Securing MediaWiki LocalSettings.php on nginx

Question

I am trying to secure my LocalSettings.php. First, I found the nginx user (www-data) using top, did chown -R www-data:www-data wikidir, and then tried to do chmod 600 on wikidir/LocalSettings.php. The breaks the site, however. The site only works if LocalSettings.php is world readable, which is something I don't want.

Any help is appreciated.

Nothing of significance in error.log it seems. There is one error relating to a favicon file, but its only happened once while I tried changing permissions several times. — William, Jun 29 '12 at 16:26
Nginx with fast cgi. I have PHP 5. I really appreciate your help! — William, Jun 29 '12 at 17:06

score 1 · Accepted Answer · answered Jun 30 '12 at 00:33

Sounds like your fastcgi processes are running as a user other than www-data; you'll want to change this configuration so that it runs as www-data (there are security implications to this, since that user can then write to everywhere that www-data can, but that's probably what you want with a mediawiki install).

Where this is configured depends on how fastcgi was installed - the nginx fastcgi example has it set in an environment variable in the init.d script, but your setup may vary. If you can't find where to change that, then let us know how fastcgi was installed and we can assist.

This lead me to the solution. I have two FastCGI running in the background. One is under user `www-data` the other `webrootadmin`. I did `chown -R webrootadmin mywiki` and now I am able to change permissions without breaking the site. Thank you! — William, Jun 30 '12 at 02:21

Securing MediaWiki LocalSettings.php on nginx

1 Answers1