MIR INSTALLATION HOWTO
-Last updated: $Date: 2003/01/18 08:44:09 $
+Last updated: $Date: 2003/07/06 04:02:29 $
----------------------------------------------------------------
Here is a short installation-howto of Mir.
prerequisites:
-- tomcat 4.0.4 (4.0.3 and below have some bad bugs) or above (3.3 works too as
- of 04.04.2002, but this could change)
+- tomcat 4.0.4+ or 3.3 (4.0.3 and below have some bad bugs)
tomcat is available from http://jakarta.apache.org/tomcat/
- apache 1.3.x. with mod_jk.so. As far as I can tell the connector for 2.x is
still rather undocumented. http://httpd.apache.org
-- postgres 7.1.x or 7.2.x. http://www.postgresql.org
+- postgres 7.1+
- ant (a java-based make)
- jaxp-1.1 (a SAX 2.0 compliant XML parser, comes with ant >= 1.4)
- the JAI image framework (Java Advanced Imaging) versin 1.1.1 . get it from
CVS CHECKOUT:
- cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvs co mir
+ cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvs co -r MIR_1_1 mir
2. customize the config:
edit perms.sh
-
-4. copy the mir/templates-dist-directory to mir/templates
-
+4. There is NO step 4!!
5. compile. For this step, you have to make sure that the TOMCAT_HOME
environment variable is set to the root of your tomcat installation.
6. Link in the webapps directory of tomcat to the install directory (the
-directory is called "Mir" and is located in the same directory in which
-you installed the "mir" directory). (Here and in the rest of this document,
+directory is in mir/bin/mir (Here and in the rest of this document,
we assume you called the link "Mir", but this could be named anything.)
- cd /path/to/tomcat/webapps (tomcat-4.0.x/webapps)
- ln -s /path/to/Mir Mir
+ cd ${TOMCAT_HOME}/webapps
+ ln -s /path/to/mir/bin/mir Mir
with tomcat 4.0.x, you could dynamically reload and stop the Mir webapp without
restarting tomcat by using the "Manager App" with the following url:
connect to the database and anybody manages to find out the password Mir
uses to connect, the attacker can take over the complete database. So, in
the following examples, we assume that the database name is "Mir", the
-database user will be "mir" and the password is "joshua". Please note that
+database user will be "joe" and the password is "joshua". Please note that
this particular password is far from being a good one. Watch "Wargames" for
details. =B)
+
To access the database as the database superuser, you either have to log in
as postgres on Unix level (which we don't recommend because you will need
another user to have a login shell and a password which makes system
penetration more likely) or you have to tell PostgreSQL with each
-application call that you want to connect as a specific user. If you access
-the database from any other user's account, use the -U flag to connect to
-PostgreSQL as the database superuser ("postgres"):
-
- createdb -U postgres --encoding=unicode Mir
-
-Please note that if you create the database from inside the psql application,
-the database name will likely be converted to lowercase letters.
-
-
-8b. create an unprivileged database user for Mir
-First, connect to the database as the database's superuser.
-
- psql -U postgres Mir
-
-Now we create the actual user. Please choose a password that is hard to
-guess instead of "joshua". Good passwords have characters and numerals in
-it, have no link to its owner (like being her birthday, age, name of her
-husband, dog, child, car, favourite beer brand). A good password looks like
-this: "8ncx4un".
-
- CREATE USER Mir WITH PASSWORD 'joshua' NOCREATEDB NOCREATEUSER;
+application call that you want to connect as a specific user. In the
+following example we'll create the mir database as postgreSQL user
+"pete".
-8c. create base table
-Please note that we use the superuser "postgres" to connect to the "Mir"
-database, /not/ the user "mir".
+ cd mir/dbscripts
+ su postgres
+ ./createmirdb.sh mir pete joe joshua
- psql -Upostgres -f dbscripts/create_pg.sql Mir
- for i in dbscripts/help*.sql ; do psql -Upostgres -f $i Mir ; done
- for i in dbscripts/populate*.sql ; do psql -Upostgres -f $i Mir ; done
-
-8d. Grant the required permissions to the new user
-
--- The following should be executed as the "postgres" DB user.
--- Note that ID_FROM_PG_USER and DATABASENAME should be replace with the
- appropriate field values from the 2 prior selects.
--- set owner of datbase
-select * from pg_database;
-select * from pg_user;
-update pg_database set datdba=ID_FROM_PG_USER where datname=DATABASENAME
-
--- find all tables to grant privs / select is just building sql
--- to be exectued
-
-select 'grant all on '||relname||' to "de_indy";'
-from pg_class
-where relname not like 'pg%'
-order by relname;
-
-8e. Apply neccessary changes to config.properties
+8b. Apply neccessary changes to config.properties
Please open config.properties and look for the lines that begin with
"Database.". The interesting properties are "Username", "Password", "Host"
Mir from) is world-readable. Else you wouldn't have to install a password,
anyway.
-8f. Setup PostgreSQL so that all connections have to pass a password
+8c. Setup PostgreSQL so that all localhost connections have to pass a
+password
-In /etc/postgresql/pg_hba.conf you should make sure that nobody can
-use the database without a password:
+In /etc/postgresql/pg_hba.conf, change the line with 127.0.0.1 as follows:
-local all password
host all 127.0.0.1 255.0.0.0 password
-host all 0.0.0.0 0.0.0.0 reject
-This means: All local connections (i.e. psql without "-h hostname" option)
-have to authenticate themselves with a password. All connections from
-localhost (127.0.0.1) have to supply a password, too. All other connections
-are rejected. This line doen't have to be there if you have a properly
-configured firewall but even if you do have one, it adds to the security in
-case an attacker penetrates the firewall by some hack.
+This means: All connections from 127.0.0.1 to any database will have to
+authenticate themselves with a password. Please refer to the PostgreSQL
+documentation if you want a different authentication setup. Make sure
+however that mir can connect to it's database using password authentication.
-If you can't access PostgreSQL after this for any reason, try and change
-"password" in /etc/postgresql/pg_hba.conf to "trust". This should disable
-any authentication method and make the database accessible again. Please use
-this setting only temporarily because anybody who can access the PostgreSQL
-server could take over the database completely this way. After you fixed
-your password setting, switch the setting back to "password".
-You may want to change your PostgreSQL password from time to time to make
-database takeover harder. Rememer: Security is a process.
-
-
-
-9. Add the dupe prevention trigger to the database:
- cd dbscripts/dupetrigger
-
- There, read INSTALL and follow the instructions.
-
+9. For now, there's no step 9 either.
10. Tweak mime-type extensions mappings in etc/web.xml file.
----------------------------------------------------------------
-$Date: 2003/01/18 08:44:09 $ - the Mir coders
+$Date: 2003/07/06 04:02:29 $ - the Mir coders
+++ /dev/null
-postgresql - installation doku - version 7.1.x
--------------------------------------------------------------------------------------
-
-prerequisites:
-
-we installed postgres on machines with debian / kernel 2.2 / jdk 1.3 (blackdown),
-make sure you don't have postgresql installed via debian / apt-get. if you do
-purge the installation.
-
-the following things have to be done as superuser (if not otherwise stated):
-
-
-1. make sure you have:
-
- libreadline-dev
- perl-dev
- ant >= 1.3
- (blackdown) jdk1.3
-
-2. get the tarball from postgresql.org
-
- tar xvfz postgresql-7.1.3.tar.gz
-
-3. configure
-
- ./configure --enable-odbc --enable-syslog --with-perl --enable-multibyte=UNICODE \
- --enable-locale --enable-unicode-conversion --enable-recode --with-java
-
-4. make
-
- two problems with the compilation of the jdbc-driver might occur:
-
- a) an error message "no modern / no classic-compiler"
- to get rid of this error you have to set a link in
-
- /usr/lib/j2re/lib/ext
- to: /usr/lib/j2sdk/lib/tools.jar
-
- b) an error message "zip-file must have at least one entry"
- to get rid of this error: make sure you have ant-1.3 installed
-
-5. make install
-
-6. pg_dumplo
-
-you should install "pg_dumplo" from the contrib part of the postgresql-source.
-this little programm enables you to dump the database *including* the oid (blobs).
-
- cd contrib/pg_dumplo
- make
- make install
-
-7. the start-scripts
-
-change to the start-scripts folder in the contrib-part.
-
- cd ../start-scripts
- cp linux /etc/init.d/postgresql
- chmod a+x /etc/init.d/postgresql
- update-rc.d postgresql defaults
-
- edit the start-script in /etc/init.d/postgresql, and make sure
- postgresql is started with the "-i" option. to enable this insert
- '-o "-i"' after 'start', which should look like:
-
- start)
- $ECHO_N "Starting PostgreSQL: "$ECHO_C
- su - $PGUSER -c "$DAEMON start -o '-i' -D '$PGDATA' -s -l PGLOG"
- echo "ok"
- ;;
-
-
-
-8. adding a user / starting the database
-
- adduser postgres
- passwd postgres
- mkdir /usr/local/pgsql/data
- chown postgres /usr/local/pgsql/data
- su - postgres
- /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
-
- /etc/init.d/postgresql start
- /usr/local/pgsql/bin/createdb test
- /usr/local/pgsql/bin/psql test
-
-8a. Postgresql user
-
- See INSTALL.mir for basic dealing with postgresql user.
- Use 'createdb -U postgres' to create a Database. Create
- tables with different User inside the Database.
-
-
-Fine! - now you can continue with the postgresql-section in INSTALL.mir
-Good luck.
-
-
-
projects / mir.git / commitdiff