Translations:Manual:Security/123/en

On unix-like systems, you can do this by ensuring that the mediawiki directory/files are owned by someone other than your web server user (www-data) or mysql server user. Depending on how you installed MediaWiki this may already be the case, but if not can be accomplished by doing $code1 where username is a user other than the webserver or mysql user (commonly you would use your own username provided $mysql and $php are not running as your username). After doing that step, you may however need to change the owner of the image directory back to the php user, as uploaded files need to go there, so MediaWiki needs to be able to write there (e.g. $code2). Next you run $code3 to remove write access from all other users besides the file owners. After doing that step you may need to re-enable write access to the images directory.