Maltfield Log: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
No edit summary
No edit summary
 
(23 intermediate revisions by 2 users not shown)
Line 2: Line 2:
Links: [[OSE_Server]]. [[Michael Photo Folder]].
Links: [[OSE_Server]]. [[Michael Photo Folder]].


<html><iframe width="700" height="600" src="https://osedev.org/wiki/Maltfield"></iframe></html>
<html><iframe width="700" height="600" src="https://osedev.org/wiki/Maltfield?start=1/1/2019"></iframe></html>
 
Link: https://osedev.org/wiki/Maltfield


=Key Wiki Pages=
=Key Wiki Pages=
Line 18: Line 20:
In mid-2018, I discovered that my work log had become so large that it exceeded Mediawiki's allowable limits (triggering a "413 Request Entity Too Large" error), so I segregated out my work log by quarter into subpages.
In mid-2018, I discovered that my work log had become so large that it exceeded Mediawiki's allowable limits (triggering a "413 Request Entity Too Large" error), so I segregated out my work log by quarter into subpages.


# [[Maltfield_Log/2025_Q2|2025 Q2 Logs for Michael Altfield]]
# [[Maltfield_Log/2025_Q1|2025 Q1 Logs for Michael Altfield]]
# [[Maltfield_Log/2024_Q4|2024 Q4 Logs for Michael Altfield]]
# [[Maltfield_Log/2024_Q3|2024 Q3 Logs for Michael Altfield]]
# [[Maltfield_Log/2024_H1|2024 Q1 & Q2 Logs for Michael Altfield]]
# [[Maltfield_Log/2023|2023 Logs for Michael Altfield]]
# [[Maltfield_Log/2022|2022 Logs for Michael Altfield]]
# [[Maltfield_Log/2021_Q3|2021 Q3 Logs for Michael Altfield]]
# [[Maltfield_Log/2021_Q2|2021 Q2 Logs for Michael Altfield]]
# [[Maltfield_Log/2020_Q3|2020 Q3 Logs for Michael Altfield]]
# [[Maltfield_Log/2020_Q2|2020 Q2 Logs for Michael Altfield]]
# [[Maltfield_Log/2020_Q1|2020 Q1 Logs for Michael Altfield]]
# [[Maltfield_Log/2019_Q4|2019 Q4 Logs for Michael Altfield]]
# [[Maltfield_Log/2019_Q3|2019 Q3 Logs for Michael Altfield]]
# [[Maltfield_Log/2019_Q2|2019 Q2 Logs for Michael Altfield]]
# [[Maltfield_Log/2019_Q1|2019 Q1 Logs for Michael Altfield]]
# [[Maltfield_Log/2018_Q4|2018 Q4 Logs for Michael Altfield]]
# [[Maltfield_Log/2018_Q4|2018 Q4 Logs for Michael Altfield]]
# [[Maltfield_Log/2018_Q3|2018 Q3 Logs for Michael Altfield]]
# [[Maltfield_Log/2018_Q3|2018 Q3 Logs for Michael Altfield]]
Line 23: Line 42:
# [[Maltfield_Log/2018_Q1|2018 Q1 Logs for Michael Altfield]]
# [[Maltfield_Log/2018_Q1|2018 Q1 Logs for Michael Altfield]]
# [[Maltfield_log_2017|2017 Logs for Michael Altfield]]
# [[Maltfield_log_2017|2017 Logs for Michael Altfield]]
==Test==
---------- Forwarded message ---------
From: Michael Altfield <michael@opensourceecology.org>
Date: Fri, Sep 28, 2018 at 12:26 PM
Subject: Re: Adding plugins to WP
To: Catarina Mota <catarinamfmota@gmail.com>, Marcin Jakubowski <marcin@opensourceecology.org>
Hey Catarina,
Sorry for the late reply, I've been trekking through Yellowstone NP since late last week.
This error is expected due to or wordpress file permissions hardening as described here:
* https://wiki.opensourceecology.org/wiki/Wordpress#Why.3F
Our wordpress install's permissions is intentionally hardened such that wordpress cannot modify its own files, except for the "uploads" directory (and that uploads directory is further hardened to prevent anything inside of it from executing code). Otherwise, there's a significantly greater vector for attack. For example, if wp has a vulnerability, an attacker could use a malicious input (such as a wp comment) to inject malicious code executions like we saw in our oswh site--which was totally owned became a phishing site for our users' passwords. With the current hardened permissions (denying write access to the apache server's user), the web server simply cannot modify the wordpress files--rendering most of these attacks futile.
That said, you do have all the permission you need to install plugins yourself following the "Manual Plugin Installation" as documented by wordpress:
* https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation
So you would download the plugin you want, unzip it, and upload the plugin's files in the relevant web directory via your scp program of choice (iirc you used FileZilla). Or you could just use ssh + wget/mv, etc. For the microfactory website, the plugins dir is:
* /var/www/html/microfactory.opensourceecology.org/htdocs/wp-content/plugins/
After uploading the files, you need to properly set the permissions of the site's files by executing the following idempotent commands, per the documentation on our wiki
* https://wiki.opensourceecology.org/wiki/Wordpress#Proper_File.2FDirectory_Ownership_.26_Permissions
vhostDir="/var/www/html/microfactory.opensourceecology.org"
wpDocroot="${vhostDir}/htdocs"
chown -R not-apache:apache "${vhostDir}"
find "${vhostDir}" -type d -exec chmod 0050 {} \;
find "${vhostDir}" -type f -exec chmod 0040 {} \;
chown not-apache:apache-admins "${vhostDir}/wp-config.php"
chmod 0040 "${vhostDir}/wp-config.php"
[ -d "${wpDocroot}/wp-content/uploads" ] || mkdir "${wpDocroot}/wp-content/uploads"
chown -R apache:apache "${wpDocroot}/wp-content/uploads"
find "${wpDocroot}/wp-content/uploads" -type f -exec chmod 0660 {} \;
find "${wpDocroot}/wp-content/uploads" -type d -exec chmod 0770 {} \;
Regarding the specific plugin you mentioned (duplicate page), it looks like it was last updated last month, and it's extremely popular--so I see no reason to replace it
* https://wordpress.org/plugins/duplicate-page/
I went ahead and did the above steps for you for this plugin. You may still need to choose to "activate" it in the wp wui.
If you have any further requests to install plugins to any of our wp sites, you can either attempt it yourself (make a backup first!) following the above instructions or I can do it for you. If you'd like, I'd be happy to offer a live training call on how to do this yourself via ssh.
Cheers,
Michael Altfield
Senior System Administrator
PGP Fingerprint: 8A4B 0AF8 162F 3B6A 79B7  70D2 AA3E DF71 60E2 D97B
Open Source Ecology
www.opensourceecology.org
On Tue, Oct 16, 2018 at 4:20 PM, Catarina Mota <catarinamfmota@gmail.com> wrote:
    Hi guys,
    I asked Michael a couple weeks ago to install the "duplicate post" plugin. It  hadn't been activated yet, but I did so just now. So you should be able to duplicate event (portfolio) posts.
    Below is Michael's tutorial for installing plugins. Sara will still need an FTP account for that purpose.
    Cheers,
    Catarina
    ---------- Forwarded message ---------
    From: Michael Altfield <michael@opensourceecology.org>
    Date: Fri, Sep 28, 2018 at 12:26 PM
    Subject: Re: Adding plugins to WP
    To: Catarina Mota <catarinamfmota@gmail.com>, Marcin Jakubowski <marcin@opensourceecology.org>
    Hey Catarina,
    Sorry for the late reply, I've been trekking through Yellowstone NP since late last week.
    This error is expected due to or wordpress file permissions hardening as described here:
    * https://wiki.opensourceecology.org/wiki/Wordpress#Why.3F
    Our wordpress install's permissions is intentionally hardened such that wordpress cannot modify its own files, except for the "uploads" directory (and that uploads directory is further hardened to prevent anything inside of it from executing code). Otherwise, there's a significantly greater vector for attack. For example, if wp has a vulnerability, an attacker could use a malicious input (such as a wp comment) to inject malicious code executions like we saw in our oswh site--which was totally owned became a phishing site for our users' passwords. With the current hardened permissions (denying write access to the apache server's user), the web server simply cannot modify the wordpress files--rendering most of these attacks futile.
    That said, you do have all the permission you need to install plugins yourself following the "Manual Plugin Installation" as documented by wordpress:
    * https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation
    So you would download the plugin you want, unzip it, and upload the plugin's files in the relevant web directory via your scp program of choice (iirc you used FileZilla). Or you could just use ssh + wget/mv, etc. For the microfactory website, the plugins dir is:
    * /var/www/html/microfactory.opensourceecology.org/htdocs/wp-content/plugins/
    After uploading the files, you need to properly set the permissions of the site's files by executing the following idempotent commands, per the documentation on our wiki
    * https://wiki.opensourceecology.org/wiki/Wordpress#Proper_File.2FDirectory_Ownership_.26_Permissions
    vhostDir="/var/www/html/microfactory.opensourceecology.org"
    wpDocroot="${vhostDir}/htdocs"
    chown -R not-apache:apache "${vhostDir}"
    find "${vhostDir}" -type d -exec chmod 0050 {} \;
    find "${vhostDir}" -type f -exec chmod 0040 {} \;
    chown not-apache:apache-admins "${vhostDir}/wp-config.php"
    chmod 0040 "${vhostDir}/wp-config.php"
    [ -d "${wpDocroot}/wp-content/uploads" ] || mkdir "${wpDocroot}/wp-content/uploads"
    chown -R apache:apache "${wpDocroot}/wp-content/uploads"
    find "${wpDocroot}/wp-content/uploads" -type f -exec chmod 0660 {} \;
    find "${wpDocroot}/wp-content/uploads" -type d -exec chmod 0770 {} \;
    Regarding the specific plugin you mentioned (duplicate page), it looks like it was last updated last month, and it's extremely popular--so I see no reason to replace it
    * https://wordpress.org/plugins/duplicate-page/
    I went ahead and did the above steps for you for this plugin. You may still need to choose to "activate" it in the wp wui.
    If you have any further requests to install plugins to any of our wp sites, you can either attempt it yourself (make a backup first!) following the above instructions or I can do it for you. If you'd like, I'd be happy to offer a live training call on how to do this yourself via ssh.
    Cheers,
    Michael Altfield
    Senior System Administrator
    PGP Fingerprint: 8A4B 0AF8 162F 3B6A 79B7  70D2 AA3E DF71 60E2 D97B
    Open Source Ecology
    www.opensourceecology.org
    On 09/26/2018 02:16 PM, Catarina Mota wrote:
>    Hi Michael,
>
>    I hope all is well with you.
>
>    Quick question: how do I add new plugins to our WP installs? Specifically, I need to add a plugin to the microfactory site that allows me to duplicate (make a new copy of) pages, portfolios and posts. We have such a plugin on OBI and OSE's site (I installed it before the migration). Though I'm definitely open to another plugin as long as it does the same thing :)
>
>    I tried to install a new plugin on microfactory but ran into an error. Couldn't even search for it. This happened at 13:08 CT (see attached screenshot).
>
>    Thanks!
>    C
--
Full Disclosure: OSE works openly. All conversations in this email are intended to be transparent and subject to sharing, with due respect. OSE does not sign NDAs in order to promote collaboration. All of our work is libre or open source. If you are discussing potential hardware development collaboration, your work must also be open source pursuant to the Open Source Hardware Association definition.
See Global Village Construction Set TED Talk. See latest build of Seed Eco-Home. Subscribe as a True Fan. See OSE Facebook for updates or join the discussion at the OSE Workshops FB Page. Subscribe to monthly update OSEmail. Donate to our 501(c)3. OSE work is an ambitious volunteer project. Please consider joining as a dedicated OSE Developer.
Marcin Jakubowski, Ph.D.
Executive Director
Open Source Ecology
http://opensourceecology.org

Latest revision as of 03:00, 31 May 2025

Links: OSE_Server. Michael Photo Folder.

Link: https://osedev.org/wiki/Maltfield

Key Wiki Pages

  1. User:Maltfield
  2. OSE Server and OSE Server#Backups
  3. Web server configuration
  4. Wordpress
  5. Mediawiki
  6. Category:CHGs

Logs

In early 2018 I discovered that this page had become the single longest article in our wiki, so I segregated out my work log by year.

In mid-2018, I discovered that my work log had become so large that it exceeded Mediawiki's allowable limits (triggering a "413 Request Entity Too Large" error), so I segregated out my work log by quarter into subpages.


  1. 2025 Q2 Logs for Michael Altfield
  2. 2025 Q1 Logs for Michael Altfield
  3. 2024 Q4 Logs for Michael Altfield
  4. 2024 Q3 Logs for Michael Altfield
  5. 2024 Q1 & Q2 Logs for Michael Altfield
  6. 2023 Logs for Michael Altfield
  7. 2022 Logs for Michael Altfield
  8. 2021 Q3 Logs for Michael Altfield
  9. 2021 Q2 Logs for Michael Altfield
  10. 2020 Q3 Logs for Michael Altfield
  11. 2020 Q2 Logs for Michael Altfield
  12. 2020 Q1 Logs for Michael Altfield
  13. 2019 Q4 Logs for Michael Altfield
  14. 2019 Q3 Logs for Michael Altfield
  15. 2019 Q2 Logs for Michael Altfield
  16. 2019 Q1 Logs for Michael Altfield
  17. 2018 Q4 Logs for Michael Altfield
  18. 2018 Q3 Logs for Michael Altfield
  19. 2018 Q2 Logs for Michael Altfield
  20. 2018 Q1 Logs for Michael Altfield
  21. 2017 Logs for Michael Altfield
Retrieved from "https://wiki.opensourceecology.org/index.php?title=Maltfield_Log&oldid=307970"