From 22724c9a628f102f22310cd972508a86a25bd231 Mon Sep 17 00:00:00 2001 From: mj Date: Tue, 26 Mar 2002 20:00:33 +0000 Subject: [PATCH] Minor changes. --- doc/INSTALL.mir | 64 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/doc/INSTALL.mir b/doc/INSTALL.mir index 06f1a0b4..c419c2d7 100755 --- a/doc/INSTALL.mir +++ b/doc/INSTALL.mir @@ -29,27 +29,40 @@ CVS CHECKOUT: now customize config.properties for your needs. -3. configure the build.sh file with java_home - cp build.sh-dist build.sh - chmod 755 build.sh +3. configure the build.xml file if neccessary + cd .. + cp build.xml-new build.xml -4. copy the mir/templates-dist-directory to mir/templates +4. configure the perms.sh file if neccessary -- IMPORTANT! READ THIS! + We provide a script that sets all files' and direcories' permissions to + a quite reasonable state. This script gets automagically called by + ant after compilationl. The most important thing you have to do after + compiling Mir is to ensure that the log files -- especially + dbentity.log -- are not readable by users that could compromise + system security, because all passwords and the like will be logged here. + + cp perms.sh-dist perms.sh + # Now, change the install directory and group in perms.sh + edit perms.sh -5. compile (do this as root so the permissions script is able to set +5. copy the mir/templates-dist-directory to mir/templates + + +6. compile (do this as root so the permissions script is able to set the permissions and owners correctly). - sh build.sh + ant -6. Link in the webapps directory of tomcat to the install directory (the +7. Link in the webapps directory of tomcat to the install directory (the directory is called "Mir" and is located in the same directory in which you installed the "mir" directory). cd /usr/share/tomcat/webapps ln -s Mir-install-dir Mir -7. Modify your tomcat startup script and add an LD_LIBRARY_PATH variable +8. Modify your tomcat startup script and add an LD_LIBRARY_PATH variable that points to the WEB-INF/lib directory of your Mir install dir. (called "Mir"). Add something like the following at the top of tomcat.sh (tomcat.sh is found in the "bin/" dir. under $TOMCAT_HOME): @@ -61,40 +74,24 @@ other ".so" files live). Or, you can skip the whole thing and live without "native" acceleration for image manipulation -8. create a new database +9. create a new database the database name should be the same as in config.properties as user postgres: createdb dbname -9. create base table +10. create base table psql -Upostgres dbname < dbscripts/create_pg.sql cat dbscripts/help*.sql | psql -Upostgres dbname cat dbscripts/populate*.sql | psql -Upostgres dbname -10. Add the dupe prevention trigger to the database: +11. Add the dupe prevention trigger to the database: cd dbscripts/dupetrigger There, read INSTALL and follow the instructions. -11. Set permissions -- IMPORTANT! READ THIS! - We provide a script that sets all files' and direcories' permissions to - a quite reasonable state. The most important thing you have to do after - the invokation of this script is to ensure that the log files -- - especially dbentity.log -- are not readable by users that could - compromise system security, because all passwords and the like will - be logged here. - - cp perms.sh-dist perms.sh - # Now, change the install directory and group in perms.sh - edit perms.sh - ./perms.sh - - - - 12. restart tomcat 13. configure mod_jk @@ -135,12 +132,19 @@ Database.Username=postgres Database.Password=yourpassword You should make sure that no copy of config.properties (neither in mir nor -in Mir/src nor in Mir/WEB-INF/classes) is world-readable. Else you wouldn't -have to install a password, anyway. +in Mir/src nor in Mir/WEB-INF/classes nor in the directory tree you compiled +Mir from) is world-readable. Else you wouldn't have to install a password, +anyway. If you can't access PostgreSQL after this for any reason, try and change "password" in /etc/postgresql/pg_hba.conf to "trust". This should disable -any authentication method and make the database accessible again. +any authentication method and make the database accessible again. Please use +this setting only temporarily because anybody who can access the PostgreSQL +server could take over the database completely this way. After you fixed +your password setting, switch the setting back to "password". +You may want to change your PostgreSQL password from time to time to make +database takeover harder. Rememer: Security is a process. + that's it :) -- 2.11.0