While on the CLI, it’s assumed you’re root.
I was having trouble uploading images, strangely enough after I fixed it I realized I forgot to take a screenshot of the error, so I tried to unfix it but it guess it’s gone for good. Anyway, according to my search terms the error read something like: “Error creating folder * (mkdir(): File exists)”. Where “*” is a wildcard for a file path which would make it harder to find results otherwise.
It showed way too many results, apparently this is a common PHP error. Prefixing my search with the word “dokuwiki” narrowed it down and soon I find half the answer I was looking for.
Apparently the media folder locks down mod_authz_host-based access with an .htaccess file. What is mod_authz_host ? It simply means “Group authorizations based on host (name or IP address)” according to the HTTP Server Project‘s Module Index. In other words, you cannot request the files directly since your request would be coming from a system—which has an IP address.
However, requests for the filesystem coming by other means, such as processes running on the server (like PHP), can still get them and present them differently to the client (the browser).
Regardless, FCKeditor/Ckgedit can bypass this by symlinking the media directory (ref/data/media — ref is my DokuWiki root) into FCKeditor/Ckgedit’s own file structure at ref/lib/plugins/ckgedit/fckeditor/userfiles. Filesystem-wise, symlinking immediately grants the symlinked location 777 permissions, and I believe they can’t be changed. (I’ve had mixed results attempting this and, in the cases I’ve been successful, the change is only recognized by some systems, not all.)
UPDATE 1
I mean… Only a day passed when I found out symlinks can indeed change ownership. Seriously!—Every time I say something I prove myself wrong the next minute. You should not believe a word written in here. You use the-hshort option in bothchmodandchown, BTW, the long option is--no-deferenceonly inchown. I thinkchmoddoesn’t have a long option for this. But why should you believe me!? 😛
UPDATE 2
Never mind. That (chmod) only seems to work in macOS. I’m testing systems, so far on Fedora 36, Red Hat Enterprise Linux 8.6, Ubuntu 20.04.5 LTS can’t be done. On macOS 10.13 and FreeBSD 13.0 can be done.chownworks everywhere though. See? This is what I’m talking about; just a minute later. I didn’t test more system bc suddenly I’m blanking on their (host)names for some reason. I have at least one Debian (version), one Zorin OS, I’m not so sure about FreeBSD, usually they’re pretty uniform on their versions…
If you remove the symlink from FCKeditor/Ckgedit’s directories, then the next time you summon the UI to upload an image it automatically recreates it as a regular directory which of course it won’t have access to your existing data which means you’ll end up duplicating it. If you recreate the symlink on your own the error returns.
image directory as a directory, not a symlink. other was automatically added because of the namespace I was in but otherwise it’s an empty file structure.According to the articles I read, all you have to do is copy one of the .htaccess samples from the userfiles directory mentioned earlier, .htaccess.security, into the real media directory and you’re done.
However, I did and I wasn’t.
The sample file’s content is:
<IfModule mod_authz_host>
Require all denied
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Deny from all
</IfModule>
<FilesMatch "\.(gif|jpe?g|png)$">
<IfModule mod_authz_host>
Require all granted
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
Options -IndexesNow, stop me if you’ve seen this before, specifically the last line.
Right?! That’s what I thought too. It’s like we’re twins. We should definitely start calling each other “bitch” and “dumb slut”. Hashtag BFFs.
So bitch…
I added on it +FollowSymLinks, I tried again et voici ci-dessous !
I also augmented the file extensions allowed to be served:
<IfModule mod_authz_host>
Require all denied
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Deny from all
</IfModule>
<FilesMatch "\.(gif|jpe?g|png|svg|pdf|mov|mp4|mp3|m4a|ai|psd|aiff|tiff|pxm)$">
<IfModule mod_authz_host>
Require all granted
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
Options -Indexes +FollowSymLinks
Getting ambiguities out of the way
The contents of ref/data/media/.htaccess is a copy of ref/lib/plugins/ckgedit/fckeditor/userfiles/.htaccess.security:
<IfModule mod_authz_host>
Require all denied
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Deny from all
</IfModule>
<FilesMatch "\.(gif|jpe?g|png|svg|pdf|mov|mp4|mp3|m4a|ai|psd|aiff|tiff|pxm)$">
<IfModule mod_authz_host>
Require all granted
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
Options -IndexesAt this point I had gone rogue and I had edited the file directly which is advised not to do. However, I left the last line untouched.
The contents of ref/lib/plugins/ckgedit/fckeditor/userfiles/.htaccess is:
→ this is the important file ⤵︎
<IfModule mod_authz_host>
Require all denied
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Deny from all
</IfModule>
<FilesMatch "\.(gif|jpe?g|png|svg|pdf|mov|mp4|mp3|m4a|ai|psd|aiff|tiff|pxm)$">
<IfModule mod_authz_host>
Require all granted
</IfModule>
<IfModule !mod_authz_host>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
Options -Indexes +FollowSymLinksIf you deleted the symlink too, to recreate it, in the command line navigate to your media folder using the pushd command instead of cd.
If you deleted the symlink too, to recreate it, in the command line navigate to your media folder using the pushd command instead of cd. Why? Because it prints the last directory you were each time you change to a new one. You can copy and paste it.
The last step is fixing permissions. In Debian upstream, httpd’s default user is www-data:www-data. In Fedora upstream it’s apache:apache. I don’t know what’s the user on xBSD, but just list the files in other directories of your DokuWiki install with the long format option (ls -l) and you should be able to infer it from it. Now, assuming you’re on the last directory we were (image above), run:
# replace user:group with your distributions respective values
chown -fR user:group "$(pwd)"
# you can't really change this on symlinks but it's just for housekeeping (the other files)
# '"$(pwd)"' is your current path, '-fR' includes the contents said path no Qs asked
chmod -fR 755 "$(pwd)"Last notes
Credits/Sources
The first hint I got, I found it on: https://forum.dokuwiki.org/d/237-fatal-error-mkdir-data-locks-file-exists, I think. Honestly I’m not sure because it looks very different now, however the site is correct and it lead me to http://www.mturner.org/fckgLite/doku.php/file_browser_install#image_display_issue_using_direct_path and http://www.mturner.org/fckgLite/doku.php/media#security_and_the_media_directory.
I doubt this people will ever see this, but if some permalink magic is at work and it finds its way back, I’d like to thank them for getting me on the right path…literally.
Personal notes
I’ve observed that normally it’s expected for the website files to be on the web server itself. I expect to be hacked, to fuck up my server, to delete all the directories using something irreversible like rm -fR, or to do some other stupidity as I often do, thus as a safety measure my server’s files are on NFS mounts which are symlinked kinda heavily. Even if I delete things from the CLI, the backend servers are taking both constant backups and snapshots automatically of the files letting me revert from stupidity, plus you know a bitch likes to serve that chunky media which like all good dicks, has trouble fitting into my tiny disk, a mount. hashtag wink, is necessary.
Point is, It might be the reason why the guides above didn’t work, though the guides themselves use symlinks, so it could’ve been an oversight as well. IDK.
Messages from Sensei Vita’s Temple
Non-ESA ESA-vested pet (17:00 PST) or ESA-vested bondage partner (17:30 PST) videoconf frozen yogo yoga with resident Israeli-American instructor Terry Shirah York is available on Microsoft Teams again. The Azure support staff has assured us that the service will be very reliable as long as it’s not raining, Friday or Saturday.