TWiki Reference Manual (TWiki-4.2.0, Sat, 08 Sep 2007, build 14780)

This page contains all documentation topics as one long, complete reference sheet.

Related Topics: TWikiSite, TWikiHistory, TWikiPlannedFeatures, TWikiEnhancementRequests, UserDocumentationCategory, AdminDocumentationCategory

---

TWiki System Requirements

Server and client requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

Resource	Required Server Environment *
Perl	5.6.1 or higher (5.8.4 or higher is recommended)
RCS	5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
GNU diff	GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff
GNU patch	For upgrades only: GNU patch is required when using the TWiki:Codev.UpgradeTWiki script
GNU fgrep, egrep	Modify command line parameters in configure if you use non-GNU grep programs
Cron/scheduler	• Unix: cron • Windows: cron equivalents
Web server	Apache is well supported; see TWiki:TWiki.InstallingTWiki#OtherWebServers for other servers

Required CPAN Modules

The following Perl modules are used by TWiki:

Module	Preferred version
Algorithm::Diff (included)
CGI::Carp	>=1.26
Config	>=0
Cwd	>=3.05
Data::Dumper	>=2.121
Error (included)
File::Copy	>=2.06
File::Find	>=1.05
File::Spec	>=3.05
File::Temp	(included with perl 5.6 and later)
FileHandle	>=2.01
IO::File	>=1.10
Text::Diff (included)
Time::Local	>=1.11

Optional CPAN Modules

The following Perl modules may be used by TWiki:

Module	Preferred version	Description
CGI::Cookie	>=1.24	Used for session support
CGI::Session	>=3.95	Used for session support
Digest::base
Digest::SHA1
Jcode		Used for I18N support with perl 5.6
Locale::Maketext::Lexicon	>=0	Used for I18N support
Net::SMTP	>=2.29	Used for sending mail
Unicode::Map		Used for I18N support with perl 5.6
Unicode::Map8		Used for I18N support with perl 5.6
Unicode::MapUTF8		Used for I18N support with perl 5.6
Unicode::String		Used for I18N support with perl 5.6
URI		Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

The TWiki standard installation has relatively low browser requirements:

• HTML 3.2 compliant
• Cookies, if persistent sessions are required

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWikiSkinBrowser and more at TWiki:Plugins.SkinPackage.

Important note about TWiki Plugins

• Plugins can require just about anything - browser-specific functions, stylesheets (CSS), Java applets, cookies, specific Perl modules,... - check the individual Plugin specs.

Related Topics: AdminDocumentationCategory

Back to top

---

TWiki Installation Guide

The following is installation instructions for the TWiki 4.2 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead.

Both this document and the TWikiUpgradeGuide are also available in the root of the distribution as HTML files. For this reason links to pages inside your own TWiki are written like TWiki.WebHome and not like live web links.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the person installing TWiki has, at a minimum, basic knowledge of server administration and cgi script management on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership).

To help setup a correct Apache configuration, you can use the automatic TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such a Cairo (TWiki 3) you will need the information found in TWiki:TWiki.TWikiUpgradeGuide which includes a description of both an automated and a manual procedure. The manual procedure is probably the safest to follow but takes more time. The upgrade guide describes essential steps needed to avoid problems with locked topics.

Upgrading from a recent TWiki4 release is much simpler. Upgraders from earlier TWiki4 versions can with advantage follow the steps described in TWiki:TWiki.UpgradingTWiki04x00PatchReleases to ensure a safe upgrade without accidently overwriting customizations.

One of the more difficult tasks is installation of addition CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki)

Basic Installation

1. Download the TWiki distribution from http://TWiki.org/download.html.
2. Make a directory for the installation and unpack the distribution in it. In the rest of this document we assume this directory is called twiki.
   • Note that TWiki does not allow spaces in the directory names. On Unix/Linux this is normally not the case. On Windows make sure to use a directory path without spaces.
3. Make sure the user that runs CGI scripts on your system can read and write all files in the distribution.
   The best and safest set of file and directory permissions depend on the actual server environment. For Unix/Linux see TWiki:TWiki.SettingFileAccessRightsLinuxUnix which contains scripts to setup the right file and directory access rights.
   The general rules for access rights are:
   • During installation and configuration, the CGI user needs to be able to read and write everything in the distribution.
   • Once installation and configuration is complete, the CGI user needs write access to everything under the data and pub directories and to twiki/lib/LocalSite.cfg. Everything else should be read-only.
   • Everybody else should be denied access to everything, always.
4. Make sure Perl 5 and the Perl CGI library are installed on your system.
   The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.
   Some systems require a special extension on perl scripts (e.g. .cgi or .pl). If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).
5. Create the file twiki/bin/LocalLib.cfg.
   There is a template for this file in twiki/bin/LocalLib.cfg.txt.
   The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /var/www/twiki/lib.
   If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.
6. Configure the webserver so you can execute the bin/configure script from your browser. But limit the access to either localhost, an IP address or a specific user using basic Apache authentication. You should never leave the configure script open to the public. See TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.
   • If you are unsure about how to do this on your system, see TWiki:TWiki.InstallingTWiki#OtherPlatforms for links to information about various server setups. There is an example Apache httpd.conf file in twiki_httpd_conf.txt at the root of the package. This file also contains advice on securing your installation. There's also a script called tools/rewriteshebang.pl to help you in fixing up the shebang lines in your CGI scripts.
7. Run the configure script from your browser (i.e. enter http://yourdomain/twiki/bin/configure into your browser address bar) and resolve any errors or warnings it tells you about.
   When you run configure for the first time, you can only edit the section General Path Settings. Save these settings, and then return to configure to continue configuration.
   When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send registration emails. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}.

You now have a basic, unauthenticated installation running. At this point you can just point your Web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

• You should protect the configure script from general access. The configure script the tool is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
• You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some builtin protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
  Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled. The twiki_httpd_conf.txt file provided in the root of the twiki directory is an example of an Apache config file which you would normally include from httpd.conf. In many distributions this happens automatically if the file is copied to a specific directory (Example RedHat/Fedora/Centos: /etc/httpd/conf.d) and has suffix .conf. This example file shows how to protect the pub directory from executing both PHP scripts and server side includes.
  If you do not have access to the apache config files you can normally control control access by placing a file called .htaccess in the directory you want to protect. The pub-htaccess.txt file provided in the root of the twiki directory is an example of an Apache .htaccess file which protects against execusion of PHP and SSI scripts.
• Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
  For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.

The TWiki:TWiki.ApacheConfigGenerator will help you address all 3 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. Easy way to jump directly to view the pages is to open your own TWiki in your browser and write TWiki.TWikiSkins in the Jump test box to the right in the top bar and hit Enter. You can find these topics in the on-line reference copy at the official TWiki website: TWiki Release 4.2

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWiki.TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

1. Under the Security Settings pane of configure :
   1. Select TWiki::Client::TemplateLogin for {LoginManager}.
   2. Select TWiki::Users::HtPasswdUser for {PasswordManager}.
   3. Save your configure settings.
   4. Register yourself using the TWiki.TWikiRegistration topic.
      Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
2. Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.

You are strongly encouraged to read TWiki.TWikiUserAuthentication, TWiki:TWiki.TWikiUserAuthenticationSupplement, and TWiki:TWiki.SecuringTWikiSite for further information about managing users and security of your TWiki site.

Define the Administrator User(s)

Administrators have read and write access to any topic in TWiki, independent of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.

• Navigate to the Main.TWikiAdminGroup topic
• Follow carefully the steps Main.TWikiAdminGroup of how to
• Note that you have to be registered and logged in already before you use the internal admin login

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

• Edit TWiki.TWikiPreferences. Read through it and set any additional settings you think you might need. (You can click the 'Edit' button near the top to edit the settings in place).
• Alternately, you can copy any settings or variables that you want to customize from TWiki.TWikiPreferences and paste them into Main.TWikiPreferences. This will protect your local customizations from being overwritten in later upgrades. See notes at top of TWiki.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

1. Confirm the Mail and Proxies settings in the Configure interface.
2. Setup a cron job (or equivalent) to call the tools/mailnotify script as described in the TWiki.MailerContrib topic.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWiki.TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however cost performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} and install let cron run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki, a home topic is created for them based on the TWiki.NewUserTemplate topic (and its TWiki.UserForm). It contains additional resources you can use to:

• Localise the user topic.
• Add a default ALLOWTOPICCHANGE so only the user can edit their own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to prevent spam.
• Add and remove fields defined in the TWiki.UserForm

If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

If you added or removed fields from the user form you may also need to tailor TWiki.TWikiRegistration.

Install Plugins

TWiki:Plugins is an extensive library of Plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see TWiki.InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

Customize Your TWiki!

The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skin (called PatternSkin) by reading the TWiki.PatternSkinCustomization

At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.

Customization of Special Pages

Some pages are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. The topics are:

• TWiki.ChangePassword
• TWiki.ResetPassword
• TWiki.ChangeEmailAddress

Copyright, License and Classification Statements

In the bottom of each topic you will find a default copyright messages saying "Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors." It is a setting WEBCOPYRIGHT that defines this. This is often not adequate.

• If your TWiki is used in a commercial application without public access you should replace this by your normal copyright notice. You should also consider adding classifications (e.g. For Internal Use Only) so people do not have to add this manually to every new topic.
• If your TWiki is public with public access you need to decide which copyright and license the contributions should be covered by. For open source type applications licenses such as the GNU Free Documentation License, FreeBSD Documentation License, and Creative Commons license are possible licenses to consider. Remember that once people have started contributing it is difficult and not correct to change or impose licenses on existing contributions.

You change the copy right statement globally by taking these steps.

• Copy the setting WEBCOPYRIGHT from TWiki.TWikiPreferences to Main.TWikiPreferences and alter the copied text to your need.
• You can create a unique message for each web by adding the WEBCOPYRIGHT setting to WebPreferences in each web. E.g. adding a confidencial classification to a very restricted web.
• The WEBCOPYRIGHT in TWiki.WebPreferences covers the documentation that comes with TWiki and is covered by the original TWiki Copyright and GPL License. You will normally leave this unchanged.

Troubleshooting

The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:

• For Unix or Linux, check TWiki:Codev.TWikiOnUnix and TWiki:Codev.TWikiOnLinux.
• For Windows, check the TWiki:Codev.WindowsInstallCookbook.
• For MacOS X, check TWiki:Codev.TWikiOnMacOSX.

It is also advisable to review TWiki:Codev.KnownIssuesOfTWiki04x02.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev/TWikiIRC (irc.freenode.net, channel #twiki)

Appendixes

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

Resource	Required Server Environment
Perl	5.8.4 or higher is recommended
RCS	5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
GNU diff	GNU diff 2.7 or higher is required when not using the all-Perl RcsLite? . Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff
Other external programs	fgrep, egrep
Cron/scheduler	• Unix: cron • Windows: cron equivalents
Web server	Apache is well supported; for information on other servers, see TWiki:TWiki.InstallingTWiki#OtherWebServers.

Required CPAN Modules

Most of the CPAN libraries listesd below are part of a standard Perl installation so you most likely have them all!

See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries

The following Perl CPAN modules are used by TWiki:

Module	Preferred version
Algorithm::Diff (included)
CGI::Carp	>=1.26
Config	>=0
Cwd	>=3.05
Data::Dumper	>=2.121
Error (included)
File::Copy	>=2.06
File::Find	>=1.05
File::Spec	>=3.05
FileHandle	>=2.01
IO::File	>=1.10
Text::Diff (included)
Time::Local	>=1.11

Optional CPAN Modules

The following Perl modules may be used by TWiki:

See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries

Module	Preferred version	Description
Archive::Tar		May be required by the Extensions Installer in configure if command line tar or unzip is not available
CGI::Cookie	>=1.24	Used for session support
CGI::Session	>=3.95	Highly recommended! Used for session support
Digest::base
Digest::SHA1
Jcode		Used for I18N support with perl 5.6
Locale::Maketext::Lexicon	>=0	Used for I18N support
Net::SMTP	>=2.29	Used for sending mail
Unicode::Map		Used for I18N support with perl 5.6
Unicode::Map8		Used for I18N support with perl 5.6
Unicode::MapUTF8		Used for I18N support with perl 5.6
Unicode::String		Used for I18N support with perl 5.6
URI		Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

The TWiki standard installation has relatively low browser requirements:

• HTML 3.2 compliant
• Cookies, if persistent sessions are required

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWiki/TWikiSkinBrowser and more at TWiki:Plugins.SkinPackage.

Important note about TWiki Plugins

• Plugins can require just about anything - browser-specific functions, stylesheets (CSS), Java applets, cookies, specific Perl modules,... - check the individual Plugin specs.
  • Note: Plugins included in the TWiki distribution do not add requirements, except for the CommentPlugin which requires Perl 5.6.1.

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Referring to the Basic Installation steps presented above:

• Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:
  • Using the table below, create a directory structure on your host server
  • Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)
  • Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/setlib.cfg file (done in Step 2).

TWiki dir:	What it is:	Where to copy:	Example:
twiki	start-up pages	root TWiki dir	/home/smith/twiki/
twiki/bin	CGI bin	CGI-enabled dir	/home/smith/twiki/bin
twiki/lib	library files	same level as twiki/bin	/home/smith/twiki/lib
twiki/locale	language files	dir secure from public access	/home/smith/twiki/locale
twiki/pub	public files	htdoc enabled dir	/home/smith/twiki/pub
twiki/data	topic data	dir secure from public access	/home/smith/twiki/data
twiki/templates	web templates	dir secure from public access	/home/smith/twiki/templates
twiki/tools	TWiki utlilities	dir secure from public access	/home/smith/twiki/tools
twiki/working	Temporary and internal files	dir secure from public access	/home/smith/twiki/working

• Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:
  • chmod -R 755 pub
  • chmod 644 `find pub -type f -print`
  • In addition, you should create a .htaccess file in the pub directory, using the template included in the root level of the distribution entitled pub-htaccess.txt.
  • Note: This setup does not provide for absolute security for TWiki attachments. For more information, see TWiki:Codev.SecuringYourTWiki.

• Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

For additional information about installing TWiki on a hosted accounts, see TWiki:TWiki.InstallingTWiki#WebHostingSites

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

• Copy the file lib/TWiki.spec to lib/LocalSite.cfg
• Remove the comment # in front of $TWiki::cfg{DefaultUrlHost}, $TWiki::cfg{ScriptUrlPath}, $TWiki::cfg{PubUrlPath}, $TWiki::cfg{PubDir}, $TWiki::cfg{TemplateDir}, $TWiki::cfg{DataDir}, $TWiki::cfg{LocalesDir}, and $TWiki::cfg{OS} and make sure these settings have the correct values.
• Make sure to define at least these settings: $TWiki::cfg{LoginManager}, $TWiki::cfg{WebMasterEmail}, $TWiki::cfg{SMTP}{MAILHOST}, $TWiki::cfg{SMTP}{SENDERHOST}.

Back to top

---

TWiki Upgrade Guide

This guide covers upgrading from a previous version of TWiki (such as Cairo or TWiki4.0) to TWiki 4.2_

Overview

TWiki-4.0.0 was a major new release. TWiki-4.1.0 was a minor release without dramatic changes since 4.0.0. TWiki-4.2.0 is also a minor release containing a few new features that can be seen by the end user, a large number of bug fixes, and a face lift for the skin. It also contains some important updates under the hood to the way users are handled which enables new types of authentication and integration with other systems. The most important new feature is the QuerySearch feature.

Upgrade Requirements

• Please review the AdminSkillsAssumptions before you upgrade TWiki
• Review TWiki:TWiki.TWikiUpgradeTo04x02 for latest information and experience notes.
• To upgrade from a release prior to TWiki Release 01-Sep-2004, start with TWiki:TWiki.UpgradingTWiki on TWiki.org
• To upgrade from a standard TWiki Release 01-Sep-2004 to the latest TWiki-4.X Production Release, follow the instructions below
• Once the upgrade has been applied, an existing earlier installation will still be able to read all the topics, but should not be used to write. Make sure you take a backup!
• Not all Plugins written for TWiki Release 01-Sep-2004 are fully supported with 4.X. Make sure the Plugins you use can be upgraded as well!

Major Changes Compared to TWiki Release 01-Sep-2004 and TWiki Release 4.0.0

See TWikiReleaseNotes04x00, TWikiReleaseNotes04x01 and TWikiReleaseNotes04x02

Upgrade Procedure

The following steps are a rough guide to upgrading only. It is impossible to give detailed instructions, as what you have to do may depend on whether you can configure the webserver or not, and how much you have changed distributed files in your current TWiki release.

The main steps are:

1. Install the new TWiki version, configure it, and get it to work similar to the old version
2. Install additional extensions (Plugins). Make sure to use the latest versions
3. Copy all the non-default webs from the old installation to the new
4. Copy the users from old installation to the new incl all their topics from Main
5. Apply tailorings to your Skin (logos, menu bars etc)
6. Apply preferences from old installation

Installation

• Follow the installation instructions in INSTALL.html which you find in the root of the new installation. Install the new release in a new directory. Do not install on top of the old release.
• Use the configure script to configure TWiki.
  • If you are upgrading from a 4.x.x release, you can carry over the configure settings from the old release.
  • You need to run configure and save the configuration once when you upgrade as this will update the altered and added settings.
  • You can also choose to start with a fresh configuration and walk through all the settings using your old LocalSite.cfg as a reference. This way you will not have old obsolete settings in the new LocalSite.cfg.
  • If at any time during the installation you want to start over from fresh all you need to do is delete the lib/LocalSite.cfg file and re-run configure.
• Additional resources
  • TWiki:TWiki.UpgradingTWiki04x00PatchReleases
  • TWiki:TWiki.InstallingTWiki#OtherPlatforms
  • TWiki:TWiki.ApacheConfigGenerator
  • TWiki:TWiki.SettingFileAccessRightsLinuxUnix
  • If you upgrade from an older TWiki your lib/TWiki.cfg from the old TWiki installation is a good resource for some of the settings you will need but you cannot reuse the old TWiki.cfg.
• Make sure you have a working basic TWiki before you continue

Install Extensions

• Note that not all extensions that worked in Cairo have been updated to work with TWiki4.X. Many Cairo plugins work fine. Some do not. Many plugins have been upgraded to work with TWiki4.0 and later.
• From TWiki-4.1.0 the configure script which you ran during installation supports installation of additional plugins.
• Manual installation is possible. Follow the instruction on the Plugin page at twiki.org.
• Check the plugin topics from your old TWiki installation. There may be plugin settings that you want to transfer to the new TWiki installation.
  Hint: For an easier upgrade later on, set the plugin preferences settings in the Main.TWikiPreferences topic, not in the plugin topic. To identify the plugin, prefix the name of the setting with the capitalized name of the plugin. For example, to change the DEFAULT_TYPE setting of the CommentPlugin, create a COMMENTPLUGIN_DEFAULT_TYPE setting in Main.TWikiPreferences.
• Typical plugin settings you may have altered.
  • CommentPlugin - Set DEFAULT_TYPE
  • EditTablePlugin - Set CHANGEROWS, Set QUIETSAVE, and Set EDITBUTTON
  • InterwikiPlugin - Set RULESTOPIC
  • InterWikis - If you added your own rules you should save this topic and not overwrite it.
  • SlideShowPlugin - Make sure you did not change the embedded 'Default Slide Template' If you did you should save it. It is a bad idea to do. It is better to define your own slide show templates as separate topics that do not get overwritten when you upgrade.
  • SmiliesPlugin - Did you add your own smileys? No real changes were made to the smilies topic October 2005 so you can just leave this topic as it is.
  • TablePlugin - Set TABLEATTRIBUTES
• Remember that a plugin must be activated in configure.
• To avoid having to re-apply plugin settings each time you upgrade a plugin or TWiki itself, define the altered plugin settings in Main.TWikiPreferences instead

Copy your old webs to new TWiki

• When upgrading from Cairo or earlier it may be necessary to unlock the rcs files in data and pub directories from the old installation using the following shell commands:
  • find data -name '*,v' -exec rcs -u -M '{}' \;
  • find pub -name '*,v' -exec rcs -u -M '{}' \;
• Copy your local webs over to the data and pub directories of the new install. Do not copy the default webs: TWiki, Main, Trash, Sandbox, _default, and _empty.

Copy Users And Their Topics From Main Web

• Copy all the topics from the Main web and corresponding pub/Main directories from the old TWiki to the new TWiki but do not overwrite any of the new topics already inside the new Main directory!
• Manually merge all the users from the old Main.TWikiUsers topic to the new TWiki. If you upgrade from Cairo you can simply use the old file and add the missing new system users to the list of users. If you upgrade from TWiki-4.0.X simply use the old topic. Starting from 4.2.0 TWiki no longer ships with a Main.TWikiUsers topic. When you register the first user TWiki now checks for an existing Main.TWikiUsers and if it does not exist it gets created.
• If you use data/.htpasswd for authentication copy this file from the old TWiki to the new.
  • If you upgrade from Cairo and you are using the Htpasswd login manager, then note that email addresses for users have moved out of user topics and into the password database. There is a script that performs this extra upgrade step for you - see tools/upgrade_emails.pl.
• The old sandbox web may have a lot of useful topic and users may use it actively for drafts. Manually select the topics (remember the corresponding pub directories) from the old Sandbox web and copy them to the new TWiki. Decide if you want to overwrite the sandbox homepage and left menu bar or keep the new.
• If you added or removed fields from the user topic form you may also have tailored TWiki.TWikiRegistration. Make sure you either reuse the registration topic from the old installation or apply the same field changes to the new TWiki.TWikiRegistration topic.
• Starting from 4.2.0 TWiki ships with NewUserTemplate and UserForm in the TWiki web. If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

Apply Customizations To The Skin

• Not many of the old Cairo skins work well with TWiki4.X.
• Add Logos, update top bar and left bar as required.
• Apply any desired changes to style sheets and templates. The default PatternSkin has been totally rewritten since Cairo and once more in 4.0.2. Since then changes to PatternSkin have been minor and you may be able to carry over most simpler tailorings directly from 4.0.2-4.0.5.
• Additional resources:
  • TWiki:TWiki.UpgradingTWiki04x00PatchReleases
  • PatternSkinCustomization
  • PatternSkinCssCookbook

Apply Preferences From Old Installation

• Transfer any customized and local settings from TWiki.TWikiPreferences to the topic pointed at by {LocalSitePreferences} (Main.TWikiPreferences). Per default this is Main.TWikiPreferences. This avoids having to write over files in the distribution on a later upgrade.
• If you changed any of the topics in the original TWiki distribution, you will have to transfer your changes to the new install manually. There is no simple way to do this, though a suggestion is to use 'diff' to find changed files in the data/TWiki of the old and new TWiki installation, and transfer the changes into the new TWiki install. If you can run a GUI on your server, you may find that using a visual diff tool like WinMerge, meld, kdiff3, xxdiff, etc. is helpful.
• Compare the WebPreferences topics in the old TWiki Installation with the default from the new TWiki installation and add any new Preferences that may be relevant.
• Compare the WebLeftBar topics in the old TWiki Installation with the default from the new TWiki installation and add any new feature that you desire.

Customization of Special Pages

Some pages in the TWiki web are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. If you have made such customizations remember to replace these topics in the TWiki web with the tailored versions from your old installation. The topics are:

• TWiki.ChangePassword
• TWiki.ResetPassword
• TWiki.ChangeEmailAddress

Upgrading from Cairo to TWiki4 (additional advice)

Favicon

TWiki4's PatternSkin introduces the use of the favicon feature which most browsers use to show a small icon in front of the URL and for bookmarks.

In TWiki4 it is assumed that each web has a favicon.ico file attached to the WebPreferences topic. When you upgrade from Cairo to TWiki4 you do not have this file and you will get flooded with errors the error log of your web server. There are two solutions to this.

• Attach a favicon.ico file to WebPreferences in each web.
• Preferred: Change the setting of the location of favicon.ico in TWikiPreferences so all webs use the favicon.ico from the TWiki web. This is the fastest and easiest solution.

To change the location of favicon.ico in TWikiPreferences to the TWiki web add this line to TWikiPreferences

   * Set FAVICON = %PUBURLPATH%/%SYSTEMWEB%/%WEBPREFSTOPIC%/favicon.ico

TWikiUsers topic in Main web

Your Cairo Main.TWikiUsers topic will work in TWiki4 but you will need to ensure that these 4 users from the default TWiki4 version of TWikiUsers are copied to the existing TWikiUsers topic. TWikiGuest is probably already there but the others are new

• TWikiContributor - placeholder for a TWiki developer, and is used in TWiki documentation
• TWikiGuest - guest user, used as a fallback if the user can't be identified
• TWikiRegistrationAgent - special user used during the new user registration process
• UnknownUser - used where the author of a previously stored piece of data can't be determined

You additionally need to ensure that TWikiUsers has the Set ALLOWTOPICCHANGE = TWikiAdminGroup, TWikiRegistrationAgent. Otherwise people will not be able to register.

Important Changes since 4.0.5

Supported Perl version

TWiki 4.0.5 worked on Perl version 5.6.X. Reports from users has shown that unfortunately TWiki 4.1.0 does not support Perl versions older then 5.8.0. It is the goal that TWiki should work on at least Perl version 5.6.X but none of the developers have had access to Perl installations older than 5.8.0.

Since TWiki 4.1.0 has some urgent bugs the development team decided to release TWiki 4.1.1 without resolving the issue with Perl 5.6.X. We will however address this and try and resolve it for a planned 4.1.2 release. The TWiki community is very interested in contributions from users that have fixes for the code which will enable TWiki to run on older versions of Perl.

See the WhatVersionsOfPerlAreSupported topic to keep up to date with the discussion how to get back support for earlier Perl versions.

Template spec changed

Until TWiki 4.0.5 TWikiTemplates the text inside template definition blocks (anything between %TMPL:DEF{"block"}% and %TMPL:END% was stripped of leading and trailing white space incl new lines.

This caused a lot of problems for skin developers when you wanted a newline before or after the block text.

From TWiki 4.1.0 this has changed so that white space is no longer stripped. Skins like PatternSkin and NatSkin have been updated so that they work with the new behavior. But if you use an older skin or have written your own you will most likely need to make some adjustments.

It is not difficult. The general rule is - if you get mysterious blank lines in your skin, the newline after the %TMPL:DEF{"block"}% needs to be removed. Ie. the content of the block must follow on the same line as the TMPL:DEF.

The spec change have the same impact on CommentPlugin templates where you may have to remove the first line break after the TMPL:DEF. See the CommentPluginTemplate for examples of how comment template definitions should look like in TWiki-4.1.X

An example: A CommentPlugin template that adds a comment as appending a row to a table. Before the spec change this would work.

<verbatim>
%TMPL:DEF{OUTPUT:tabletest}%%POS:BEFORE%
|%URLPARAM{"comment"}%| -- %WIKIUSERNAME% - %DATE% |
%TMPL:END%
</verbatim>

From Twiki 4.1.0 the old template definition will add an empty line before the new table row. To fix it simply remove the new line before the table.

<verbatim>
%TMPL:DEF{OUTPUT:tabletest}%%POS:BEFORE%|%URLPARAM{"comment"}%| -- %WIKIUSERNAME% - %DATE% |
%TMPL:END%
</verbatim>

The advantage of the spec change is that now you can add leading and trailing white space including new lines. This was not possible before.

Important Changes since 4.1.0

New location for session files

An upgrader upgrading to 4.1.1 should note the following important change

The directory for passthrough files and session files have been replaced by a common directory for temporary files used by TWiki. Previously the two configure settings {PassthroughDir} and {Sessions}{Dir} were by default set to /tmp. These config settings have been replaced by {TempfileDir} with the default setting value /tmp/twiki. If the twiki directory does not exist twiki will create it first time it needs it.

It is highly recommended no longer to use the tmp directory common to other web applications and the new default will work fine for most. You may want to delete all the old session files in /tmp after the upgrade to 4.1.1. They all start with cgisess_. It is additionally highly recommended to limit write access to the {TempfileDir} for security reasons if you have non-admin users with login access to the webserver just like you would do with the other webserver directories.

Back to top

---

TWiki User Authentication

TWiki site access control and user activity tracking options

Overview

Authentication, or "login", is the process by which a user lets TWiki know who they are.

Authentication isn't just to do with access control. TWiki uses authentication to identify users, so it can keep track of who made changes, and manage a wide range of personal settings. With authentication enabled, users can personalise TWiki and contribute as recognised individuals, instead of shadows.

TWiki authentication is very flexible, and can either stand alone or integrate with existing authentication schemes. You can set up TWiki to require authentication for every access, or only for changes. Authentication is also essential for access control.

Quick Authentication Test - Use the %USERINFO% variable to return your current identity:

• You are guest, TWikiGuest,

TWiki user authentication is split into four sections; password management, user mapping, user registration, and login management. Password management deals with how users personal data is stored. Registration deals with how new users are added to the wiki. Login management deals with how users log in.

Once a user is logged on, they can be remembered using a Client Session stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again.

TWiki user authentication is configured through the Security Settings pane in the configure interface.

Please note FileAttachments are not protected by TWiki User Authentication.

Tip: TWiki:TWiki.TWikiUserAuthenticationSupplement on TWiki.org has supplemental documentation on user authentication.

Password Management

As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the [[/wiki/bin/configure][configure] interface for more details.

You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.

User Mapping

Often when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly WikiName. Also, an external authentication database may well have user information you want to import to TWiki, such as user groups.

By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support import of groups etc.

User Registration

New user registration uses the password manager to set and change passwords and store email addresses. It is also responsible for the new user verification process. the registration process supports single user registration via the TWikiRegistration page, and bulk user registration via the BulkRegistration page (for admins only).

The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support.

Login Management

Login management controls the way users have to log in. There are three basic options; no login, login via a TWiki login page, and login using the webserver authentication support.

No Login (select none in configure)

Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity.

Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Template Login (select TWiki::Client::TemplateLogin in configure)

Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

1. Use the configure interface to
   1. select the TWiki::Client::TemplateLogin login manager (on the Security Settings pane).
   2. select the appropriate password manager for your system, or provide your own.
2. Register yourself in the TWikiRegistration topic.
   Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
3. Create a new topic to check if authentication works.
4. Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.
   This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

TWikiAccessControl has more information on setting up access controls.

At this time TWikiAccessControls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access.

You can create a custom version of the TWikiRegistration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade.

The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate? topic, which will then override the default.

Apache Login (select TWiki::Client::ApacheLogin in configure)

Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver.

The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules such as mod_auth_ldap or mod_auth_mysql you can just plug in directly to them.

The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.

TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName).

The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.

Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.

1. Use configure to select the TWiki::Client::ApacheLogin login manager.
2. Use configure to set up TWiki to create the right kind of .htpasswd entries.
3. Create a .htaccess file in the twiki/bin directory.
   There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done.
   If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support)
   At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access
4. You can create a custom version of the TWikiRegistration form by copying the default topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade.
   The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the