Hello! And a big thank you to the developers for this great software!

I am a new user and not a web developer so please forgive me if the answers to my naïve questions are implicitly assumed by profies in the field. I have read guides on the site, looked through other materials, set up an instance of piwigo and used it already some time in hope to figure out the answers myself before asking for help here. Unfortunately, some frustration regarding very basic things persists. I would be thankful if you could point me to document(s) where my questions are answered. I also read the forum rule which says to open a new topic for each question but my questions seem so basic, related to getting started with piwigo, and small that I dare to combine them in a single post. If you find this too much, please remove this post and I will create a series which comply to the rule.

1. Questions related to software installation

1.1. I set up mariadb, created a database and a user. I also have given that user a standard set of access rights to the database (CREATE, SELECT, INSERT, DELETE, UPDATE) and immediately found that this set is not enough. So I have granted the full access to the user but this is obviously not the greatest practice. What is the actual minimally needed set of access rights for the piwigo database user now and in the future?

1.2. I found that installation creates a world-readable file

local/config/database.inc.php

which contains some secrets (database user and password). Obviously this is not the best security practice to have such files world-readable. Is there a list of files (including any files that belong to plugins and themes) that need a system administrator to review their security manually? Is it enough to do so once upon installation or one need to return to this list from time to time (after upgrades, for example)?

1.3. I currently have set up a piwigo instance on a single server (actually, my home PC) and it mostly works. But what I would like to achieve is to have a cluster of two servers in two geographic locations for redundancy (say, the main server and a backup with continuous or scheduled replication for the case when the main server fails). Is there some ready to use features which help me in such a setup? Could you point me to any guides I should read before attempting to do this?

2. Questions related to software upgrade

2.1. I have read that some plugins may become incompatible after a major upgrade like from 2.10 to 11. Is there a way to know in advance (that is, prior to upgrade) which installed plugins become incompatible? I believe I have seen once such a list in the administration interface of piwigo but I have not been able to find it again.

2.2. I have read the manual update guide. I am running Gentoo linux with its two-stage installation of web applications. Would you please confirm that my adaptation to the manual update guide is correct? (I am going the manual route because I prefer that the package manager databases (portage and webapp-config, in Gentoo) are in accordance with the actual state of things and that I can use automatized checks for known vulnerabilities in software provided by the OS (glsa-check, in Gentoo). So my adaptation is as follows:
2.2.1. I should update piwigo with normal system update. I also should ignore the step of deleting local/config directory because webapp-config will take care of not installing config or modified files anyway.
2.2.2..2.2.4. I should complete steps 2-4 without modification (backup the database, skip the step 3, lock the gallery).
2.2.5. I should skip the cleaning because webapp-config will care about only updating files that have not been modified (and I will revert files which are to be updated and which I modified manually) and have changed in the new version.
2.2.6. Do actual update with OS-supplied mechanism (with the webapp-config -U).
2.2.7. Launch upgrade.php
2.2.8. Check everything, unlock the gallery

Sorry if this is too much Gentoo-specific. I do not ask to dig into details if you are not already there but would you confirm that my general understanding is correct provided that the tool webapp-config does install (actually, hard-link to the application’s web root) only files that changed in the new version and not changed on the disk compared to their state at the time of previous installation.

Thanks in advance for help.
Regards,
Alexander.


Following the rule 6,
    Piwigo 2.10.2 Check for upgrade
    Operating system: Linux
    PHP: 7.4.14 (Show info) [2021-01-25 16:15:34]
    MySQL: 5.5.5-10.4.17-MariaDB-log [2021-01-25 19:15:34]
    Graphics Library: External ImageMagick 7.0.10-52
Piwigo URL: unseen.photo (I am going to switch it off though soon for replacing RAID battery).

Last edited by alb (2021-01-25 17:37:30)