安裝MediaWiki之后，用戶的權(quán)限設(shè)置是完全開放的，需要做一些設(shè)置，對(duì)匿名用戶的設(shè)置可以從修改LocalSettings.php入手，下載該文件，然后按照希望設(shè)置的用戶權(quán)限，在文件中插入對(duì)應(yīng)的設(shè)置語句，存儲(chǔ)后再上傳回去就可以了。

通過下面介紹的設(shè)置方法，可以阻止匿名用戶注冊(cè)，又或者阻止他們編輯，要求注冊(cè)后才能夠編輯，還可以設(shè)定注冊(cè)前匿名用戶可以查看那些頁面。而在設(shè)置新用戶的注冊(cè)之后，管理人員仍可通過特殊頁面手動(dòng)為其他人創(chuàng)建用戶。而用戶的權(quán)限，則可以通過特殊頁面內(nèi)的User rights management進(jìn)行管理。

LocalSettings.php用戶權(quán)選設(shè)置相關(guān)選項(xiàng)

基本語法[ ]

$wgGroupPermissions['group']['right'] = true /* 或者 false */;

group代表用戶組，right 是權(quán)限。如果是true ，就說明該用戶組擁有該項(xiàng)權(quán)限，如果是false，就說明該用戶組沒有該項(xiàng)權(quán)限。

如果一個(gè)用戶屬于多個(gè)用戶組，那么該用戶擁有這些用戶組中最高的權(quán)限。所有用戶（包括未注冊(cè)用戶）包含在*用戶組中，所有注冊(cè)的用戶包含在user用戶組中。如果需要設(shè)置匿名用戶不能編輯但是注冊(cè)用戶可以編輯，可以采取這樣的方法，首先禁止所有用戶編輯：

$wgGroupPermissions['*']['edit'] = false;

然后允許注冊(cè)用戶編輯：

$wgGroupPermissions['user']['edit'] = true;

• 包含了所有用戶，不僅僅是匿名用戶（未注冊(cè)用戶），所以如果設(shè)置*的某一項(xiàng)權(quán)限是false，那么又要允許注冊(cè)用戶擁有該項(xiàng)權(quán)限就必須設(shè)置user的權(quán)限是true。

MediaWiki的默認(rèn)設(shè)置[ ]

$wgGroupPermissions = array();
 
// Implicit group for all visitors
$wgGroupPermissions['*']['createaccount']    = true;
$wgGroupPermissions['*']['read']             = true;
$wgGroupPermissions['*']['edit']             = true;
$wgGroupPermissions['*']['createpage']       = true;
$wgGroupPermissions['*']['createtalk']       = true;
$wgGroupPermissions['*']['writeapi']         = true;
//$wgGroupPermissions['*']['patrolmarks']      = false; // let anons see what was patrolled
 
// Implicit group for all logged-in accounts
$wgGroupPermissions['user']['move']             = true;
$wgGroupPermissions['user']['move-subpages']    = true;
$wgGroupPermissions['user']['move-rootuserpages'] = true; // can move root userpages
//$wgGroupPermissions['user']['movefile']         = true;	// Disabled for now due to possible bugs and security concerns
$wgGroupPermissions['user']['read']             = true;
$wgGroupPermissions['user']['edit']             = true;
$wgGroupPermissions['user']['createpage']       = true;
$wgGroupPermissions['user']['createtalk']       = true;
$wgGroupPermissions['user']['writeapi']         = true;
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = true;
$wgGroupPermissions['user']['reupload-shared']  = true;
$wgGroupPermissions['user']['minoredit']        = true;
$wgGroupPermissions['user']['purge']            = true; // can use ?action=purge without clicking "ok"
$wgGroupPermissions['user']['sendemail']        = true;
 
// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions['autoconfirmed']['autoconfirmed'] = true;
 
// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions['bot']['bot']              = true;
$wgGroupPermissions['bot']['autoconfirmed']    = true;
$wgGroupPermissions['bot']['nominornewtalk']   = true;
$wgGroupPermissions['bot']['autopatrol']       = true;
$wgGroupPermissions['bot']['suppressredirect'] = true;
$wgGroupPermissions['bot']['apihighlimits']    = true;
$wgGroupPermissions['bot']['writeapi']         = true;
#$wgGroupPermissions['bot']['editprotected']    = true; // can edit all protected pages without cascade protection enabled

// Most extra permission abilities go to this group
$wgGroupPermissions['sysop']['block']            = true;
$wgGroupPermissions['sysop']['createaccount']    = true;
$wgGroupPermissions['sysop']['delete']           = true;
$wgGroupPermissions['sysop']['bigdelete']        = true; // can be separately configured for pages with > $wgDeleteRevisionsLimit revs
$wgGroupPermissions['sysop']['deletedhistory']   = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions['sysop']['deletedtext']      = true; // can view deleted revision text
$wgGroupPermissions['sysop']['undelete']         = true;
$wgGroupPermissions['sysop']['editinterface']    = true;
$wgGroupPermissions['sysop']['editusercss']      = true;
$wgGroupPermissions['sysop']['edituserjs']       = true;
$wgGroupPermissions['sysop']['import']           = true;
$wgGroupPermissions['sysop']['importupload']     = true;
$wgGroupPermissions['sysop']['move']             = true;
$wgGroupPermissions['sysop']['move-subpages']    = true;
$wgGroupPermissions['sysop']['move-rootuserpages'] = true;
$wgGroupPermissions['sysop']['patrol']           = true;
$wgGroupPermissions['sysop']['autopatrol']       = true;
$wgGroupPermissions['sysop']['protect']          = true;
$wgGroupPermissions['sysop']['proxyunbannable']  = true;
$wgGroupPermissions['sysop']['rollback']         = true;
$wgGroupPermissions['sysop']['trackback']        = true;
$wgGroupPermissions['sysop']['upload']           = true;
$wgGroupPermissions['sysop']['reupload']         = true;
$wgGroupPermissions['sysop']['reupload-shared']  = true;
$wgGroupPermissions['sysop']['unwatchedpages']   = true;
$wgGroupPermissions['sysop']['autoconfirmed']    = true;
$wgGroupPermissions['sysop']['upload_by_url']    = true;
$wgGroupPermissions['sysop']['ipblock-exempt']   = true;
$wgGroupPermissions['sysop']['blockemail']       = true;
$wgGroupPermissions['sysop']['markbotedits']     = true;
$wgGroupPermissions['sysop']['apihighlimits']    = true;
$wgGroupPermissions['sysop']['browsearchive']    = true;
$wgGroupPermissions['sysop']['noratelimit']      = true;
$wgGroupPermissions['sysop']['versiondetail']    = true;
$wgGroupPermissions['sysop']['movefile']         = true;
#$wgGroupPermissions['sysop']['mergehistory']     = true;

// Permission to change users' group assignments
$wgGroupPermissions['bureaucrat']['userrights']  = true;
$wgGroupPermissions['bureaucrat']['noratelimit'] = true;
// Permission to change users' groups assignments across wikis
#$wgGroupPermissions['bureaucrat']['userrights-interwiki'] = true;
// Permission to export pages including linked pages regardless of $wgExportMaxLinkDepth
#$wgGroupPermissions['bureaucrat']['override-export-depth'] = true;

#$wgGroupPermissions['sysop']['deleterevision']  = true;
// To hide usernames from users and Sysops
#$wgGroupPermissions['suppress']['hideuser'] = true;
// To hide revisions/log items from users and Sysops
#$wgGroupPermissions['suppress']['suppressrevision'] = true;
// For private suppression log access
#$wgGroupPermissions['suppress']['suppressionlog'] = true;

/**
 * The developer group is deprecated, but can be activated if need be
 * to use the 'lockdb' and 'unlockdb' special pages. Those require
 * that a lock file be defined and creatable/removable by the web
 * server.
 */
# $wgGroupPermissions['developer']['siteadmin'] = true;

阻止新用戶注冊(cè)[ ]

• $wgGroupPermissions['*' ]['createaccount'] = false;

注意：阻止新用戶注冊(cè)，此時(shí)管理員可以到特殊頁面上的用戶登錄頁面（Special:UserLogin）里，輸入希望為其建立帳戶的某人的用戶名與電子郵件地址，然后點(diǎn)擊通過eMail（by email）按鈕遞交，系統(tǒng)將創(chuàng)建帳號(hào)并將隨機(jī)生成的密碼發(fā)送到指定email里。

設(shè)定匿名用戶可看的頁面[ ]

$wgWhitelistRead = array (”Main Page”, “Special:Userlogin”, “Wikipedia:Help”);

匿名用戶只能看到Main Page、登錄頁面以及幫助頁面。

修改其他的例子：$wgWhitelistRead = array (”首頁”, “Special:Userlogin”, “某某Wiki:Help”);

設(shè)置匿名用戶權(quán)限[ ]

• $wgGroupPermissions['*' ]['createaccount'] = false;
• $wgGroupPermissions['*' ]['read'] = true;
• $wgGroupPermissions['*' ]['edit'] = false;
• $wgGroupPermissions['user' ]['createaccount'] = true;
• $wgGroupPermissions['user' ]['edit'] = true;

設(shè)置匿名用戶可讀內(nèi)容[ ]

• $wgWhitelistRead = array( "Main Page", "Special:Userlogin" );
• $wgGroupPermissions['*' ]['read'] = false;

注意：具體需要對(duì)應(yīng)自己的站點(diǎn)鏈接，而對(duì)于多字節(jié)語言的MediaWiki，例如中文首頁鏈接index.php?title=%E9%A6%96%E9%A1%B5，這首頁中文字符PHP可能無法正確解碼。需要利用urldecode()函數(shù)轉(zhuǎn)換一下，寫為：

• $wgWhitelistRead = array( urldecode("%E9%A6%96%E9%A1%B5") ;

禁止匿名用戶編輯[ ]

• #$wgGroupPermissions = array();
• $wgGroupPermissions['*createaccount'] = false;
• $wgGroupPermissions['*']['read'] = true;
• $wgGroupPermissions['*']['edit'] = false;

“編輯”標(biāo)簽仍會(huì)顯示，但匿名用戶點(diǎn)擊時(shí)會(huì)被提示要求進(jìn)行登錄。

等式右側(cè)的值決定各組成員的權(quán)限。左側(cè)第一方括號(hào)內(nèi)的’*'代表包括匿名用戶在內(nèi)的所有成員。登錄用戶控制存放在’user’組，這些將綜合決定user_groups數(shù)據(jù)表中的成員權(quán)限。

這些設(shè)置取代了以前的wgWhitelistAccount和wgWhitelistEdit。

如此設(shè)定后，用戶連首頁和登錄頁面也看不到了。