Hi -- we've just moved our Moin installation from one server to another.
We installed Moin from scratch on the new server because we wanted to
use /usr/bin/python instead of a custom-built /usr/local/bin/python, and
we moved the data from /usr/local/share/moin to /var/share. (I think we
made a minor upgrade from 1.5.1 or 1.5.2 to 1.5.3 ... but I can't
actually figure out what the old version was, so I'm not sure about
This is a private wiki -- all access requires authentication. We use
HTTP auth, so all users should be "Trusted" all the time. Thus, we have
this in wikiconfig.py to make sure that all users have full access once
they are authenticated:
acl_rights_before = u"AdminGroup:admin,read,write,delete,revert"
acl_rights_default = u"-SalesGroup:read,write,delete,revert,admin Trusted:read,write,delete,revert All:read"
This worked fine on the old server for several months.
Now, after migrating to the new server, non-admin users have lost
write/delete/revert access, i.e. they can read but not modify anything.
From some indirect experiments, I'm pretty sure that the problem is that
users are no longer considered "Trusted". A couple of questions:
* is there a way to know for sure whether users are trusted or not?
e.g. is there a debug log file somewhere that I'm missing? or an
option to increase logging?
* I've been haphazardly adding my own "logging" by writing to stderr
and seeing what lands in data/error.log ... it's quite frustrating,
though, because I'm never quite sure if the lack of output by
a particular print statement is because that line of code isn't hit,
or because stderr doesn't happen to be redirected to data/error.log
when it is hit. Some stderr output seems to go to
/var/log/httpd/error_log, but it all seems rather random and
unpredictable. What is the *right* way to add debug logging
statements to Moin to try to figure out what it's doing?
* our wikiconfig.py correctly (?) does
from MoinMoin import auth
auth = [auth.http]
but I'm having a hard time understanding exactly when auth.http() is
called. Since we use the CGI interface only (performance is
acceptable, so we haven't bothered with anything fancier), I would
expect it to be called for every single request. But adding a
"print >>sys.stderr, ..." statement in auth.http() does not backup
that assumption. So ... am I right? is auth.http() supposed to be
called on every hit?