15

We are looking for ways in which to further enhance our documentation and our ability to allow easy access to the information as well as editing the information. With these ideas in mind, we created an internal wiki based upon the MediaWiki platform for our Tier 1 (Help Desk). This has been a huge success for the Help Desk and they use this extensively for their daily operations. Now, we are looking at ways in which to document things for our Tier 2 (Systems Administrators). We need to have the information for Tier 2 separate from the information for Tier 1 due to the sensitivity of the information and the fact that it will contain steps for how we build our servers, etc.

I am looking for ideas and suggestions in relation to how we can accomplish the following aims:

  • Centralized documentation based upon the MediaWiki platform
  • Separated content between Tier 1 and Tier 2
  • We like the look and feel that we have for Tier 1 and that could be used for Tier 2
  • Can this be ran on the same server if we were to run two different installations of MediaWiki? Is this even a good idea to run multiple installations of MediaWiki on the same machine?
  • Support for FQDN and SSL certificates for each documentation installation
  • Is there a way to slice or keep separate part of the Tier 1 MediaWiki installation based upon user or group membership?

Thank you in advance and I look forward to your ideas and suggestions.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
John
  • 2,266
  • 6
  • 44
  • 60

4 Answers4

12

Unless there's going to be a lot of content switching tiers, I'd recommend separate wikis, as MW was never built for solid access control. Read http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions first and decide whether it's worth the effort. There's a lot of warnings and exploits that can circumvent the protection methods.

If you do go for it: have a look at the Namespace Lockdown extension. It lets you set group access control based on the namespace that the pages are in, then you can have one namespace for each tier. I have used this in the past (not sure how well it is supported on the current MW version, though). It works, but it's fiddly to configure and manage, especially if you've got lots of users.

If you go for two instances: You can certainly run more than one MW install on a single host, so long as you maintain good separation. Set them up as separate virtual hosts, with their own hostname, separate databases (and DB credentials) and you're away.

However, if you then want SSL, you'll need the generate a certificate for each (or use an internal wildcard one) and give each instance its own IP address as well as hostname.

The look+feel (skin) can easily be copied between the two instances, as it's just a PHP file with a subfolder. Get it how you like it on one, then copy it across and add it to your new config.

SmallClanger
  • 8,947
  • 1
  • 31
  • 45
1

you can install more instances of MW - just create separate directories in webserver's document root (hence you will use the same domain name and the same SSL certs). Just during the installation point them to different databases

If you need them in the root of URL - you can create couple of virtualhosts with different names or the same names - different ports

If you are using Apache as web server - you can use .htaccess files for access, but is not easy for managing

jet
  • 475
  • 4
  • 8
0

You can use .htaccess infront of your Tier 2 wiki and drop using the MW security extensions.

Sandra
  • 9,973
  • 37
  • 104
  • 160
  • Sandra - Thank you for the reply. Can you share some more about what we should cordon off with .htaccess? Also, are there particular MW security extensions that you had in mind? – John Oct 28 '11 at 14:55
  • Don't use any MW security extensions. Let all authentication be done with `htaccess`. http://www.howtoforge.com/htaccess_authentication You can either have a local "database" of users, or hook it up against an AD, LDAP or NIS. – Sandra Oct 30 '11 at 10:49
-1

I should think that you can do this in a single wiki. Just set up access rights so Tier 1 staff can't access protected Tier 2 pages. That's all you need to do, as far as I understand your question.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • Do you know how or where to define the access rights per page or for a category of pages? – John Jan 18 '11 at 17:03
  • I do not. But I've been a user on a MediaWiki that most definitely had locked-down pages that users could not read. Not sure why i got a downvote for this answer. – mfinni Jan 18 '11 at 17:42