Changeset 2df08064 for server/other
- Timestamp:
- 01/31/2016 06:49:17 AM (9 years ago)
- Branches:
- systemd-13485
- Children:
- d19fb65
- Parents:
- 957e8a3d
- Location:
- server/other
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
server/other/openldap.xml
r957e8a3d r2df08064 7 7 <!ENTITY openldap-download-http " "> 8 8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz"> 9 <!ENTITY openldap-md5sum "4 7c8e2f283647a6105b8b0325257e922">9 <!ENTITY openldap-md5sum "49ca65e27891fcf977d78c10f073c705"> 10 10 <!ENTITY openldap-size "5.4 MB"> 11 <!ENTITY openldap-buildsize "53 MB (client), 103 MB (server , additional 5 MB for the tests)">12 <!ENTITY openldap-time "0. 6 SBU (client), 1.1 SBU (server, additional 3.4 SBU for the tests)">11 <!ENTITY openldap-buildsize "53 MB (client), 103 MB (server)"> 12 <!ENTITY openldap-time "0.7 SBU (client), 1.3 SBU (server)"> 13 13 ]> 14 14 … … 35 35 </para> 36 36 37 &lfs7 7_checked;37 &lfs78_checked; 38 38 39 39 <bridgehead renderas="sect3">Package Information</bridgehead> … … 91 91 <bridgehead renderas="sect4">Optional</bridgehead> 92 92 <para role="optional"> 93 <xref linkend="db"/> (not recommended by the94 developers due to license incompatiblities),95 93 <xref linkend="icu"/>, 96 <xref linkend="mariadb"/> or97 <xref linkend="postgresql"/>,98 94 <xref linkend="pth"/>, 99 <xref linkend="unixodbc"/> and 100 <ulink url="http://www.openslp.org/">OpenSLP</ulink> 95 <xref linkend="unixodbc"/>, 96 <xref linkend="mariadb"/> or 97 <xref linkend="postgresql"/> or 98 <ulink url="http://www.mysql.com/">MySQL</ulink>, 99 <ulink url="http://www.openslp.org/">OpenSLP</ulink>, and 100 <xref linkend="db"/> (not recommended by the developers) 101 101 </para> 102 102 … … 138 138 139 139 <warning> 140 <para> 141 If upgrading from a previos installation that used Berkeley DB as 142 the backend, you will need to dump the database(s) using the 143 <command>slapcat</command> utility, relocate all files in 144 <filename class="directory">/var/lib/openldap</filename>, change all 145 instances of <option>bdb</option> to <option>mdb</option> in 146 <filename>/etc/openldap/slapd.conf</filename> and any files in 147 <filename class="directory">/etc/openldap/slapd.d</filename>, and import 148 using the <command>slapadd</command> utility after the installation is 149 completed. 140 <para>If upgrading from a previos installation that used Berkeley DB as 141 the backend, you will need to dump the database(s) using the 142 <command>slapcat</command> utility, relocate all files in 143 <filename class="directory">/var/lib/openldap</filename>, change all 144 instances of <option>bdb</option> to <option>mdb</option> in 145 <filename>/etc/openldap/slapd.conf</filename> and any files in 146 <filename class="directory">/etc/openldap/slapd.d</filename>, and import 147 using the <command>slapadd</command> utility after the installation is 148 completed. 150 149 </para> 151 150 </warning> … … 159 158 160 159 <screen role="root"><userinput>groupadd -g 83 ldap && 161 useradd -c "OpenLDAP Daemon Owner" -d /var/lib/openldap -u 83 \ 162 -g ldap -s /bin/false ldap</userinput></screen> 160 useradd -c "OpenLDAP Daemon Owner" \ 161 -d /var/lib/openldap -u 83 \ 162 -g ldap -s /bin/false ldap</userinput></screen> 163 163 164 164 <para> … … 176 176 --disable-static \ 177 177 --disable-debug \ 178 --with-tls=openssl \ 179 --with-cyrus-sasl \ 178 180 --enable-dynamic \ 179 181 --enable-crypt \ 180 182 --enable-spasswd \ 183 --enable-slapd \ 181 184 --enable-modules \ 182 --enable-rlookups \183 185 --enable-backends=mod \ 184 --enable-overlays=mod \ 186 --disable-ndb \ 187 --disable-sql \ 188 --disable-shell \ 185 189 --disable-bdb \ 186 190 --disable-hdb \ 187 -- disable-ndb \188 --disable-sql && 191 --enable-overlays=mod && 192 189 193 make depend && 190 194 make</userinput></screen> 191 195 192 196 <para> 193 To test the results, issue: <command>make -k test</command>. 197 The tests appear to be fragile. Errors may cause the tests to abort 198 prior to finishing, apparently due to timing issues. The tests 199 take about 65 minutes and are processor independent. 200 To test the results, issue: <command>make test</command>. 194 201 </para> 195 202 … … 202 209 install -v -dm700 -o ldap -g ldap /var/lib/openldap && 203 210 install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d && 204 chmod -v 640 /etc/openldap/slapd.{conf,ldif} && 205 chown -v root:ldap /etc/openldap/slapd.{conf,ldif} && 206 207 install -v -dm755 /usr/share/doc/openldap-&openldap-version; && 208 cp -vfr doc/{drafts,rfc,guide} /usr/share/doc/openldap-&openldap-version;</userinput></screen> 209 210 <para> 211 Having slapd configuration files and ldap databases in /var/lib/openldap 212 readable by anyone is a SECURITY ISSUE, especially since a file stores 213 admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership 214 were used. Owner is root, so only root can modify the file, and group is 215 ldap, so that the group which owns slapd daemon could read but not modify 216 the file in case of a security breach. 217 </para> 211 chmod -v 640 /etc/openldap/slapd.{conf,ldif} && 212 chown -v root:ldap /etc/openldap/slapd.{conf,ldif} && 213 214 install -v -dm755 /usr/share/doc/openldap-&openldap-version; && 215 cp -vfr doc/{drafts,rfc,guide} \ 216 /usr/share/doc/openldap-&openldap-version;</userinput></screen> 218 217 219 218 </sect2> … … 264 263 <parameter>--enable-overlays</parameter>: This switch enables 265 264 all available overlays. 266 </para>267 268 <para>269 <parameter>--disable-bdb --disable-hdb</parameter>: These270 switches disable271 <application>Berkeley DB</application> backend due to272 license incompatiblities with latest version of273 <application>Berkeley DB</application>.274 265 </para> 275 266 … … 308 299 </para> 309 300 </note> 301 302 <para> 303 <command>install ...</command>, <command>chown ...</command>, 304 and <command>chmod ...</command>: 305 Having slapd configuration files and ldap databases in /var/lib/openldap 306 readable by anyone is a SECURITY ISSUE, especially since a file stores the 307 admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership 308 were used. The owner is root, so only root can modify the file, and group is 309 ldap, so that the group which owns slapd daemon could read but not modify 310 the file in case of a security breach. 311 </para> 310 312 311 313 </sect2> … … 371 373 The <ulink url="http://www.openldap.org/doc/admin24/"> OpenLDAP 2.4 372 374 Administrator's Guide</ulink> (also installed locally in 373 <filename class= "directory">375 <filename class='directory'> 374 376 /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>). 375 377 </para> … … 488 490 <seg> 489 491 /etc/openldap, 490 /usr/lib/openldap, 491 /usr/share/doc/openldap-&openldap-version;, and 492 /var/lib/openldap 492 /{usr,var}/lib/openldap, and 493 /usr/share/doc/openldap-&openldap-version; 493 494 </seg> 494 495 </seglistitem> -
server/other/unbound.xml
r957e8a3d r2df08064 7 7 <!ENTITY unbound-download-http "http://www.unbound.net/downloads/unbound-&unbound-version;.tar.gz"> 8 8 <!ENTITY unbound-download-ftp " "> 9 <!ENTITY unbound-md5sum " f85853baad15adc7ce8acefe6cda4cf8">10 <!ENTITY unbound-size "4. 6MB">11 <!ENTITY unbound-buildsize " 90 MB (with HTML documentation)">12 <!ENTITY unbound-time "0. 5 SBU (Add 0.2 SBU fortests)">9 <!ENTITY unbound-md5sum "a1253cbbb339dbca03404dcc58365d71"> 10 <!ENTITY unbound-size "4.7 MB"> 11 <!ENTITY unbound-buildsize "47 MB (with tests)"> 12 <!ENTITY unbound-time "0.7 SBU (with tests)"> 13 13 ]> 14 14 … … 38 38 </para> 39 39 40 &lfs7 7_checked;40 &lfs78_checked; 41 41 42 42 <bridgehead renderas="sect3">Package Information</bridgehead> … … 87 87 <para role="optional"> 88 88 <xref linkend="libevent"/>, 89 <xref linkend="nettle"/>, 89 90 <xref linkend="python2"/>, 90 91 <xref linkend="swig"/> (for Python bindings), 91 <xref linkend="doxygen"/> (for html documentation), and 92 <ulink url="http://dnstap.info/">dnstap</ulink> 92 <xref linkend="doxygen"/> (for html documentation), 93 <!--<ulink url="http://sourceforge.net/projects/expat/">expat</ulink>, installed by LFS. --> 94 <ulink url="http://dnstap.info/">dnstap</ulink>, and 95 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (for 96 Python bindings documentation) 93 97 </para> 94 98 … … 123 127 124 128 <para> 125 If you have <xref linkend="doxygen"/> package installed and want to build 129 If you have <xref linkend="doxygen"/> package installed and want to build 126 130 html documentation, run the following command: 127 131 </para> … … 155 159 156 160 <para> 157 <option>--with-libevent</option>: This switchenables libevent support161 <option>--with-libevent</option>: This option enables libevent support 158 162 allowing use of large outgoing port ranges. 159 163 </para> 160 164 161 165 <para> 162 <option>--with-pyunbound</option>: This switchenables building of the Python166 <option>--with-pyunbound</option>: This option enables building of the Python 163 167 bindings. 164 168 </para> … … 211 215 212 216 <para> 213 When <application>Unbound</application> is installed, some packages 214 may fail to build if <filename>/etc/unbound/root.key</filename> is 215 not present. It can be created by running the following command as 216 the <systemitem class="username">root</systemitem> user: 217 When <application>Unbound</application> is installed, some package 218 builds fail if the file <filename>/etc/unbound/root.key</filename> is 219 not found. This file is created by running the boot script (install 220 instructions below). Alternatively, it can be created by running the 221 following command as the <systemitem class="username">root</systemitem> 222 user: 217 223 </para> 218 224 … … 255 261 </seg> 256 262 <seg> 257 libunbound.so and 263 libunbound.so and (optional) 258 264 /usr/lib/python&python2-majorver;/site-packages/_unbound.so 259 265 </seg> -
server/other/xinetd.xml
r957e8a3d r2df08064 35 35 daemon, a secure replacement for <command>inetd</command>.</para> 36 36 37 &lfs7 7_checked;37 &lfs78_checked; 38 38 39 39 <bridgehead renderas="sect3">Package Information</bridgehead> … … 388 388 <para>The format of the <filename>/etc/xinetd.conf</filename> is 389 389 documented in the <filename>xinetd.conf.5</filename> man page. 390 <!-- 13-12-12 the http://www.xinetd.org is broken 390 <!-- 13-12-12 the http://www.xinetd.org is broken 391 391 Further 392 392 information can be found at <ulink url="http://www.xinetd.org"/>.
Note:
See TracChangeset
for help on using the changeset viewer.