudo chown apache.apache *
Next, scroll down to the very bottom of the LocalSettings.php file, just above
the "?>"
line. Add the following:~> sudo mkdir archive
~> sudo mkdir thumb
~> sudo mkdir temp
~> sudo chown apache.apache *
#
User Defined Settings
The first setting that we are
going to define is the
location of the logo in the upper left corner of the screen. Add the
following lines: #
Set default skin directory and logo path
$wgStylePath = "$wgScriptPath/skins";
$wgStyleDirectory = "$IP/skins";
$wgLogo = "$wgStylePath/common/images/[figure].[ext]";
Notice that the Wiki is going
to look for the logo in
/var/www/html/mediawiki/skins/common/images/.
Copy the figure
that you want to use there.$wgStylePath = "$wgScriptPath/skins";
$wgStyleDirectory = "$IP/skins";
$wgLogo = "$wgStylePath/common/images/[figure].[ext]";
~>
sudo cp <image location>
/var/www/html/mediawiki/skins/common/images/.
Let's also fix the timezone: #Set Default Timezone
$wgLocaltimezone = "America/Los_Angeles";
#Calculate the timezone offset with UTC
$oldtz = getenv("TZ");
putenv("TZ=$wgLocaltimezone");
$wgLocalTZoffset = date("Z") / 60 + date("I") * 60;
putenv("TZ=$oldtz");
Assuming that you do not live in the Pacific Time Zone, you can check for the proper value of $wgLocaltimezone at the Time Zone Descriptions link. Next, we are going to create a
redirect from mediawiki
to wiki,
so that we can use short URLs and
remove "index.php"
from the web address. The first step in this
process involves using the $wgArticlePath
option. Add the
following lines:$wgLocaltimezone = "America/Los_Angeles";
#Calculate the timezone offset with UTC
$oldtz = getenv("TZ");
putenv("TZ=$wgLocaltimezone");
$wgLocalTZoffset = date("Z") / 60 + date("I") * 60;
putenv("TZ=$oldtz");
#
Redirect path
$wgArticlePath = "/wiki/$1";
Save and exit. This
forces MediaWiki to look in the /var/www/html/wiki
directory for the article files, even though it does not
exist. But this can
be done by merely creating an alias from the
nonexistent /wiki
directory to the /mediawiki
directory, which can be done through the configuration file for Apache.$wgArticlePath = "/wiki/$1";
Open the /etc/httpd/conf/httpd.conf file. Scroll down to the very bottom of the file, just above the AcceptPathInfo On option. Above it, add the following:
Alias
/wiki /var/www/html/mediawiki/index.php
Save, exit, and restart the Apache daemon: ~>
sudo restart service httpd
You should see httpd
successfully stop and restart: Stopping
httpd:
[ OK
]
Starting httpd: [ OK ]
We have now created an alias that points
back to the mediawiki
directory that also includes the index.php
file. As a result, even though the MediaWiki now looks for articles in
the Wiki directory (which, again, does not exist), the directory is
aliased back to mediawiki/index.php.
If you go to http://[host].[domain].[name]/mediawiki/,
instead of seeing the following address:Starting httpd: [ OK ]
http://[host].[domain].[name]/mediawiki/index.php/Main_Page
you will now see http://[host].[domain].[name]/wiki/Main_Page
Much nicer.Security using NamespacePermissions.php
Some tightened security can be added fairly easily with the NamespacePermissions Extension. In my case, I like to prevent automatic registrations, and only allow users with specific permissions to edit certain kinds of pages. The NamespacePermissions Extension is provided on the WikiMedia website (which is basically a Wiki for the MediaWiki software). Head over to the following address:
Spend some time reading through the web page, before scrolling down to the Source of NamespacePermissions.php file section. Open and editor and copy/paste the PHP code into the editor. Basically, what you are pasting is:
<?php
/* NamespacePermissions - MediaWiki extension
*
* provides separate permissions for each action (read,edit,create,move)
* on articles in custom namespaces for fine access management
*
* Author: Petr Andreev
*
* Sample usage:3
*
* $wgExtraNamespaces = array(100 => "Foo", 101 => "Foo_Talk");
* // optional (example): allow registered users to view and edit articles in Foo
* $wgGroupPermissions[ 'user' ][ 'ns100_read' ] = true;
* $wgGroupPermissions[ 'user' ][ 'ns100_edit' ] = true;
* // end of optional
* require('extensions/NamespacePermissions.php');
*
* Permissions provided:
* # ns{$num}_read
* # ns{$num}_edit
* # ns{$num}_create
* # ns{$num}_move
* where {$num} - namespace number (e.g. ns100_read, ns101_create)
*
* Groups provided:
* # ns{$title}RW - full access to the namespace {$title}
* # ns{$title}RO - read-only access to the namespace {$title}
* e.g. nsFoo_talkRW, nsFooRO
*/
// permissions for autocreated groups should be set now,
// before the User object for current user is instantiated
namespacePermissionsCreateGroups();
// other stuff should better be done via standard mechanism of running extensions
$wgExtensionFunctions[] = "wfNamespacePermissions";
// create groups for each custom namespace
function namespacePermissionsCreateGroups() {
global $wgExtraNamespaces, $wgGroupPermissions;
foreach ( $wgExtraNamespaces as $num => $title ) {
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_edit" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_read" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_create" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_move" ] = true;
$wgGroupPermissions[ "ns{$title}RO" ][ "ns{$num}_read" ] = true;
}
}
function wfNamespacePermissions() {
global $wgHooks;
// use the userCan hook to check permissions
$wgHooks[ 'userCan' ][] = 'namespacePermissionsCheckNamespace';
}
function namespacePermissionsCheckNamespace( $title, $user, $action, $result ) {
if ( ( $ns = $title->getNamespace() ) >= 100 ) {
if ( ! $user->isAllowed("ns{$ns}_{$action}") ) {
$result = false;
return false;
}
}
return null;
}
?>
Save the file as NamespacePermissions.php,
and move it over to the /var/www/html/mediawiki/extensions/
directory:/* NamespacePermissions - MediaWiki extension
*
* provides separate permissions for each action (read,edit,create,move)
* on articles in custom namespaces for fine access management
*
* Author: Petr Andreev
*
* Sample usage:3
*
* $wgExtraNamespaces = array(100 => "Foo", 101 => "Foo_Talk");
* // optional (example): allow registered users to view and edit articles in Foo
* $wgGroupPermissions[ 'user' ][ 'ns100_read' ] = true;
* $wgGroupPermissions[ 'user' ][ 'ns100_edit' ] = true;
* // end of optional
* require('extensions/NamespacePermissions.php');
*
* Permissions provided:
* # ns{$num}_read
* # ns{$num}_edit
* # ns{$num}_create
* # ns{$num}_move
* where {$num} - namespace number (e.g. ns100_read, ns101_create)
*
* Groups provided:
* # ns{$title}RW - full access to the namespace {$title}
* # ns{$title}RO - read-only access to the namespace {$title}
* e.g. nsFoo_talkRW, nsFooRO
*/
// permissions for autocreated groups should be set now,
// before the User object for current user is instantiated
namespacePermissionsCreateGroups();
// other stuff should better be done via standard mechanism of running extensions
$wgExtensionFunctions[] = "wfNamespacePermissions";
// create groups for each custom namespace
function namespacePermissionsCreateGroups() {
global $wgExtraNamespaces, $wgGroupPermissions;
foreach ( $wgExtraNamespaces as $num => $title ) {
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_edit" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_read" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_create" ] = true;
$wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_move" ] = true;
$wgGroupPermissions[ "ns{$title}RO" ][ "ns{$num}_read" ] = true;
}
}
function wfNamespacePermissions() {
global $wgHooks;
// use the userCan hook to check permissions
$wgHooks[ 'userCan' ][] = 'namespacePermissionsCheckNamespace';
}
function namespacePermissionsCheckNamespace( $title, $user, $action, $result ) {
if ( ( $ns = $title->getNamespace() ) >= 100 ) {
if ( ! $user->isAllowed("ns{$ns}_{$action}") ) {
$result = false;
return false;
}
}
return null;
}
?>
~>
sudo mv NamespacePermissions.php /var/www/html/mediawiki/extensions/.
Now open the /var/www/html/LocalSettings.php
file using sudo.
Scroll down again to the User
Defined Settings section, and add the following: #
This snippet prevents new registrations from anonymous users
# (Sysops can still create user accounts)
$wgGroupPermissions['*']['createaccount'] = false;
# This snippet prevents editing from anonymous users
$wgGroupPermissions['*']['edit'] = false;
# This snippet removes the IP address for non-logged in users
$wgShowIPinHeader = false;
# Define namespaces
$wgExtraNamespaces =
array(100 => "[Namespace #1]",
102 => "[Namespace #2]",
);
$wgGroupPermissions[ '*' ][ 'ns100_read' ] = true;
$wgGroupPermissions[ '*' ][ 'ns102_read' ] = true;
require('extensions/NamespacePermissions.php');
#include READ_ONLY in default search
$wgNamespacesToBeSearchedDefault = array(
NS_MAIN => true,
NS_HELP => true,
NS_TEMPLATE => true,
);
Replace [Namespace #1]
and [Namespace #2]
with group names for your personal settings. You can remove "102 => "[Namespace
#2]"," if you only need to define one group, or add more
lines, if necessary. The $wgGroupPermissions
option sets the permissions (in this case read only) for the pages that
belong to these groups. If you only use one Namespace,
delete the second $wgGroupPermissions
line; if you want to add more, add additional lines. If you want to
change the permissions, see the NamespacePermissions
webpage
for additional information. As a final note, the convention for
Namespaces seems to be using even numbers for read only permissions and
odd numbers for read-write permissions. # (Sysops can still create user accounts)
$wgGroupPermissions['*']['createaccount'] = false;
# This snippet prevents editing from anonymous users
$wgGroupPermissions['*']['edit'] = false;
# This snippet removes the IP address for non-logged in users
$wgShowIPinHeader = false;
# Define namespaces
$wgExtraNamespaces =
array(100 => "[Namespace #1]",
102 => "[Namespace #2]",
);
$wgGroupPermissions[ '*' ][ 'ns100_read' ] = true;
$wgGroupPermissions[ '*' ][ 'ns102_read' ] = true;
require('extensions/NamespacePermissions.php');
#include READ_ONLY in default search
$wgNamespacesToBeSearchedDefault = array(
NS_MAIN => true,
NS_HELP => true,
NS_TEMPLATE => true,
);
The next time you login to the Wiki, click on the Special pages link under the toolbox (toward the bottom left). Scroll down to the very bottom of the page that comes up and click on User rights management. If you type in a username and click Edit User Groups, you will notice that the Namespaces that you defined are now available. You can provide users with read only (ns...RO) permissions, or read-write (ns...RW) permissions, as necessary. If you want to create a Wiki page that contains a specific Namespace, meaning that only users who are a part of that Namespace can edit it, then use the following code when creating a link for the page:
[[[Namespace]:[Link
Page Name]|[Link Page Name]]
[Namespace]:[Link
Page Name] creates a space with a specific Namespace, in
this case [Namespace].
The link will appear as a "normal" link, however, due to the "|[Link Page Name]"
code. If this is confusing, you can read about Namespaces in general at:Again, the Wikimedia website is an extremely valuable source of information. In general, I find Namespaces a slick way of adding security contexts to my Wiki.
Any Wiki can be heavily customized and configured, and obviously, what was presented here is just the tip of the iceberg. I suggest delving into the WikiMedia website, and gleaning as much information as possible from it. I find it to be an extremely valuable resource.
Upgrading MediaWiki
To upgrade MediaWiki, move the mediawiki directory to mediawiki-bak:
~> sudo mv /var/www/html/phpmyadmin /var/www/html/phpmyadmin-bak
Install the new version of MediaWiki. The installation
script should automatically preserve tables in the database, and make
changes to the tables wherever necessary. When you are done, copy over
the images and extensions directories, and other modifications:~> sudo cp -r /var/www/html/mediawiki-bak/images /var/www/html/mediawiki/.
~> sudo cp -r /var/www/html/phpmyadmin-bak/extensions /var/www/html/phpmyadmin/.
Make the appropriate changes to the LocalSettings.php file. You can now delete the old version of MediaWiki:~> sudo cp -r /var/www/html/phpmyadmin-bak/extensions /var/www/html/phpmyadmin/.
~> sudo rm -r /var/www/html/phpmyadmin-bak
The upgrade should now be complete.