Index: ntent/databases/databases.xml
===================================================================
--- content/databases/databases.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,22 +1,0 @@
-
-
- %general-entities;
-]>
-
-
-
-Databases
-
-This chapter includes databases that range from single-user
-read/write to industrial database servers with transaction support.
-Generally, you will be sent here to satisfy dependencies to other
-applications although building a SQL server on a base
-LFS system is entirely possible.
-
-
-
-
-
-
Index: ntent/databases/db.xml
===================================================================
--- content/databases/db.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,232 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-Berkeley DB-&db-version;
-
-Berkeley DB
-
-
-Introduction to Berkeley DB
-
-The Berkeley DB package contains programs and
-utilities used by many other applications for database related
-functions.
-
-Package information
-
-Download (HTTP):
-Download (FTP):
-Download MD5 sum: &db-md5sum;
-Download size: &db-size;
-Estimated disk space required:
-&db-buildsize;
-Estimated build time:
-&db-time;
-
-
-Berkeley DB dependencies
-Optional
- and
-
-
-
-
-
-
-Installation of Berkeley DB
-
-Install Berkeley DB by running the following
-commands:
-
-cd build_unix &&
-../dist/configure --prefix=/usr \
- --enable-compat185 \
- --enable-cxx &&
-make LIBSO_LIBS="-lpthread" LIBXSO_LIBS="-lpthread"
-
-Now, as the root user:
-
-make docdir=/usr/share/doc/db-&db-version; install &&
-chown root:root /usr/bin/db_* \
-/usr/lib/libdb* /usr/include/db* &&
-chown -R root:root /usr/share/doc/db-&db-version;
-
-
-
-
-Command explanations
-
-cd build_unix &&
-../dist/configure --prefix=/usr...:
-This replaces the normal ./configure command, as
-Berkeley DB comes with various
-build directories for different platforms.
-
---enable-compat185: This switch enables
-building DB 1.85 compatibility API.
-
---enable-cxx: This switch enables building
-C++ API libraries.
-
-make LIBSO_LIBS="-lpthread"
-LIBXSO_LIBS="-lpthread": configure does not
-correctly handle NPTL. These variables force it to
-properly link against NPTL.
-
-make docdir=/usr/share/doc/db-&db-version;
-install: This installs the documentation in
-the correct place.
-
-:
-Enables Tcl support in DB and creates the
-libdb_tcl libraries.
-
-: Enables Java
-support in DB and creates the
-libdb_java libraries.
-
-: Enables building the
-Berkeley DB RPC server.
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directory
-
-
-berkeley_db_svc, db_archive, db_checkpoint, db_deadlock, db_dump,
-db_load, db_printlog, db_recover, db_stat, db_upgrade and db_verify
-libdb.[so,a], libdb_cxx.[so,a], libdb_java.[so,a] and
-libdb_tcl.[so,a]
-/usr/share/doc/db-&db-version;
-
-
-
-
-Short Descriptions
-
-
-
-berkeley_db_svc
-is the Berkeley DB
-RPC server.
-
-berkeley_db_svc
-
-
-
-
-db_archive
-prints the pathnames of log files that are no longer in
-use.
-
-db_archive
-
-
-
-
-db_checkpoint
-is a daemon process used to monitor and checkpoint database
-logs.
-
-db_checkpoint
-
-
-
-
-db_deadlock
-is used to abort lock requests when deadlocks are
-detected.
-
-db_deadlock
-
-
-
-
-db_dump
-converts database files to a flat file format readable by
-db_load.
-
-db_dump
-
-
-
-
-db_load
-is used to create database files from flat files created with
-db_dump.
-
-db_load
-
-
-
-
-db_printlog
-converts database log files to human readable text.
-
-db_printlog
-
-
-
-
-db_recover
-is used to restore a database to a consistent state after a
-failure.
-
-db_recover
-
-
-
-
-db_stat
-displays database environment statistics.
-
-db_stat
-
-
-
-
-db_upgrade
-is used to upgrade database files to a newer version of
-Berkeley DB.
-
-db_upgrade
-
-
-
-
-db_verify
-is used to run consistency checks on database files.
-
-db_verify
-
-
-
-
-
-
-
Index: ntent/databases/mysql.xml
===================================================================
--- content/databases/mysql.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,252 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-MySQL-&mysql-version;
-
-MySQL
-
-
-Introduction to MySQL
-
-
-MySQL is a widely used and
-fast SQL database server. It is a client/server
-implementation that consists of a server daemon and many different
-client programs and libraries.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &mysql-md5;
-Download size: &mysql-size;
-Estimated disk space required:
-&mysql-buildsize;
-Estimated build time:
-&mysql-time;
-
-
-MySQL dependencies
-
-Optional
-,
-,
-libedit
-(as an alternative to readline),
- (detected only if is
-installed),
- and
-
-
-
-
-
-
-
-Installation of MySQL
-
-
-For security reasons, running the server as an unprivileged user
-and group is strongly encouraged:
-
-groupadd mysql &&
-useradd -c "MySQL Server" -d /dev/null -g mysql -s /bin/false mysql
-
-Build and install MySQL by
-running the following commands:
-
-CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
- --libexecdir=/usr/sbin --localstatedir=/srv/mysql \
- --enable-thread-safe-client --enable-assembler \
- --enable-local-infile --with-named-thread-libs=-lpthread \
- --with-unix-socket-path=/var/run/mysql/mysql.sock \
- --without-debug --without-bench --without-readline &&
-make testdir=/usr/lib/mysql/mysql-test
-
-Now, as the root user:
-
-make testdir=/usr/lib/mysql/mysql-test install &&
-install -v -d -m755 /usr/share/mysql/Docs/Images &&
-install -v -m644 Docs/manual{,_toc}.html \
- Docs/manual.txt /usr/share/mysql/Docs &&
-install -v -m644 Docs/Images/*.{jpg,gif} /usr/share/mysql/Docs/Images &&
-cd /usr/lib &&
-ln -v -sf mysql/libmysqlclient{,_r}.so* .
-
-
-
-
-Command explanations
-
---libexecdir=/usr/sbin: This switch installs the
-mysqld daemon in an appropriate location.
-
---localstatedir=/srv/mysql: This switch forces
-MySQL to use
-/srv/mysql for database files and other
-variable data.
-
---enable-thread-safe-client: This switch compiles a
-thread-safe MySQL client library.
-
-
---enable-assembler: This switch allows using
-assembler versions of some string functions.
-
---enable-local-infile: This switch enables the
-LOAD DATA INFILE SQL statement.
-
-CPPFLAGS="-D_GNU_SOURCE"
---with-named-thread-libs=-lpthread: This environment variable and
-configure switch enable building on NPTL systems.
-
---with-unix-socket-path=/var/run/mysql:
-This switch puts the unix-domain socket into /var/run/mysql directory instead of default
-/tmp.
-
---without-bench: This switch skips building the
-benchmark suite.
-
---without-readline: This switch forces the build
-to use the system copy of readline instead of the
-bundled copy.
-
-make testdir=...: This installs the test suite in
-/usr/lib/mysql/mysql-test.
-BLFS is currently seeking a method to omit the installation
-of the test suite altogether.
-
-ln -sf mysql/libmysqlclient{,_r}.so* .: This command
-makes the MySQL shared libraries
-available to other packages at run-time.
-
-: This switch adds tcpwrappers
-support to MySQL.
-
-: This switch adds OpenSSL support
-to MySQL.
-
-
-
-
-Configuring MySQL
-
-
-Config files
-
-/etc/my.cnf, ~/.my.cnf
-
-~/.my.cnf
-
-/etc/my.cnf
-
-
-
-
-Configuration Information
-
-There are several default configuration files available in
-/usr/share/mysql which you can
-use. Create /etc/my.cnf using the following
-command as the root user:
-
-install -v -m644 /usr/share/mysql/my-medium.cnf /etc/my.cnf
-
-You can now install a database and change the ownership to the
-unprivileged user and group (perform as the root user):
-
-mysql_install_db --user=mysql &&
-chgrp -v mysql /srv/mysql{,/test,/mysql}
-
-Further configuration requires that the
-MySQL server be running. Start
-the server using the following commands as the root user:
-
-install -v -m750 -o mysql -g mysql -d /var/run/mysql &&
-mysqld_safe --user=mysql 2>&1 >/dev/null &
-
-A default installation does not setup a password for the administrator,
-so use the following command as the root user to set one. Replace
-[new-password] with your own.
-
-mysqladmin -u root password [new-password]
-
-Configuration of the server is now finished. Shut the server down
-using the following command as the root user:
-
-mysqladmin -p shutdown
-
-Install the /etc/rc.d/init.d/mysql
-init script included in the
-package as the root user to start the MySQL server
-during system boot-up.
-
-mysql
-
-make install-mysql
-
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-comp_err, isamchk, isamlog, make_win_binary_distribution,
-make_win_src_distribution, msql2mysql, my_print_defaults, myisam_ftdump,
-myisamchk, myisamlog, myisampack, mysql, mysql_client_test, mysql_config,
-mysql_convert_table_format, mysql_create_system_tables, mysql_explain_log,
-mysql_find_rows, mysql_fix_extensions, mysql_fix_privilege_tables,
-mysql_install_db, mysql_secure_installation, mysql_setpermission,
-mysql_tableinfo, mysql_tzinfo_to_sql, mysql_waitpid, mysql_zap, mysqlaccess,
-mysqladmin, mysqlbinlog, mysqlbug, mysqlcheck, mysqld, mysqld_multi,
-mysqld_safe, mysqldump, mysqldumpslow, mysqlhotcopy, mysqlimport,
-mysqlmanager, mysqlmanager-pwgen, mysqlmanagerc, mysqlshow, mysqltest,
-pack_isam, perror, replace, resolve_stack_dump and resolveip
-libdbug.a, libheap.a, libmerge.a, libmyisam.a, libmyisammrg.a,
-libmysqlclient.[so,a], libmysqlclient_r.[so,a], libmystrings.a, libmysys.a,
-libnisam.a and libvio.a
-/srv/mysql, /usr/include/mysql, /usr/lib/mysql, /usr/share/mysql and
-/var/run/mysql
-
-
-
-Short description
-Descriptions of all the programs and libraries would be several pages
-long. Instead, consult the MySQL
-documentation for full details.
-
-Certain MySQL support
-programs may require the Perl DBI modules to be
-installed to function properly.
-
-
-
-
-
Index: ntent/databases/postgresql.xml
===================================================================
--- content/databases/postgresql.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,468 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-PostgreSQL-&postgresql-version;
-
-PostgreSQL
-
-
-Introduction to
-PostgreSQL
-
-PostgreSQL is an advanced
-object-relational database management system (ORDBMS),
-derived from the Berkeley Postgres database management system.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &postgresql-md5sum;
-Download size: &postgresql-size;
-Estimated disk space required:
-&postgresql-buildsize;
-Estimated build time:
-&postgresql-time;
-
-
-
-
-PostgreSQL
-dependencies
-Optional
-,
-,
-,
-,
-,
-,
-,
-: SGMLSpm-&SGMLSpm-version;,
-krb4,
- or , and
-Rendezvous
-
-
-
-
-
-
-Installation of
-PostgreSQL
-
-In order for configure to properly discover
-Docbook SGML
-DTD, you may need to remove
-OpenSP catalog definitions from the system
-SGML catalogs. Use the following command before building
-the package to accomplish this:
-
-sed -i.orig \
- -e "/CATALOG \/etc\/sgml\/OpenSP-1.5.1.cat/d" \
- /etc/sgml/catalog \
- /etc/sgml/sgml-docbook.cat
-
-Install PostgreSQL with the
-following commands:
-
-sed -i \
- -e "s|dsssl-stylesheets|& \\\\\n sgml/docbook/&-&docbook-dsssl-version;|" \
- configure &&
-./configure --prefix=/usr --enable-thread-safety &&
-make
-
-Now, as the root user:
-
-make install &&
-chown -R root:root /usr/share/doc/postgresql/html
-
-
-
-If you are upgrading an existing system and are going to
-install the new files over the old ones, then you should
-back up your data, shut down the old server and follow the
-instructions in the
-official PostgreSQL
-documentation.
-
-Initialize a database cluster with the following commands issued by the
-root user:
-
-install -v -m755 -d /srv/pgsql/data &&
-useradd -c "PostgreSQL Server" -g users -d /srv/pgsql/data postgres &&
-chown -v postgres /srv/pgsql/data &&
-su - postgres -c '/usr/bin/initdb -D /srv/pgsql/data'
-
-As the root user, start the database server with the following
-command:
-
-su - postgres -c '/usr/bin/postmaster -D /srv/pgsql/data > \
- /srv/pgsql/data/logfile 2>&1 &'
-
-Still as user root, create a database and verify the
-installation:
-
-su - postgres -c '/usr/bin/createdb test' &&
-echo "create table t1 ( name varchar(20), state_province varchar(20) );" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Billy', 'NewYork');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Evanidus', 'Quebec');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Jesse', 'Ontario');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test')
-
-
-
-
-Command explanations
-
-sed -i -e "s|dsssl-stylesheets|...": This command
-puts an extra line in the configure script so that the
-BLFS installed version of the DSSSL
-stylesheets can be discovered.
-
---enable-thread-safety: This switch makes the
-client libraries thread-safe by allowing concurrent threads in
-libpq and ECPG
-programs to safely control their private connection handles.
-
-chown -R root:root /usr/share/doc/postgresql/html:
-This command corrects the improper ownership of some documentation
-files.
-
-useradd ...: Add an unprivileged user to run the
-database server.
-
-createdb test; create table t1; insert into t1 values...;
-select * from t1: Create a database, add a table to it, insert some
-rows into the table and select them to verify that the installation is working
-properly.
-
-
-
-
-Configuring
-PostgreSQL
-
-Config files
-
-$PGDATA/pg_ident.con,
-$PGDATA/pg_hba.conf and
-$PGDATA/postgresql.conf
-
-$PGDATA/pg_indent.con
-
-
-$PGDATA/pg_hba_conf
-
-
-$PGDATA/postgresql.conf
-
-
-The PGDATA environment variable is used to distinguish
-database clusters from one another by setting it to the value of the directory
-which contains the cluster desired. The three configuration files
-exist in every PGDATA/ directory.
-Details on the format of the files and the options that can be set in
-each can be found in .
-
-Install the
-/etc/rc.d/init.d/postgresql init script included in the
- package.
-
-postgresql
-
-make install-postgresql
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-clusterdb, createdb, createlang, createuser, dropdb, droplang, dropuser,
-ecpg, initdb, ipcclean, pg_config, pg_controldata, pg_ctl, pg_dump,
-pg_dumpall, pg_resetxlog, pg_restore, pltcl_delmod, pltcl_listmod,
-pltcl_loadmod, postgres, postmaster, psql, vacuumdb
-libecpg.[so,a], libecpg_compat.[so,a], libpgport.a, libpgtypes.[so,a],
-libpq.[so,a] and various charset modules.
-/srv/pgsql, /usr/include/libpq, /usr/include/postgresql,
-/usr/lib/postgresql, /usr/share/doc/postgresql and /usr/share/postgresql
-
-
-
-
-Short Descriptions
-
-
-
-clusterdb
-is a utility for reclustering tables in a
-PostgreSQL database.
-
-clusterdb
-
-
-
-
-createdb
- creates a new
-PostgreSQL database.
-
-createdb
-
-
-
-
-createlang
-defines a new
-PostgreSQL procedural
-language.
-
-createlang
-
-
-
-
-createuser
-defines a new
-PostgreSQL user account.
-
-createuser
-
-
-
-
-dropdb
-removes a
-PostgreSQL database.
-
-dropdb
-
-
-
-
-droplang
-removes a
-PostgreSQL procedural
-language.
-
-droplang
-
-
-
-
-dropuser
-removes a
-PostgreSQL user account.
-
-dropuser
-
-
-
-
-ecpg
-is the embedded SQL preprocessor.
-
-ecpg
-
-
-
-
-initdb
-creates a new database cluster.
-
-initdb
-
-
-
-
-ipcclean
-removes shared memory and semaphores left over by an aborted
-database server.
-
-ipcclean
-
-
-
-
-pg_config
-retrieves
-PostgreSQL version
-information.
-
-pg_config
-
-
-
-
-pg_controldata
-returns information initialized during
-initdb, such as the catalog version and server
-locale.
-
-pg_controldata
-
-
-
-
-pg_ctl
-controls stopping and starting the database server.
-
-pg_ctl
-
-
-
-
-pg_dump
-dumps database data and metadata into scripts which are used
-to recreate the database.
-
-pg_dump
-
-
-
-
-pg_dumpall
-recursively calls pg_dump for each
-database in a cluster.
-
-pg_dumpall
-
-
-
-
-pg_resetxlog
-clears the write-ahead log and optionally resets some
-fields in the pg_control file.
-
-pg_resetxlog
-
-
-
-
-pg_restore
-creates databases from dump files created by
-pg_dump.
-
-pg_restore
-
-
-
-
-pltcl_delmod
-is a support script used to delete a module from a
-PL/Tcl table. The command
-requires the Pgtcl
-package to be installed also.
-
-pltcl_delmod
-
-
-
-
-pltcl_listmod
-is a support script used to list the modules in a
-PL/Tcl table. The command
-requires the Pgtcl
-package to be installed also.
-
-pltcl_listmod
-
-
-
-
-pltcl_loadmod
-is a support script used to load a module into a
-PL/Tcl table. The command
-requires the Pgtcl
-package to be installed also.
-
-pltcl_loadmod
-
-
-
-
-postgres
-is a single user database server, generally used for
-debugging.
-
-postgres
-
-
-
-
-postmaster
-is a multi-user database daemon.
-
-postmaster
-
-
-
-
-psql
-is a console based database shell.
-
-psql
-
-
-
-
-vacuumdb
-compacts databases and generates statistics for the query
-analyzer.
-
-vacuumdb
-
-
-
-
-
-
-
Index: ntent/web/apache.xml
===================================================================
--- content/web/apache.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,299 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-Apache-&apache-version;
-
-Apache
-
-
-Introduction to Apache
-
-The Apache package contains an
-open-source HTTP server. It is useful for creating local
-intranet web sites or running huge web serving operations.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &apache-md5sum;
-Download size: &apache-size;
-Estimated disk space required:
-&apache-buildsize;
-Estimated build time: &apache-time;
-
-
-
-Additional downloads
-
-Required Patch:
-
-
-Apache dependencies
-Optional
- or ,
-,
-,
- and
-
-
-
-
-
-
-
-Installation of Apache
-
-For security reasons, running the server as an unprivileged user and
-group is strongly encouraged. Create the following group and user using the
-following commands (as root):
-
-groupadd apache &&
-useradd -c "Apache Server" -d /dev/null -g apache -s /bin/false apache
-
-The following patch will define the layout of destination directories
-and, among them, the build directory at
-/usr/lib/apache/build. This
-will allow the modules added to Apache to
-be configured without errors. Apply the patch:
-
-patch -Np1 -i ../httpd-&apache-version;-config-1.patch
-
-Build and install Apache by running the
-following commands:
-
-./configure --enable-layout=FHS --enable-mods-shared=all &&
-make
-
-Now, as the root user:
-
-make install &&
-chown root:root /usr/sbin/{apxs,apachectl,dbmmanage,envvars-std,envvars} \
- /usr/include/apache/* /usr/lib/apache/httpd.exp \
- /usr/share/man/man1/{dbmmanage,htdigest,htpasswd}.1 \
- /usr/share/man/man8/{ab,apachectl,apxs,httpd}.8 \
- /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 &&
-chown -R apache:apache /srv/www
-
-
-
-
-Command explanations
-
-: Uses system installed
-expat. If you have installed
-expat and do not use this switch, the
-Apache installation may overwrite some files from
-the expat installation.
-
---enable-mods-shared=all: The modules should be
-compiled and used as Dynamic Shared Objects
-(DSOs) so they can be included and excluded from the
-server using the run-time configuration directives.
-
-: Use this switch
-to create the mod_ssl
-module and enable SSL support.
-
-chown root:root ...: This command changes
-the ownership of some installed files, the result of building the package as a
-user other than root.
-
-chown -R apache:apache /srv/www: By default, the
-installation process installs files (documentation, error messages, default
-icons, etc.) with the ownership of the user that extracted the files from the
-tar file. If you want to change the ownership to another user, you should do
-so at this point. The only requirement is that the document directories need
-to be accessible by the httpd process with (r-x) permissions
-and files need to be readable (r--) by the apache user.
-
-
-
-
-Configuring Apache
-
-
-Config files
-
-/etc/apache/*
-
-/etc/apache/*
-
-/etc/apache/httpd.conf
-
-
-
-
-Configuration Information
-
-The main configuration file is named httpd.conf.
-Modify it to run the server as a dedicated user:
-
-sed -i -e "s%User nobody%User apache%" \
- -e "s%^Group #-1%Group apache%" \
- /etc/apache/httpd.conf
-
-See for
-detailed instructions on customizing your Apache
-HTTP server.
-
-There's a problem with the ISAPI DSO module
-caused from compiling with
-GCC-&gcc-version;. Comment out
-the module from the configuration file with the following command:
-
-sed -i -e "s/^LoadModule isapi_module/# &/" \
- /etc/apache/httpd.conf
-
-If you want the Apache
-server to start automatically when the system is booted, install the
-/etc/rc.d/init.d/apache init script included in the
- package.
-
-apache
-
-make install-apache
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-ab, apachectl, apr-config, apu-config, apxs, checkgid, dbmmanage, htdbm,
-htdigest, htpasswd, httpd, instdso.sh, logresolve and rotatelogs
-libapr-0.[so,a], libaprutil-0.[so,a] and /usr/lib/apache/*.so
-/etc/apache, /srv/www, /usr/include/apache, /usr/lib/apache and
-/var/log/apache
-
-
-
-
-Short Descriptions
-
-
-
-ab
-is a tool for benchmarking your
-Apache HTTP server.
-
-ab
-
-
-
-
-apachectl
-is a front end to the Apache
-HTTP server which is designed to help the administrator
-control the functioning of the Apache httpd
-daemon.
-
-apachectl
-
-
-
-
-apxs
-is a tool for building and installing extension modules for
-the Apache HTTP server.
-
-apxs
-
-
-
-
-dbmanage
-is used to create and update the DBM
-format files used to store usernames and passwords for basic authentication
-of HTTP users.
-
-dbmanage
-
-
-
-
-htdigest
-is used to create and update the flat-files used to store
-usernames, realms and passwords for digest authentication of
-HTTP users.
-
-htdigest
-
-
-
-
-htpasswd
-is used to create and update the flat-files used to store
-usernames and passwords for basic authentication of HTTP
-users.
-
-htpasswd
-
-
-
-
-httpd
-is the Apache
-HTTP server program.
-
-httpd
-
-
-
-
-instdso.sh
-is a script which installs Apache
-DSO modules.
-
-instdso.sh
-
-
-
-
-logresolve
-is a post-processing program to resolve
-IP-addresses in Apache's
-access log files.
-
-logresolve
-
-
-
-
-rotatelogs
-is a simple program for use in conjunction with
-Apache's piped log file feature.
-
-rotatelogs
-
-
-
-
-
-
-
Index: ntent/web/php.xml
===================================================================
--- content/web/php.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,243 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-PHP-&php-version;
-
-PHP
-
-
-Introduction to PHP
-
-PHP is the
-PHP Hypertext Preprocessor. Primarily used in dynamic web
-sites, it allows for programming code to be directly embedded into the
-HTML markup.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &php-md5sum;
-Download size: &php-size;
-Estimated disk space required:
-&php-buildsize;
-Estimated build time:
-&php-time;
-
-
-Additional downloads
-
-Required patch for Berkeley DB:
-
-
-
-PHP
-dependencies
-Required
-
-
-
-Optional
-,
-,
-,
-ClibPDF,
-,
-,
-,
-QDBM,
-cdb,
-,
-,
-,
-GD,
-,
-X ( or ),
-,
-
-t1lib,
-
-,
-,
-,
-,
-,
-,
-,
-,
- or ,
-libmcrypt,
-mhash,
-Net-SNMP,
-SQLite,
-Dmalloc,
-mnoGoSearch,
-Mini SQL,
-Empress,
-Birdstep,
-DBMaker,
-Adabas,
-FrontBase,
-Caudium,
-WDDX,
-
-FDF Toolkit,
-Hyperwave,
-Monetra,
- and
-MTA
-
-
-
-
-
-
-Installation of PHP
-
-You can use PHP
-for server-side scripting, command line scripting or client-side
-GUI applications. The book provides instructions for
-setting up PHP for
-server-side scripting as it is the most common form.
-
-If you have Berkeley DB installed and wish to utilize it, apply
-the following patch:
-
-patch -Np1 -i ../php-&php-version;-db43-1.patch
-
-Install PHP by
-running the following commands:
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --with-apxs2 \
- --with-config-file-path=/etc \
- --with-zlib \
- --enable-bcmath \
- --with-bz2 \
- --enable-calendar \
- --enable-dba \
- --enable-exif \
- --enable-ftp \
- --with-gettext \
- --with-iconv \
- --enable-mbstring \
- --with-ncurses \
- --with-readline \
- --disable-libxml &&
-make
-
-Now, as the root user:
-
-make install &&
-cp php.ini-recommended /etc/php.ini
-
-Remove the --disable-libxml switch if you
-have installed otherwise
-pear will not be built.
-
-PHP has many more configure options that
-will enable support for certain things. You can use
-./configure --help to see a full list of the
-available options. Also, use of the
-PHP web site
-is highly recommended, as their online docs are very good.
-
-
-
-
-Configuring PHP
-
-Config files
-/etc/php.ini,
-/etc/pear.conf
-
-/etc/php.ini
-
-/etc/pear.conf
-
-
-Configuration Information
-
-To enable PHP support in the
-Apache web server,
-a new LoadModule (which should be handled automatically by the
-make install command) and AddType directives must be added
-to the httpd.conf file:
-
-LoadModule php5_module lib/apache/libphp5.so
-AddType application/x-httpd-php .php
-
-Also, it can be useful to add an entry for
-index.php to the DirectoryIndex directive of the
-httpd.conf file.
-
-You'll need to restart the Apache web server
-after making any modifications to the httpd.conf
-file.
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Library
-Installed Directories
-
-
-pear, php, php-config, phpextdist and phpize
-libphp5.so
-/usr/include/php and /usr/lib/php
-
-
-
-
-Short Descriptions
-
-
-
-php
-is a command line interface that enables you to parse and
-execute PHP code.
-
-php
-
-
-
-
-pear
-is the PHP Extension and Application
-Repository (PEAR) package manager.
-
-pear
-
-
-
-
-
-
-
Index: ntent/web/proftpd.xml
===================================================================
--- content/web/proftpd.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,288 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
- $LastChangedBy$
- $Date$
-
-
-
-ProFTPD-&proftpd-version;
-
-
- Proftpd
-
-
-
-Introduction to ProFTPD
-
-The ProFTPD package
-contains a secure and highly configurable FTP daemon. This
-is useful for serving large file archives over a network.
-
-
-Package information
-
- Download (HTTP):
- Download (FTP):
- Download MD5 sum: &proftpd-md5sum;
- Download size: &proftpd-size;
- Estimated disk space required: &proftpd-buildsize;
- Estimated build time: &proftpd-time;
-
-
-
-
-ProFTPD dependencies
-
-
-Optional
-
-
-
-
-
-
-
-
-
-Installation of ProFTPD
-
-For security reasons, you should install
-ProFTPD using an unprivileged user
-and group. As the root user:
-
-groupadd proftpd &&
-useradd -c proftpd -d /home/ftp -g proftpd \
- -s /usr/lib/proftpd/proftpdshell proftpd &&
-install -d -m775 -o proftpd -g proftpd /usr/lib/proftpd &&
-ln -s /bin/false /usr/lib/proftpd/proftpdshell &&
-echo /usr/lib/proftpd/proftpdshell >> /etc/shells
-
-Install ProFTPD as a regular user by running
-the following commands:
-
-install_user=proftpd install_group=proftpd \
- ./configure --prefix=/usr --sysconfdir=/etc \
- --localstatedir=/var/run &&
-make
-
-Now, again as the root user:
-
-make install
-
-
-
-
-Command explanations
-
-install -d -m775 -o proftpd -g proftpd /usr/lib/proftpd:
-Create the home directory for ProFTPD.
-
-ln -s /bin/false /usr/lib/proftpd/proftpdshell:
-Set the default shell as a link to a invalid shell.
-
-echo /usr/lib/proftpd/proftpdshell >> /etc/shells:
-Fake a valid shell for compatability purposes.
-
-The above three commands can be ommitted if the following directive is
-placed in the configuration file:
-
-RequireValidShell off
-
-By default, proftpd will require that users logging in have valid shells.
-The RequireValidShell directive turns off this requirement. This is only
-recommended if you are setting up your FTP server exclusively
-for anonymous downloads.
-
-
-install_user=proftpd install_group=proftpd:
-Specify the user and group identity for
-ProFTPD.
-
---sysconfdir=/etc:
-This prevents the configuration files from going to
-/usr/etc.
-
---localstatedir=/var/run:
-This uses /var/run instead of
-/usr/var for lock files.
-
-
-
-
-Configuring ProFTPD
-
-
-proftpd init.d script
-
-
- proftpd
-
-
-
-Install the /etc/rc.d/init.d/proftpd init script
-included in the package.
-
-make install-proftpd
-
-
-
-
-Config files
-
-
- /etc/proftpd.conf
-
-
-/etc/proftpd.conf
-
-
-Configuration information
-This is a simple, download-only sample configuration. See the
-ProFTPD documentation in
-/usr/share/doc/proftpd and consult the
-website at for example
-configurations.
-
-cat > /etc/proftpd.conf << "EOF"
-# This is a basic ProFTPD configuration file
-# It establishes a single server and a single anonymous login.
-
-ServerName "ProFTPD Default Installation"
-ServerType standalone
-DefaultServer on
-
-# Port 21 is the standard FTP port.
-Port 21
-# Umask 022 is a good standard umask to prevent new dirs and files
-# from being group and world writable.
-Umask 022
-
-# To prevent DoS attacks, set the maximum number of child processes
-# to 30. If you need to allow more than 30 concurrent connections
-# at once, simply increase this value. Note that this ONLY works
-# in standalone mode, in inetd mode you should use an inetd server
-# that allows you to limit maximum number of processes per service
-# (such as xinetd)
-MaxInstances 30
-
-# Set the user and group that the server normally runs at.
-User proftpd
-Group proftpd
-
-# Normally, files should be overwritable.
-<Directory /*>
- AllowOverwrite on
-</Directory>
-
-# A basic anonymous configuration, no upload directories.
-<Anonymous ~proftpd>
- User proftpd
- Group proftpd
- # Clients should be able to login with "anonymous" as well as "proftpd"
- UserAlias anonymous proftpd
-
- # Limit the maximum number of anonymous logins
- MaxClients 10
-
- # 'welcome.msg' should be displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayFirstChdir .message
-
- # Limit WRITE everywhere in the anonymous chroot
- <Limit WRITE>
- DenyAll
- </Limit>
-</Anonymous>
-EOF
-
-
-
-
-Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directory
-
-
- ftpcount, ftpdctl, ftptop, ftpwho, ftpshut, proftpd
- None
- /var/run/proftpd
-
-
-
-
- Short Descriptions
-
-
-
- proftpd
-
- is the FTP daemon.
-
- proftpd
-
-
-
-
-
- ftpcount
-
- shows the current number of connections.
-
- ftpcount
-
-
-
-
-
- ftpshut
-
- shuts down all proftpd servers at a given time.
-
- ftpshut
-
-
-
-
-
- ftptop
-
- displays running status on connections.
-
- ftptop
-
-
-
-
-
- ftpwho
-
- shows current process information for each session.
-
- ftpwho
-
-
-
-
-
-
-
-
-
Index: ntent/web/vsftpd.xml
===================================================================
--- content/web/vsftpd.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,163 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-vsFTPD-&vsftpd-version;
-
-
-
-Introduction to
-vsFTPD
-
-The vsFTPD package
-contains a very secure and very small FTP daemon. This is
-useful for serving files over a network.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &vsftpd-md5sum;
-Download size: &vsftpd-size;
-Estimated disk space required:
-&vsftpd-buildsize;
-Estimated build time:
-&vsftpd-time;
-
-
-vsFTPD dependencies
-Optional
-,
-, and
-
-
-
-
-
-
-
-Installation of vsFTPD
-
-For security reasons, running
-vsFTPD as an unprivileged user
-and group is encouraged. Also, a user to map anonymous users to should be
-created.
-
-install -d -m 0755 /var/ftp/empty &&
-install -d -m 0755 /home/ftp &&
-groupadd vsftpd &&
-useradd -d /dev/null -c "vsFTPD User" -g vsftpd -s /bin/false vsftpd &&
-groupadd ftp &&
-useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false ftp
-
-
-Install vsFTPD by running
-the following commands:
-
-make &&
-install -m 755 vsftpd /usr/sbin/vsftpd &&
-install -m 644 vsftpd.8 /usr/share/man/man8 &&
-install -m 644 vsftpd.conf.5 /usr/share/man/man5 &&
-install -m 644 vsftpd.conf /etc
-
-
-
-
-Command explanations
-
-install -d [...]: This creates the directory that
-anonymous users will use (/home/ftp)
-and the directory the daemon will chroot into
-(/var/ftp/empty).
-
-/home/ftp should not be
-owned by the user vsftpd, or the user ftp.
-
-echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h:
-Use this prior to make to add support for
-tcpwrappers.
-
-echo "#define VSF_BUILD_SSL" >>builddefs.h:
-Use this prior to make to add support for
-SSL.
-
-install -m [...]:
-The Makefile hardwires
-/usr/local (if it exists). These
-commands install the files in
-/usr.
-
-
-
-
-Configuring vsFTPD
-
-vsftpd init.d script
-Install the /etc/rc.d/init.d/vsftpd
-init script included in the
- package.
-
-make install-vsftpd
-
-
-
-Config files
-/etc/vsftpd.conf
-
-
-Configuration information
-vsFTPD comes with a basic
-anonymous-only configuration file that was copied to
-/etc above. This file should be modified
-because it is now recommended to run vsftpd in standalone
-mode as opposed to inetd/xinetd mode.
-Also, you should specify the privilege separation user created above. Finally,
-you should specify the chroot directory.
-man vsftpd.conf will give you all the details.
-
-cat >> /etc/vsftpd.conf << "EOF"
-background=YES
-listen=YES
-nopriv_user=vsftpd
-secure_chroot_dir=/var/ftp/empty
-EOF
-
-
-
-
-
-Contents
-
-The vsFTPD package contains
-vsftpd.
-
-
-
-Description
-
-vsftpd
-vsftpd is the FTP
-daemon.
-
-
-
-
-
Index: index.xml
===================================================================
--- index.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ index.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -17,5 +17,4 @@
-
Index: introduction/welcome/changelog.xml
===================================================================
--- introduction/welcome/changelog.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ introduction/welcome/changelog.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -22,4 +22,8 @@
+
+April 12th, 2005 [bdubbs]: Major reorganization of
+server sections. Consolidated 'Server Networking' and 'Content
+Serving'.April 11th, 2005 [dj]: Added 'Additional X Windows
Index: introduction/welcome/which.xml
===================================================================
--- introduction/welcome/which.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ introduction/welcome/which.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -59,7 +59,7 @@
Once you have dealt with these basics, you may wish to configure
more advanced network services. These are dealt with in the and parts of the book.
+linkend="server"/> and parts of the book.
Those wanting to build servers should find enough information to give
-them a good starting point here. Note that also
+them a good starting point here. Note that also
contains information on various database packages.
Index: server/databases/databases.xml
===================================================================
--- server/databases/databases.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/databases/databases.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,22 @@
+
+
+ %general-entities;
+]>
+
+
+
+Databases
+
+This chapter includes databases that range from single-user
+read/write to industrial database servers with transaction support.
+Generally, you will be sent here to satisfy dependencies to other
+applications although building a SQL server on a base
+LFS system is entirely possible.
+
+
+
+
+
+
Index: server/databases/db.xml
===================================================================
--- server/databases/db.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/databases/db.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,232 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+Berkeley DB-&db-version;
+
+Berkeley DB
+
+
+Introduction to Berkeley DB
+
+The Berkeley DB package contains programs and
+utilities used by many other applications for database related
+functions.
+
+Package information
+
+Download (HTTP):
+Download (FTP):
+Download MD5 sum: &db-md5sum;
+Download size: &db-size;
+Estimated disk space required:
+&db-buildsize;
+Estimated build time:
+&db-time;
+
+
+Berkeley DB dependencies
+Optional
+ and
+
+
+
+
+
+
+Installation of Berkeley DB
+
+Install Berkeley DB by running the following
+commands:
+
+cd build_unix &&
+../dist/configure --prefix=/usr \
+ --enable-compat185 \
+ --enable-cxx &&
+make LIBSO_LIBS="-lpthread" LIBXSO_LIBS="-lpthread"
+
+Now, as the root user:
+
+make docdir=/usr/share/doc/db-&db-version; install &&
+chown root:root /usr/bin/db_* \
+/usr/lib/libdb* /usr/include/db* &&
+chown -R root:root /usr/share/doc/db-&db-version;
+
+
+
+
+Command explanations
+
+cd build_unix &&
+../dist/configure --prefix=/usr...:
+This replaces the normal ./configure command, as
+Berkeley DB comes with various
+build directories for different platforms.
+
+--enable-compat185: This switch enables
+building DB 1.85 compatibility API.
+
+--enable-cxx: This switch enables building
+C++ API libraries.
+
+make LIBSO_LIBS="-lpthread"
+LIBXSO_LIBS="-lpthread": configure does not
+correctly handle NPTL. These variables force it to
+properly link against NPTL.
+
+make docdir=/usr/share/doc/db-&db-version;
+install: This installs the documentation in
+the correct place.
+
+:
+Enables Tcl support in DB and creates the
+libdb_tcl libraries.
+
+: Enables Java
+support in DB and creates the
+libdb_java libraries.
+
+: Enables building the
+Berkeley DB RPC server.
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directory
+
+
+berkeley_db_svc, db_archive, db_checkpoint, db_deadlock, db_dump,
+db_load, db_printlog, db_recover, db_stat, db_upgrade and db_verify
+libdb.[so,a], libdb_cxx.[so,a], libdb_java.[so,a] and
+libdb_tcl.[so,a]
+/usr/share/doc/db-&db-version;
+
+
+
+
+Short Descriptions
+
+
+
+berkeley_db_svc
+is the Berkeley DB
+RPC server.
+
+berkeley_db_svc
+
+
+
+
+db_archive
+prints the pathnames of log files that are no longer in
+use.
+
+db_archive
+
+
+
+
+db_checkpoint
+is a daemon process used to monitor and checkpoint database
+logs.
+
+db_checkpoint
+
+
+
+
+db_deadlock
+is used to abort lock requests when deadlocks are
+detected.
+
+db_deadlock
+
+
+
+
+db_dump
+converts database files to a flat file format readable by
+db_load.
+
+db_dump
+
+
+
+
+db_load
+is used to create database files from flat files created with
+db_dump.
+
+db_load
+
+
+
+
+db_printlog
+converts database log files to human readable text.
+
+db_printlog
+
+
+
+
+db_recover
+is used to restore a database to a consistent state after a
+failure.
+
+db_recover
+
+
+
+
+db_stat
+displays database environment statistics.
+
+db_stat
+
+
+
+
+db_upgrade
+is used to upgrade database files to a newer version of
+Berkeley DB.
+
+db_upgrade
+
+
+
+
+db_verify
+is used to run consistency checks on database files.
+
+db_verify
+
+
+
+
+
+
+
Index: server/databases/mysql.xml
===================================================================
--- server/databases/mysql.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/databases/mysql.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,252 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+MySQL-&mysql-version;
+
+MySQL
+
+
+Introduction to MySQL
+
+
+MySQL is a widely used and
+fast SQL database server. It is a client/server
+implementation that consists of a server daemon and many different
+client programs and libraries.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &mysql-md5;
+Download size: &mysql-size;
+Estimated disk space required:
+&mysql-buildsize;
+Estimated build time:
+&mysql-time;
+
+
+MySQL dependencies
+
+Optional
+,
+,
+libedit
+(as an alternative to readline),
+ (detected only if is
+installed),
+ and
+
+
+
+
+
+
+
+Installation of MySQL
+
+
+For security reasons, running the server as an unprivileged user
+and group is strongly encouraged:
+
+groupadd mysql &&
+useradd -c "MySQL Server" -d /dev/null -g mysql -s /bin/false mysql
+
+Build and install MySQL by
+running the following commands:
+
+CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
+ --libexecdir=/usr/sbin --localstatedir=/srv/mysql \
+ --enable-thread-safe-client --enable-assembler \
+ --enable-local-infile --with-named-thread-libs=-lpthread \
+ --with-unix-socket-path=/var/run/mysql/mysql.sock \
+ --without-debug --without-bench --without-readline &&
+make testdir=/usr/lib/mysql/mysql-test
+
+Now, as the root user:
+
+make testdir=/usr/lib/mysql/mysql-test install &&
+install -v -d -m755 /usr/share/mysql/Docs/Images &&
+install -v -m644 Docs/manual{,_toc}.html \
+ Docs/manual.txt /usr/share/mysql/Docs &&
+install -v -m644 Docs/Images/*.{jpg,gif} /usr/share/mysql/Docs/Images &&
+cd /usr/lib &&
+ln -v -sf mysql/libmysqlclient{,_r}.so* .
+
+
+
+
+Command explanations
+
+--libexecdir=/usr/sbin: This switch installs the
+mysqld daemon in an appropriate location.
+
+--localstatedir=/srv/mysql: This switch forces
+MySQL to use
+/srv/mysql for database files and other
+variable data.
+
+--enable-thread-safe-client: This switch compiles a
+thread-safe MySQL client library.
+
+
+--enable-assembler: This switch allows using
+assembler versions of some string functions.
+
+--enable-local-infile: This switch enables the
+LOAD DATA INFILE SQL statement.
+
+CPPFLAGS="-D_GNU_SOURCE"
+--with-named-thread-libs=-lpthread: This environment variable and
+configure switch enable building on NPTL systems.
+
+--with-unix-socket-path=/var/run/mysql:
+This switch puts the unix-domain socket into /var/run/mysql directory instead of default
+/tmp.
+
+--without-bench: This switch skips building the
+benchmark suite.
+
+--without-readline: This switch forces the build
+to use the system copy of readline instead of the
+bundled copy.
+
+make testdir=...: This installs the test suite in
+/usr/lib/mysql/mysql-test.
+BLFS is currently seeking a method to omit the installation
+of the test suite altogether.
+
+ln -sf mysql/libmysqlclient{,_r}.so* .: This command
+makes the MySQL shared libraries
+available to other packages at run-time.
+
+: This switch adds tcpwrappers
+support to MySQL.
+
+: This switch adds OpenSSL support
+to MySQL.
+
+
+
+
+Configuring MySQL
+
+
+Config files
+
+/etc/my.cnf, ~/.my.cnf
+
+~/.my.cnf
+
+/etc/my.cnf
+
+
+
+
+Configuration Information
+
+There are several default configuration files available in
+/usr/share/mysql which you can
+use. Create /etc/my.cnf using the following
+command as the root user:
+
+install -v -m644 /usr/share/mysql/my-medium.cnf /etc/my.cnf
+
+You can now install a database and change the ownership to the
+unprivileged user and group (perform as the root user):
+
+mysql_install_db --user=mysql &&
+chgrp -v mysql /srv/mysql{,/test,/mysql}
+
+Further configuration requires that the
+MySQL server be running. Start
+the server using the following commands as the root user:
+
+install -v -m750 -o mysql -g mysql -d /var/run/mysql &&
+mysqld_safe --user=mysql 2>&1 >/dev/null &
+
+A default installation does not setup a password for the administrator,
+so use the following command as the root user to set one. Replace
+[new-password] with your own.
+
+mysqladmin -u root password [new-password]
+
+Configuration of the server is now finished. Shut the server down
+using the following command as the root user:
+
+mysqladmin -p shutdown
+
+Install the /etc/rc.d/init.d/mysql
+init script included in the
+package as the root user to start the MySQL server
+during system boot-up.
+
+mysql
+
+make install-mysql
+
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+comp_err, isamchk, isamlog, make_win_binary_distribution,
+make_win_src_distribution, msql2mysql, my_print_defaults, myisam_ftdump,
+myisamchk, myisamlog, myisampack, mysql, mysql_client_test, mysql_config,
+mysql_convert_table_format, mysql_create_system_tables, mysql_explain_log,
+mysql_find_rows, mysql_fix_extensions, mysql_fix_privilege_tables,
+mysql_install_db, mysql_secure_installation, mysql_setpermission,
+mysql_tableinfo, mysql_tzinfo_to_sql, mysql_waitpid, mysql_zap, mysqlaccess,
+mysqladmin, mysqlbinlog, mysqlbug, mysqlcheck, mysqld, mysqld_multi,
+mysqld_safe, mysqldump, mysqldumpslow, mysqlhotcopy, mysqlimport,
+mysqlmanager, mysqlmanager-pwgen, mysqlmanagerc, mysqlshow, mysqltest,
+pack_isam, perror, replace, resolve_stack_dump and resolveip
+libdbug.a, libheap.a, libmerge.a, libmyisam.a, libmyisammrg.a,
+libmysqlclient.[so,a], libmysqlclient_r.[so,a], libmystrings.a, libmysys.a,
+libnisam.a and libvio.a
+/srv/mysql, /usr/include/mysql, /usr/lib/mysql, /usr/share/mysql and
+/var/run/mysql
+
+
+
+Short description
+Descriptions of all the programs and libraries would be several pages
+long. Instead, consult the MySQL
+documentation for full details.
+
+Certain MySQL support
+programs may require the Perl DBI modules to be
+installed to function properly.
+
+
+
+
+
Index: server/databases/postgresql.xml
===================================================================
--- server/databases/postgresql.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/databases/postgresql.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,468 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+PostgreSQL-&postgresql-version;
+
+PostgreSQL
+
+
+Introduction to
+PostgreSQL
+
+PostgreSQL is an advanced
+object-relational database management system (ORDBMS),
+derived from the Berkeley Postgres database management system.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &postgresql-md5sum;
+Download size: &postgresql-size;
+Estimated disk space required:
+&postgresql-buildsize;
+Estimated build time:
+&postgresql-time;
+
+
+
+
+PostgreSQL
+dependencies
+Optional
+,
+,
+,
+,
+,
+,
+,
+: SGMLSpm-&SGMLSpm-version;,
+krb4,
+ or , and
+Rendezvous
+
+
+
+
+
+
+Installation of
+PostgreSQL
+
+In order for configure to properly discover
+Docbook SGML
+DTD, you may need to remove
+OpenSP catalog definitions from the system
+SGML catalogs. Use the following command before building
+the package to accomplish this:
+
+sed -i.orig \
+ -e "/CATALOG \/etc\/sgml\/OpenSP-1.5.1.cat/d" \
+ /etc/sgml/catalog \
+ /etc/sgml/sgml-docbook.cat
+
+Install PostgreSQL with the
+following commands:
+
+sed -i \
+ -e "s|dsssl-stylesheets|& \\\\\n sgml/docbook/&-&docbook-dsssl-version;|" \
+ configure &&
+./configure --prefix=/usr --enable-thread-safety &&
+make
+
+Now, as the root user:
+
+make install &&
+chown -R root:root /usr/share/doc/postgresql/html
+
+
+
+If you are upgrading an existing system and are going to
+install the new files over the old ones, then you should
+back up your data, shut down the old server and follow the
+instructions in the
+official PostgreSQL
+documentation.
+
+Initialize a database cluster with the following commands issued by the
+root user:
+
+install -v -m755 -d /srv/pgsql/data &&
+useradd -c "PostgreSQL Server" -g users -d /srv/pgsql/data postgres &&
+chown -v postgres /srv/pgsql/data &&
+su - postgres -c '/usr/bin/initdb -D /srv/pgsql/data'
+
+As the root user, start the database server with the following
+command:
+
+su - postgres -c '/usr/bin/postmaster -D /srv/pgsql/data > \
+ /srv/pgsql/data/logfile 2>&1 &'
+
+Still as user root, create a database and verify the
+installation:
+
+su - postgres -c '/usr/bin/createdb test' &&
+echo "create table t1 ( name varchar(20), state_province varchar(20) );" \
+ | (su - postgres -c '/usr/bin/psql test ') &&
+echo "insert into t1 values ('Billy', 'NewYork');" \
+ | (su - postgres -c '/usr/bin/psql test ') &&
+echo "insert into t1 values ('Evanidus', 'Quebec');" \
+ | (su - postgres -c '/usr/bin/psql test ') &&
+echo "insert into t1 values ('Jesse', 'Ontario');" \
+ | (su - postgres -c '/usr/bin/psql test ') &&
+echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test')
+
+
+
+
+Command explanations
+
+sed -i -e "s|dsssl-stylesheets|...": This command
+puts an extra line in the configure script so that the
+BLFS installed version of the DSSSL
+stylesheets can be discovered.
+
+--enable-thread-safety: This switch makes the
+client libraries thread-safe by allowing concurrent threads in
+libpq and ECPG
+programs to safely control their private connection handles.
+
+chown -R root:root /usr/share/doc/postgresql/html:
+This command corrects the improper ownership of some documentation
+files.
+
+useradd ...: Add an unprivileged user to run the
+database server.
+
+createdb test; create table t1; insert into t1 values...;
+select * from t1: Create a database, add a table to it, insert some
+rows into the table and select them to verify that the installation is working
+properly.
+
+
+
+
+Configuring
+PostgreSQL
+
+Config files
+
+$PGDATA/pg_ident.con,
+$PGDATA/pg_hba.conf and
+$PGDATA/postgresql.conf
+
+$PGDATA/pg_indent.con
+
+
+$PGDATA/pg_hba_conf
+
+
+$PGDATA/postgresql.conf
+
+
+The PGDATA environment variable is used to distinguish
+database clusters from one another by setting it to the value of the directory
+which contains the cluster desired. The three configuration files
+exist in every PGDATA/ directory.
+Details on the format of the files and the options that can be set in
+each can be found in .
+
+Install the
+/etc/rc.d/init.d/postgresql init script included in the
+ package.
+
+postgresql
+
+make install-postgresql
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+clusterdb, createdb, createlang, createuser, dropdb, droplang, dropuser,
+ecpg, initdb, ipcclean, pg_config, pg_controldata, pg_ctl, pg_dump,
+pg_dumpall, pg_resetxlog, pg_restore, pltcl_delmod, pltcl_listmod,
+pltcl_loadmod, postgres, postmaster, psql, vacuumdb
+libecpg.[so,a], libecpg_compat.[so,a], libpgport.a, libpgtypes.[so,a],
+libpq.[so,a] and various charset modules.
+/srv/pgsql, /usr/include/libpq, /usr/include/postgresql,
+/usr/lib/postgresql, /usr/share/doc/postgresql and /usr/share/postgresql
+
+
+
+
+Short Descriptions
+
+
+
+clusterdb
+is a utility for reclustering tables in a
+PostgreSQL database.
+
+clusterdb
+
+
+
+
+createdb
+ creates a new
+PostgreSQL database.
+
+createdb
+
+
+
+
+createlang
+defines a new
+PostgreSQL procedural
+language.
+
+createlang
+
+
+
+
+createuser
+defines a new
+PostgreSQL user account.
+
+createuser
+
+
+
+
+dropdb
+removes a
+PostgreSQL database.
+
+dropdb
+
+
+
+
+droplang
+removes a
+PostgreSQL procedural
+language.
+
+droplang
+
+
+
+
+dropuser
+removes a
+PostgreSQL user account.
+
+dropuser
+
+
+
+
+ecpg
+is the embedded SQL preprocessor.
+
+ecpg
+
+
+
+
+initdb
+creates a new database cluster.
+
+initdb
+
+
+
+
+ipcclean
+removes shared memory and semaphores left over by an aborted
+database server.
+
+ipcclean
+
+
+
+
+pg_config
+retrieves
+PostgreSQL version
+information.
+
+pg_config
+
+
+
+
+pg_controldata
+returns information initialized during
+initdb, such as the catalog version and server
+locale.
+
+pg_controldata
+
+
+
+
+pg_ctl
+controls stopping and starting the database server.
+
+pg_ctl
+
+
+
+
+pg_dump
+dumps database data and metadata into scripts which are used
+to recreate the database.
+
+pg_dump
+
+
+
+
+pg_dumpall
+recursively calls pg_dump for each
+database in a cluster.
+
+pg_dumpall
+
+
+
+
+pg_resetxlog
+clears the write-ahead log and optionally resets some
+fields in the pg_control file.
+
+pg_resetxlog
+
+
+
+
+pg_restore
+creates databases from dump files created by
+pg_dump.
+
+pg_restore
+
+
+
+
+pltcl_delmod
+is a support script used to delete a module from a
+PL/Tcl table. The command
+requires the Pgtcl
+package to be installed also.
+
+pltcl_delmod
+
+
+
+
+pltcl_listmod
+is a support script used to list the modules in a
+PL/Tcl table. The command
+requires the Pgtcl
+package to be installed also.
+
+pltcl_listmod
+
+
+
+
+pltcl_loadmod
+is a support script used to load a module into a
+PL/Tcl table. The command
+requires the Pgtcl
+package to be installed also.
+
+pltcl_loadmod
+
+
+
+
+postgres
+is a single user database server, generally used for
+debugging.
+
+postgres
+
+
+
+
+postmaster
+is a multi-user database daemon.
+
+postmaster
+
+
+
+
+psql
+is a console based database shell.
+
+psql
+
+
+
+
+vacuumdb
+compacts databases and generates statistics for the query
+analyzer.
+
+vacuumdb
+
+
+
+
+
+
+
Index: server/mail/mail.xml
===================================================================
--- server/mail/mail.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ server/mail/mail.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -18,9 +18,9 @@
server (Courier-IMAP).
+
+
+
-
-
-
Index: server/major/apache.xml
===================================================================
--- server/major/apache.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/apache.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,299 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+Apache-&apache-version;
+
+Apache
+
+
+Introduction to Apache
+
+The Apache package contains an
+open-source HTTP server. It is useful for creating local
+intranet web sites or running huge web serving operations.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &apache-md5sum;
+Download size: &apache-size;
+Estimated disk space required:
+&apache-buildsize;
+Estimated build time: &apache-time;
+
+
+
+Additional downloads
+
+Required Patch:
+
+
+Apache dependencies
+Optional
+ or ,
+,
+,
+ and
+
+
+
+
+
+
+
+Installation of Apache
+
+For security reasons, running the server as an unprivileged user and
+group is strongly encouraged. Create the following group and user using the
+following commands (as root):
+
+groupadd apache &&
+useradd -c "Apache Server" -d /dev/null -g apache -s /bin/false apache
+
+The following patch will define the layout of destination directories
+and, among them, the build directory at
+/usr/lib/apache/build. This
+will allow the modules added to Apache to
+be configured without errors. Apply the patch:
+
+patch -Np1 -i ../httpd-&apache-version;-config-1.patch
+
+Build and install Apache by running the
+following commands:
+
+./configure --enable-layout=FHS --enable-mods-shared=all &&
+make
+
+Now, as the root user:
+
+make install &&
+chown root:root /usr/sbin/{apxs,apachectl,dbmmanage,envvars-std,envvars} \
+ /usr/include/apache/* /usr/lib/apache/httpd.exp \
+ /usr/share/man/man1/{dbmmanage,htdigest,htpasswd}.1 \
+ /usr/share/man/man8/{ab,apachectl,apxs,httpd}.8 \
+ /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 &&
+chown -R apache:apache /srv/www
+
+
+
+
+Command explanations
+
+: Uses system installed
+expat. If you have installed
+expat and do not use this switch, the
+Apache installation may overwrite some files from
+the expat installation.
+
+--enable-mods-shared=all: The modules should be
+compiled and used as Dynamic Shared Objects
+(DSOs) so they can be included and excluded from the
+server using the run-time configuration directives.
+
+: Use this switch
+to create the mod_ssl
+module and enable SSL support.
+
+chown root:root ...: This command changes
+the ownership of some installed files, the result of building the package as a
+user other than root.
+
+chown -R apache:apache /srv/www: By default, the
+installation process installs files (documentation, error messages, default
+icons, etc.) with the ownership of the user that extracted the files from the
+tar file. If you want to change the ownership to another user, you should do
+so at this point. The only requirement is that the document directories need
+to be accessible by the httpd process with (r-x) permissions
+and files need to be readable (r--) by the apache user.
+
+
+
+
+Configuring Apache
+
+
+Config files
+
+/etc/apache/*
+
+/etc/apache/*
+
+/etc/apache/httpd.conf
+
+
+
+
+Configuration Information
+
+The main configuration file is named httpd.conf.
+Modify it to run the server as a dedicated user:
+
+sed -i -e "s%User nobody%User apache%" \
+ -e "s%^Group #-1%Group apache%" \
+ /etc/apache/httpd.conf
+
+See for
+detailed instructions on customizing your Apache
+HTTP server.
+
+There's a problem with the ISAPI DSO module
+caused from compiling with
+GCC-&gcc-version;. Comment out
+the module from the configuration file with the following command:
+
+sed -i -e "s/^LoadModule isapi_module/# &/" \
+ /etc/apache/httpd.conf
+
+If you want the Apache
+server to start automatically when the system is booted, install the
+/etc/rc.d/init.d/apache init script included in the
+ package.
+
+apache
+
+make install-apache
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+ab, apachectl, apr-config, apu-config, apxs, checkgid, dbmmanage, htdbm,
+htdigest, htpasswd, httpd, instdso.sh, logresolve and rotatelogs
+libapr-0.[so,a], libaprutil-0.[so,a] and /usr/lib/apache/*.so
+/etc/apache, /srv/www, /usr/include/apache, /usr/lib/apache and
+/var/log/apache
+
+
+
+
+Short Descriptions
+
+
+
+ab
+is a tool for benchmarking your
+Apache HTTP server.
+
+ab
+
+
+
+
+apachectl
+is a front end to the Apache
+HTTP server which is designed to help the administrator
+control the functioning of the Apache httpd
+daemon.
+
+apachectl
+
+
+
+
+apxs
+is a tool for building and installing extension modules for
+the Apache HTTP server.
+
+apxs
+
+
+
+
+dbmanage
+is used to create and update the DBM
+format files used to store usernames and passwords for basic authentication
+of HTTP users.
+
+dbmanage
+
+
+
+
+htdigest
+is used to create and update the flat-files used to store
+usernames, realms and passwords for digest authentication of
+HTTP users.
+
+htdigest
+
+
+
+
+htpasswd
+is used to create and update the flat-files used to store
+usernames and passwords for basic authentication of HTTP
+users.
+
+htpasswd
+
+
+
+
+httpd
+is the Apache
+HTTP server program.
+
+httpd
+
+
+
+
+instdso.sh
+is a script which installs Apache
+DSO modules.
+
+instdso.sh
+
+
+
+
+logresolve
+is a post-processing program to resolve
+IP-addresses in Apache's
+access log files.
+
+logresolve
+
+
+
+
+rotatelogs
+is a simple program for use in conjunction with
+Apache's piped log file feature.
+
+rotatelogs
+
+
+
+
+
+
+
Index: server/major/bind.xml
===================================================================
--- server/major/bind.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/bind.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,538 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+BIND-&bind-version;p1
+
+BIND
+
+
+
+Introduction to
+BIND
+
+The BIND package
+provides a DNS server and client utilities. If you
+are only interested in the utilities, refer to the
+.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum:
+&bind-md5sum;
+Download size:
+&bind-size;
+Estimated disk space required:
+&bind-buildsize;
+Estimated build time:
+&bind-time;
+
+
+Additional downloads
+
+
+
+
+
+
+BIND
+dependencies
+Optional
+
+
+
+Optional (to run the full test suite)
+ (for ifconfig) and
+: Net-DNS
+
+
+Optional (to [re]build documentation)
+,
+,
+
+
+
+
+
+
+
+Installation of
+BIND
+
+Install BIND by
+running the following commands:
+
+patch -Np1 -i ../&bind-version;-patch1 &&
+sed -i -e "s/dsssl-stylesheets/&-1.78/g" configure &&
+./configure --prefix=/usr --sysconfdir=/etc \
+ --enable-threads --with-libtool &&
+make
+
+Now, as the root user:
+
+make install &&
+chmod 755 \
+ /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &&
+mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &&
+cd doc &&
+install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &&
+install -m644 arm/*.html \
+ /usr/share/doc/bind-9.3.0/arm &&
+install -m644 draft/*.txt \
+ /usr/share/doc/bind-9.3.0/draft &&
+install -m644 rfc/* \
+ /usr/share/doc/bind-9.3.0/rfc &&
+install -m644 \
+ misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
+ /usr/share/doc/bind-9.3.0/misc
+
+In order to run the complete test suite before installing the
+package, you need to set up some dummy interfaces (requires
+ifconfig). Issue the following commands to run the
+complete suite of tests (you will have to be the root user to issue the
+ifconfig commands):
+
+bin/tests/system/ifconfig.sh up &&
+make check >check.log 2>&1 &&
+bin/tests/system/ifconfig.sh down
+
+If desired, issue the following command to ensure all 145 tests ran
+successfully:
+
+grep "R:PASS" check.log | wc -l
+
+
+
+
+Command explanations
+
+patch -Np1 -i ../&bind-version;-patch1: There's a
+vulnerability in the DNSSEC code. See
+. The patch fixes the
+bug.
+
+sed -i -e ... configure: This command forces
+configure to look for the DSSSL
+stylesheets in the standard BLFS location.
+
+--sysconfdir=/etc: This parameter forces
+BIND to look for configuration
+files in /etc instead of
+/usr/etc.
+
+--enable-threads: This parameter enables
+multi-threading capability.
+
+--with-libtool: This parameter forces the
+building of dynamic libraries and links the installed binaries to these
+libraries.
+
+cd doc; install ...: These commands install the
+additional package documentation. Optionally, omit any or all of these
+commands.
+
+
+
+
+Configuring
+BIND
+
+Config files
+named.conf,
+root.hints,
+127.0.0,
+rndc.conf and
+resolv.conf
+
+/etc/named.conf
+
+/etc/rndc.conf
+
+/etc/resolv.conf
+
+/etc/namedb/root.hints
+
+
+/etc/namedb/pz/127.0.0.0
+
+
+
+Configuration Information
+
+BIND will be configured
+to run in a chroot jail as an unprivileged user (named).
+This configuration is more secure in that a DNS compromise
+can only affect a few files in the named user's HOME
+directory.
+
+Create the unprivileged user and group named:
+
+groupadd named &&
+useradd -m -c "BIND Owner" -g named -s /bin/false named
+
+Set up some files, directories and devices needed by
+BIND:
+
+cd /home/named &&
+mkdir -p dev etc/namedb/slave var/run &&
+mknod /home/named/dev/null c 1 3 &&
+mknod /home/named/dev/random c 1 8 &&
+chmod 666 /home/named/dev/{null,random} &&
+mkdir /home/named/etc/namedb/pz &&
+cp /etc/localtime /home/named/etc
+
+Then, generate a key for use in the named.conf
+and rdnc.conf files using the
+rndc-confgen command:
+
+rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2
+
+Create the named.conf file from which named
+will read the location of zone files, root name servers and secure
+DNS keys:
+
+cat > /home/named/etc/named.conf << "EOF"
+ options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named.pid";
+ statistics-file "/var/run/named.stats";
+
+ };
+ controls {
+ inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
+ };
+ key "rndc_key" {
+ algorithm hmac-md5;
+ secret "[Insert secret from rndc-confgen's output here]";
+ };
+ zone "." {
+ type hint;
+ file "root.hints";
+ };
+ zone "0.0.127.in-addr.arpa" {
+ type master;
+ file "pz/127.0.0";
+ };
+
+// Bind 9 now logs by default through syslog (except debug).
+// These are the default logging rules.
+
+logging {
+ category default { default_syslog; default_debug; };
+ category unmatched { null; };
+
+ channel default_syslog {
+ syslog daemon; // send to syslog's daemon
+ // facility
+ severity info; // only send priority info
+ // and higher
+ };
+
+ channel default_debug {
+ file "named.run"; // write to named.run in
+ // the working directory
+ // Note: stderr is used instead
+ // of "named.run"
+ // if the server is started
+ // with the '-f' option.
+ severity dynamic; // log at the server's
+ // current debug level
+ };
+
+ channel default_stderr {
+ stderr; // writes to stderr
+ severity info; // only send priority info
+ // and higher
+ };
+
+ channel null {
+ null; // toss anything sent to
+ // this channel
+ };
+};
+
+
+
+EOF
+
+Create the rndc.conf file with the following
+commands:
+
+cat > /etc/rndc.conf << "EOF"
+key rndc_key {
+algorithm "hmac-md5";
+ secret
+ "[Insert secret from rndc-confgen's output here]";
+ };
+options {
+ default-server localhost;
+ default-key rndc_key;
+};
+EOF
+
+The rndc.conf file contains information for
+controlling named operations with the rndc
+utility.
+
+Create a zone file with the following contents:
+
+cat > /home/named/etc/namedb/pz/127.0.0 << "EOF"
+$TTL 3D
+@ IN SOA ns.local.domain. hostmaster.local.domain. (
+ 1 ; Serial
+ 8H ; Refresh
+ 2H ; Retry
+ 4W ; Expire
+ 1D) ; Minimum TTL
+ NS ns.local.domain.
+1 PTR localhost.
+EOF
+
+Create the root.hints file with the following
+commands:
+
+Caution must be used to ensure there are no leading spaces in this
+file.
+
+cat > /home/named/etc/namedb/root.hints << "EOF"
+. 6D IN NS A.ROOT-SERVERS.NET.
+. 6D IN NS B.ROOT-SERVERS.NET.
+. 6D IN NS C.ROOT-SERVERS.NET.
+. 6D IN NS D.ROOT-SERVERS.NET.
+. 6D IN NS E.ROOT-SERVERS.NET.
+. 6D IN NS F.ROOT-SERVERS.NET.
+. 6D IN NS G.ROOT-SERVERS.NET.
+. 6D IN NS H.ROOT-SERVERS.NET.
+. 6D IN NS I.ROOT-SERVERS.NET.
+. 6D IN NS J.ROOT-SERVERS.NET.
+. 6D IN NS K.ROOT-SERVERS.NET.
+. 6D IN NS L.ROOT-SERVERS.NET.
+. 6D IN NS M.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
+B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
+C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
+D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
+E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
+F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
+G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
+H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
+I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
+J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
+K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
+L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
+M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
+EOF
+
+The root.hints file is a list of root name servers.
+This file must be updated periodically with the dig
+utility. A current copy of root.hints can be obtained from
+. Consult the
+
+BIND 9 Administrator Reference Manual
+for details.
+
+Create or modify resolv.conf to use the new
+name server with the following commands:
+
+Replace [yourdomain.com] with your own
+valid domain name.
+
+cp /etc/resolv.conf /etc/resolv.conf.bak &&
+cat > /etc/resolv.conf << "EOF"
+search [yourdomain.com]
+nameserver 127.0.0.1
+EOF
+
+Set permissions on the chroot jail with the
+following command:
+
+chown -R named.named /home/named
+
+To start the DNS server at boot, install the
+/etc/rc.d/init.d/bind init script included in the
+ package.
+
+bind
+
+make install-bind
+
+Now start BIND with
+the new boot script:
+
+/etc/rc.d/init.d/bind start
+
+
+
+Testing BIND
+
+Test out the new
+BIND 9 installation. First
+query the local host address with dig:
+
+dig -x 127.0.0.1
+
+Now try an external name lookup, taking note of the speed
+difference in repeated lookups due to the caching. Run the
+dig command twice on the same address:
+
+dig www.linuxfromscratch.org &&
+dig www.linuxfromscratch.org
+
+You can see almost instantaneous results with the named caching lookups.
+Consult the BIND Administrator
+Reference Manual located at
+doc/arm/Bv9ARM.html in the package source tree, for
+further configuration options.
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
+named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc and
+rndc-confgen
+libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a],
+libisccfg.[so,a] and liblwres.[so,a]
+/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
+/usr/include/isc, /usr/include/isccc, /usr/include/isccfg, /usr/include/lwres
+and /usr/share/doc/bind-&bind-version;
+
+
+
+
+Short Descriptions
+
+
+
+dig
+interrogates DNS servers.
+
+dig
+
+
+
+
+dnssec-keygen
+is a key generator for secure DNS.
+
+dnssec-keygen
+
+
+
+
+dnssec-signzone
+generates signed versions of zone files.
+
+dnssec-signzone
+
+
+
+
+host
+is a utility for DNS lookups.
+
+host
+
+
+
+
+lwresd
+is a caching-only name server for local process use.
+
+lwresd
+
+
+
+
+named
+is the name server daemon.
+
+named
+
+
+
+
+named-checkconf
+checks the syntax of named.conf
+files.
+
+named-checkconf
+
+
+
+
+named-checkzone
+checks zone file validity.
+
+named-checkzone
+
+
+
+
+nslookup
+is a program used to query Internet domain nameservers.
+
+nslookup
+
+
+
+
+nsupdate
+is used to submit DNS update
+requests.
+
+nsupdate
+
+
+
+
+rndc
+controls the operation of
+BIND.
+
+rndc
+
+
+
+
+rndc-confgen
+generates rndc.conf files.
+
+rndc-confgen
+
+
+
+
+
+
+
+
Index: server/major/major.xml
===================================================================
--- server/major/major.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/major.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,25 @@
+
+
+ %general-entities;
+]>
+
+
+
+Major Servers
+
+Major servers are the programs that provide content or services to users or other
+programs.
+
+
+
+
+
+
+
+
+
+
+
+
Index: server/major/openssh.xml
===================================================================
--- server/major/openssh.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/openssh.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,309 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+OpenSSH-&openssh-version;
+
+OpenSSH
+
+
+Introduction to
+OpenSSH
+
+The OpenSSH package
+contains ssh clients and the sshd daemon.
+This is useful for encrypting authentication and subsequent traffic over a
+network.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &openssh-md5sum;
+Download size: &openssh-size;
+Estimated disk space required:
+&openssh-buildsize;
+Estimated build time:
+&openssh-time;
+
+
+OpenSSH
+dependencies
+Required
+
+
+
+Optional
+,
+,
+X ( or ),
+ or ,
+,
+,
+OpenSC and
+libedit
+
+
+
+
+
+
+Installation of
+OpenSSH
+
+OpenSSH runs as two
+processes when connecting to other computers. The first process is a
+privileged process and controls the issuance of privileges as necessary.
+The second process communicates with the network. Additional installation
+steps are necessary to set up the proper environment, which are performed
+by the following commands:
+
+install -v -d -m700 /var/lib/sshd &&
+chown root:sys /var/lib/sshd &&
+groupadd sshd &&
+useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false sshd
+
+OpenSSH is very sensitive to changes in the
+linked OpenSSL libraries. If you recompile
+OpenSSL, OpenSSH may
+fail to startup. An alternative is to link against the static
+OpenSSL library. To link against the static
+library, execute the following command:
+
+sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure
+
+Install OpenSSH by running
+the following commands:
+
+./configure --prefix=/usr --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/sbin --with-md5-passwords \
+ --with-privsep-path=/var/lib/sshd
+
+If you use Heimdal as your Kerberos5
+implementation and you linked the Heimdal libraries
+into the build using the parameter, you'll
+need to modify the Makefile or the build will fail. Use
+the following command:
+
+sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile
+
+Continue the build:
+
+make
+
+If you linked tcp_wrappers into the build
+using the parameter, ensure you add
+127.0.0.1 to the sshd line in /etc/hosts.allow if you
+have a restrictive /etc/hosts.deny file, or the testsuite
+will fail. To run the testsuite, issue: make -k
+tests.
+
+Now, as the root user:
+
+make install
+
+
+
+
+Command explanations
+
+--sysconfdir=/etc/ssh: This prevents the
+configuration files from being installed in
+/usr/etc.
+
+--with-md5-passwords: This is required
+if you made the changes recommended by the shadowpasswd_plus
+LFS hint on
+your SSH server when you installed the Shadow Password
+Suite or if you access a SSH server that authenticates by
+user passwords encrypted with md5.
+
+--libexecdir=/usr/sbin: This parameter
+changes the installation path of some programs to
+/usr/sbin instead of
+/usr/libexec.
+
+
+
+
+Configuring OpenSSH
+
+Config files
+
+~/.ssh/*, /etc/ssh/ssh_config and
+/etc/ssh/sshd_config
+
+~/.ssh/*
+
+/etc/ssh/ssh_config
+
+
+/etc/ssh/sshd_config
+
+
+There are no required changes to any of these files. However,
+you may wish to view the /etc/ssh/
+files and make any changes appropriate for the security of your system. One
+recomended change is that you disable root login via ssh.
+Execute the following command to disable root login via
+ssh:
+
+echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+
+Additional configuration information can be found in the man pages for
+sshd, ssh and
+ssh-agent.
+
+
+sshd init.d script
+
+To start the SSH server at system boot, install the
+/etc/rc.d/init.d/sshd init script included in the
+ package.
+
+sshd
+
+make install-sshd
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
+ssh-keygen, ssh-keyscan and ssh-keysign
+None
+/etc/ssh and /var/lib/sshd
+
+
+
+
+Short Descriptions
+
+
+
+scp
+is a file copy program that acts like rcp
+except it uses an encrypted protocol.
+
+scp
+
+
+
+
+sftp
+is an FTP-like program that works over
+SSH1 and SSH2 protocols.
+
+sftp
+
+
+
+
+sftp-server
+is an SFTP server subsystem.
+
+sftp-server
+
+
+
+
+slogin
+is a symlink to ssh.
+
+slogin
+
+
+
+
+ssh
+is an rlogin/rsh-like
+client program except it uses an encrypted protocol.
+
+ssh
+
+
+
+
+sshd
+is a daemon that listens for ssh login
+requests.
+
+sshd
+
+
+
+
+ssh-add
+is a tool which adds keys to the
+ssh-agent.
+
+ssh-add
+
+
+
+
+ssh-agent
+is an authentication agent that can store private keys.
+
+ssh-agent
+
+
+
+
+ssh-keygen
+is a key generation tool.
+
+ssh-keygen
+
+
+
+
+ssh-keyscan
+is a utility for gathering public host keys from a number of
+hosts.
+
+ssh-keyscan
+
+
+
+
+ssh-keysign
+is used by ssh to access the local host
+keys and generate the digital signature required during hostbased
+authentication with SSH protocol version 2.
+
+ssh-keysign
+
+
+
+
+
+
+
+
Index: server/major/php.xml
===================================================================
--- server/major/php.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/php.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,243 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+PHP-&php-version;
+
+PHP
+
+
+Introduction to PHP
+
+PHP is the
+PHP Hypertext Preprocessor. Primarily used in dynamic web
+sites, it allows for programming code to be directly embedded into the
+HTML markup.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &php-md5sum;
+Download size: &php-size;
+Estimated disk space required:
+&php-buildsize;
+Estimated build time:
+&php-time;
+
+
+Additional downloads
+
+Required patch for Berkeley DB:
+
+
+
+PHP
+dependencies
+Required
+
+
+
+Optional
+,
+,
+,
+ClibPDF,
+,
+,
+,
+QDBM,
+cdb,
+,
+,
+,
+GD,
+,
+X ( or ),
+,
+
+t1lib,
+
+,
+,
+,
+,
+,
+,
+,
+,
+ or ,
+libmcrypt,
+mhash,
+Net-SNMP,
+SQLite,
+Dmalloc,
+mnoGoSearch,
+Mini SQL,
+Empress,
+Birdstep,
+DBMaker,
+Adabas,
+FrontBase,
+Caudium,
+WDDX,
+
+FDF Toolkit,
+Hyperwave,
+Monetra,
+ and
+MTA
+
+
+
+
+
+
+Installation of PHP
+
+You can use PHP
+for server-side scripting, command line scripting or client-side
+GUI applications. The book provides instructions for
+setting up PHP for
+server-side scripting as it is the most common form.
+
+If you have Berkeley DB installed and wish to utilize it, apply
+the following patch:
+
+patch -Np1 -i ../php-&php-version;-db43-1.patch
+
+Install PHP by
+running the following commands:
+
+./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-apxs2 \
+ --with-config-file-path=/etc \
+ --with-zlib \
+ --enable-bcmath \
+ --with-bz2 \
+ --enable-calendar \
+ --enable-dba \
+ --enable-exif \
+ --enable-ftp \
+ --with-gettext \
+ --with-iconv \
+ --enable-mbstring \
+ --with-ncurses \
+ --with-readline \
+ --disable-libxml &&
+make
+
+Now, as the root user:
+
+make install &&
+cp php.ini-recommended /etc/php.ini
+
+Remove the --disable-libxml switch if you
+have installed otherwise
+pear will not be built.
+
+PHP has many more configure options that
+will enable support for certain things. You can use
+./configure --help to see a full list of the
+available options. Also, use of the
+PHP web site
+is highly recommended, as their online docs are very good.
+
+
+
+
+Configuring PHP
+
+Config files
+/etc/php.ini,
+/etc/pear.conf
+
+/etc/php.ini
+
+/etc/pear.conf
+
+
+Configuration Information
+
+To enable PHP support in the
+Apache web server,
+a new LoadModule (which should be handled automatically by the
+make install command) and AddType directives must be added
+to the httpd.conf file:
+
+LoadModule php5_module lib/apache/libphp5.so
+AddType application/x-httpd-php .php
+
+Also, it can be useful to add an entry for
+index.php to the DirectoryIndex directive of the
+httpd.conf file.
+
+You'll need to restart the Apache web server
+after making any modifications to the httpd.conf
+file.
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Library
+Installed Directories
+
+
+pear, php, php-config, phpextdist and phpize
+libphp5.so
+/usr/include/php and /usr/lib/php
+
+
+
+
+Short Descriptions
+
+
+
+php
+is a command line interface that enables you to parse and
+execute PHP code.
+
+php
+
+
+
+
+pear
+is the PHP Extension and Application
+Repository (PEAR) package manager.
+
+pear
+
+
+
+
+
+
+
Index: server/major/proftpd.xml
===================================================================
--- server/major/proftpd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/proftpd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,288 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+ $LastChangedBy$
+ $Date$
+
+
+
+ProFTPD-&proftpd-version;
+
+
+ Proftpd
+
+
+
+Introduction to ProFTPD
+
+The ProFTPD package
+contains a secure and highly configurable FTP daemon. This
+is useful for serving large file archives over a network.
+
+
+Package information
+
+ Download (HTTP):
+ Download (FTP):
+ Download MD5 sum: &proftpd-md5sum;
+ Download size: &proftpd-size;
+ Estimated disk space required: &proftpd-buildsize;
+ Estimated build time: &proftpd-time;
+
+
+
+
+ProFTPD dependencies
+
+
+Optional
+
+
+
+
+
+
+
+
+
+Installation of ProFTPD
+
+For security reasons, you should install
+ProFTPD using an unprivileged user
+and group. As the root user:
+
+groupadd proftpd &&
+useradd -c proftpd -d /home/ftp -g proftpd \
+ -s /usr/lib/proftpd/proftpdshell proftpd &&
+install -d -m775 -o proftpd -g proftpd /usr/lib/proftpd &&
+ln -s /bin/false /usr/lib/proftpd/proftpdshell &&
+echo /usr/lib/proftpd/proftpdshell >> /etc/shells
+
+Install ProFTPD as a regular user by running
+the following commands:
+
+install_user=proftpd install_group=proftpd \
+ ./configure --prefix=/usr --sysconfdir=/etc \
+ --localstatedir=/var/run &&
+make
+
+Now, again as the root user:
+
+make install
+
+
+
+
+Command explanations
+
+install -d -m775 -o proftpd -g proftpd /usr/lib/proftpd:
+Create the home directory for ProFTPD.
+
+ln -s /bin/false /usr/lib/proftpd/proftpdshell:
+Set the default shell as a link to a invalid shell.
+
+echo /usr/lib/proftpd/proftpdshell >> /etc/shells:
+Fake a valid shell for compatability purposes.
+
+The above three commands can be ommitted if the following directive is
+placed in the configuration file:
+
+RequireValidShell off
+
+By default, proftpd will require that users logging in have valid shells.
+The RequireValidShell directive turns off this requirement. This is only
+recommended if you are setting up your FTP server exclusively
+for anonymous downloads.
+
+
+install_user=proftpd install_group=proftpd:
+Specify the user and group identity for
+ProFTPD.
+
+--sysconfdir=/etc:
+This prevents the configuration files from going to
+/usr/etc.
+
+--localstatedir=/var/run:
+This uses /var/run instead of
+/usr/var for lock files.
+
+
+
+
+Configuring ProFTPD
+
+
+proftpd init.d script
+
+
+ proftpd
+
+
+
+Install the /etc/rc.d/init.d/proftpd init script
+included in the package.
+
+make install-proftpd
+
+
+
+
+Config files
+
+
+ /etc/proftpd.conf
+
+
+/etc/proftpd.conf
+
+
+Configuration information
+This is a simple, download-only sample configuration. See the
+ProFTPD documentation in
+/usr/share/doc/proftpd and consult the
+website at for example
+configurations.
+
+cat > /etc/proftpd.conf << "EOF"
+# This is a basic ProFTPD configuration file
+# It establishes a single server and a single anonymous login.
+
+ServerName "ProFTPD Default Installation"
+ServerType standalone
+DefaultServer on
+
+# Port 21 is the standard FTP port.
+Port 21
+# Umask 022 is a good standard umask to prevent new dirs and files
+# from being group and world writable.
+Umask 022
+
+# To prevent DoS attacks, set the maximum number of child processes
+# to 30. If you need to allow more than 30 concurrent connections
+# at once, simply increase this value. Note that this ONLY works
+# in standalone mode, in inetd mode you should use an inetd server
+# that allows you to limit maximum number of processes per service
+# (such as xinetd)
+MaxInstances 30
+
+# Set the user and group that the server normally runs at.
+User proftpd
+Group proftpd
+
+# Normally, files should be overwritable.
+<Directory /*>
+ AllowOverwrite on
+</Directory>
+
+# A basic anonymous configuration, no upload directories.
+<Anonymous ~proftpd>
+ User proftpd
+ Group proftpd
+ # Clients should be able to login with "anonymous" as well as "proftpd"
+ UserAlias anonymous proftpd
+
+ # Limit the maximum number of anonymous logins
+ MaxClients 10
+
+ # 'welcome.msg' should be displayed at login, and '.message' displayed
+ # in each newly chdired directory.
+ DisplayLogin welcome.msg
+ DisplayFirstChdir .message
+
+ # Limit WRITE everywhere in the anonymous chroot
+ <Limit WRITE>
+ DenyAll
+ </Limit>
+</Anonymous>
+EOF
+
+
+
+
+Contents
+
+
+ Installed Programs
+ Installed Libraries
+ Installed Directory
+
+
+ ftpcount, ftpdctl, ftptop, ftpwho, ftpshut, proftpd
+ None
+ /var/run/proftpd
+
+
+
+
+ Short Descriptions
+
+
+
+ proftpd
+
+ is the FTP daemon.
+
+ proftpd
+
+
+
+
+
+ ftpcount
+
+ shows the current number of connections.
+
+ ftpcount
+
+
+
+
+
+ ftpshut
+
+ shuts down all proftpd servers at a given time.
+
+ ftpshut
+
+
+
+
+
+ ftptop
+
+ displays running status on connections.
+
+ ftptop
+
+
+
+
+
+ ftpwho
+
+ shows current process information for each session.
+
+ ftpwho
+
+
+
+
+
+
+
+
+
Index: server/major/samba3.xml
===================================================================
--- server/major/samba3.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/samba3.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,669 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+Samba-&samba3-version;
+
+Samba
+
+
+Introduction to Samba
+
+The Samba package provides file and print
+services to SMB/CIFS clients and
+Windows networking to Linux clients. Samba can also
+be configured as a Windows NT 4.0 Domain Controller replacement
+(with caveats working with NT PDC's and
+BDC's), a file/print server acting as a member of a
+Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002)
+nameserver (which amongst other things provides
+LAN browsing support).
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum:
+&samba3-md5sum;
+Download size:
+&samba3-size;
+Estimated disk space required:
+&samba3-buildsize;
+Estimated build time:
+&samba3-time;
+
+
+
+Samba dependencies
+
+Optional
+,
+,
+,
+,
+ or ,
+,
+ or ,
+,
+,
+Valgrind and
+ (used to encrypt access to SWAT)
+
+
+
+
+
+
+Installation of Samba
+
+Install Samba by running the following
+commands:
+
+cd source &&
+install -d /var/cache/samba &&
+./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-piddir=/var/run \
+ --with-fhs \
+ --with-smbmount &&
+make
+
+Now, as the root user:
+
+make install &&
+mv /usr/lib/samba/libsmbclient.so /usr/lib &&
+ln -sf ../libsmbclient.so /usr/lib/samba &&
+chmod 644 /usr/include/libsmbclient.h \
+ /usr/lib/samba/libsmbclient.a &&
+install -m755 nsswitch/libnss_win{s,bind}.so /lib &&
+ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 &&
+ln -sf libnss_wins.so /lib/libnss_wins.so.2 &&
+cp ../examples/smb.conf.default /etc/samba &&
+install -m644 ../docs/*.pdf /usr/share/samba &&
+if [ -f nsswitch/pam_winbind.so ]; then
+ install -m755 nsswitch/pam_winbind.so /lib/security
+fi
+
+You may want to run configure with the
+--help parameter. There may be other parameters
+needed to take advantage of the optional dependencies.
+
+
+
+
+Command explanations
+
+install -d /var/cache/samba: This directory is
+needed for proper operation of the smbd and
+nmbd daemons.
+
+--sysconfdir=/etc: Sets the configuration
+file directory to avoid the default of
+/usr/etc.
+
+--localstatedir=/var: Sets the variable
+data directory to avoid the default of
+/usr/var.
+
+: Assigns all other file paths in a manner
+compliant with the Filesystem Hierarchy Standard
+(FHS).
+
+: Orders the creation of an extra
+binary for use by the mount command so that mounting remote
+SMB (Windows) shares becomes no more complex than mounting
+remote NFS shares.
+
+: Use this parameter to link
+Linux-PAM into the build. This
+also builds the pam_winbind.so
+PAM module. You can find
+instructions on how to configure and use the module by running
+man winbindd.
+
+mv /usr/lib/samba/libsmbclient.so ...; ln -sf
+../libsmbclient.so ...: The
+libsmbclient.so library is needed
+by other packages. This command moves it to a location where other packages
+can find it.
+
+install -m755 nsswitch/libnss_win{s,bind}.so /lib:
+The nss libraries are not installed by default. If you intend to use
+winbindd for domain auth, and/or WINS name resolution,
+you need these libraries.
+
+ln -sf libnss_winbind.so /lib/libnss_winbind.so.2
+and ln -sf libnss_wins.so /lib/libnss_wins.so.2:
+These symlinks are required by glibc to use the nss libraries.
+
+cp ../examples/smb.conf.default /etc/samba:
+This copies a default smb.conf into
+/etc/samba. This sample configuration will not
+work unless edited for your site, and renamed
+smb.conf.
+
+
+
+
+Configuring Samba
+
+Config files
+/etc/samba/smb.conf
+
+/etc/samba/smb.conf
+
+
+
+Configuration overview and available documentation
+
+Due to the complexity and the many various uses for
+Samba, complete configuration is well beyond the
+scope of the BLFS book. Advanced configurations including
+setting up Primary and Backup Domain Controllers are advanced topics and
+cannot be adequately covered in BLFS (it should be noted,
+however, that a Samba BDC cannot
+be used as a fallback for a
+Windows PDC, and conversely, a
+Windows BDC cannot be used as a
+fallback for a Samba PDC). Many
+complete books have been written on these topics alone.
+
+There is quite a bit of documentation available which covers many of
+these advanced configurations. Point your web browser to the links below to
+view some of the documentation included with the
+Samba package:
+
+
+Using Samba, 2nd Edition; a popular book published by O'Reilly
+
+
+
+The Official Samba HOWTO and Reference Guide
+
+
+
+Samba-3 by Example
+
+
+
+The Samba-3 man Pages
+
+
+
+
+
+Configuring SWAT
+
+The built in SWAT
+(Samba Web Administration Tool) utility can be used
+for basic configuration of the Samba installation,
+but because it may be inconvenient, undesireable or perhaps even impossible
+to gain access to the console, BLFS recommends setting up access to
+SWAT using Stunnel.
+
+SWAT
+
+First you must add entries to /etc/services and
+modify the inetd/xinetd
+configuration.
+
+
+ /etc/services
+
+
+
+ /etc/inetd.conf
+
+
+
+ /etc/xinetd.conf
+
+
+Add swat and swat_tunnel entries to
+/etc/services with the following commands issued as the
+root user:
+
+echo "swat 901/tcp" >> /etc/services &&
+echo "swat_tunnel 902/tcp" >> /etc/services
+
+If inetd is used, the following command will add the
+swat_tunnel entry to /etc/inetd.conf (as user root):
+
+echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
+ >> /etc/inetd.conf
+Issue a killall -HUP inetd to reread the
+changed inetd.conf file.
+
+If you use xinetd, the following command will create the
+Samba file as /etc/xinetd.d/swat_tunnel:
+(you may need to modify or remove the
+only_from line to include the desired host[s]):
+
+cat >> /etc/xinetd.d/swat_tunnel << "EOF"
+# Begin /etc/xinetd.d/swat_tunnel
+
+service swat_tunnel
+{
+ port = 902
+ socket_type = stream
+ wait = no
+ only_from = 127.0.0.1
+ user = root
+ server = /usr/sbin/swat
+ log_on_failure += USERID
+}
+
+# End /etc/xinetd.d/swat_tunnel
+EOF
+
+
+ /etc/xinetd.d/swat_tunnel
+
+
+Issue a killall -HUP xinetd to reread the
+changed xinetd.conf file.
+
+Next, you must add an entry for the swat service to the
+/etc/stunnel/stunnel.conf file (as user root):
+
+
+ /etc/stunnel/stunnel.conf
+
+
+cat >> /etc/stunnel/stunnel.conf << "EOF"
+[swat]
+accept = 901
+connect = 902
+
+EOF
+
+Restart the stunnel daemon using the following
+command as the root user:
+
+/etc/rc.d/init.d/stunnel restart
+
+SWAT can be launched by pointing your web browser to
+https://[CA_DN_field]:901.
+Substitute the hostname listed in the DN field of the
+CA certificate used with
+Stunnel for
+[CA_DN_field].
+
+If you linked
+Linux-PAM into the
+Samba build, you'll need to create an
+/etc/pam.d/samba file.
+
+
+ /etc/pam.d/samba
+
+
+
+
+Printing to SMB clients
+
+If you use CUPS for print
+services, and you wish to print to a printer attached to an
+SMB client, you need to create an SMB
+backend device. To create the device, issue the following command as the
+root user:
+
+ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb
+
+
+Installing bootscripts
+
+For your convenience, boot scripts have been provided for
+Samba. There are two included in the
+ package. The first,
+samba, will start the smbd and
+nmbd daemons needed to provide
+SMB/CIFS services. The second
+script, winbind, starts the winbindd
+daemon, used for providing Windows domain services to Linux clients.
+
+
+ samba
+
+
+
+ winbind
+
+
+Install the samba script with the following
+command issued as the root user:
+
+make install-samba
+
+If you also need the winbind script:
+
+make install-winbind
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit, profiles,
+rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbmnt,
+smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat,
+tdbbackup, tdbdump, tdbtool, testparm, testprns, wbinfo and winbindd
+libnss_winbind.so, libnss_wins.so, libsmbclient.[so,a], the
+pam_winbind.so PAM library and assorted character set,
+filesystem and support modules.
+/etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba and
+/var/lib/samba
+
+
+
+
+Short Descriptions
+
+
+
+findsmb
+lists information about machines that respond to
+SMB name queries on a subnet.
+
+findsmb
+
+
+
+
+mount.smbfs
+is a symlink to mountsmb which provides
+/bin/mount with a way to mount remote Windows (or
+Samba) fileshares.
+
+mount.smbfs
+
+
+
+
+net
+is a tool for administration of
+Samba and remote CIFS servers,
+similar to the net utility for
+DOS/Windows.
+
+net
+
+
+
+
+nmbd
+is the Samba
+NetBIOS name server.
+
+nmbd
+
+
+
+
+nmblookup
+is used to query NetBIOS names and map
+them to IP addresses.
+
+nmblookup
+
+
+
+
+ntlm_auth
+is a tool to allow external access to Winbind's
+NTLM authentication function.
+
+ntlm_auth
+
+
+
+
+pdbedit
+is a tool used to manage the SAM
+database.
+
+pdbedit
+
+
+
+
+profiles
+is a utility that reports and changes SIDs
+in Windows registry files. It currently only supports Windows NT.
+
+profiles
+
+
+
+
+rpcclient
+is used to execute MS-RPC client side
+functions.
+
+rpcclient
+
+
+
+
+smbcacls
+is used to manipulate Windows NT access control lists.
+
+smbcacls
+
+
+
+
+smbclient
+is a SMB/CIFS access
+utility, similar to FTP.
+
+smbclient
+
+
+
+
+smbcontrol
+is used to control running smbd,
+nmbd and winbindd daemons.
+
+smbcontrol
+
+
+
+
+smbcquotas
+is used to manipulate Windows NT quotas on
+SMB file shares.
+
+smbcquotas
+
+
+
+
+smbd
+is the main Samba daemon which
+provides SMB/CIFS services to
+clients.
+
+smbd
+
+
+
+
+smbmnt
+is a helper application used by the
+smbmount program to do the actual mounting of
+SMB shares. It can be installed setuid root if you want
+normal users to be able to mount their SMB shares.
+
+smbmnt
+
+
+
+
+smbmount
+is usually invoked as mount.smbfs by the
+mount command when using the
+-t smbfs option, mounts a Linux SMB
+filesystem.
+
+smbmount
+
+
+
+
+smbpasswd
+changes a user's Samba
+password.
+
+smbpasswd
+
+
+
+
+smbspool
+sends a print job to an SMB printer.
+
+smbspool
+
+
+
+
+smbstatus
+reports current Samba
+connections.
+
+smbstatus
+
+
+
+
+smbtar
+is a shell script used for backing up
+SMB/CIFS shares directly to Linux tape
+drives or a file.
+
+smbtar
+
+
+
+
+smbtree
+is a text-based SMB network browser.
+
+smbtree
+
+
+
+
+smbumount
+is used by normal users to unmount SMB
+filesystems, provided that it is setuid root.
+
+smbumount
+
+
+
+
+swat
+is the Samba Web Administration
+Tool.
+
+swat
+
+
+
+
+tdbbackup
+is a tool for backing up or validating the integrity of
+Samba.tdb files.
+
+tdbbackup
+
+
+
+
+tdbdump
+ is a tool used to print the contents of a
+Samba.tdb file.
+
+tdbdump
+
+
+
+
+tdbtool
+is a tool which allows simple database manipulation from the
+command line.
+
+tdbtool
+
+
+
+
+testparm
+checks an smb.conf file for proper
+syntax.
+
+testparm
+
+
+
+
+testprns
+tests printer names.
+
+testprns
+
+
+
+
+wbinfo
+queries a running winbindd daemon.
+
+wbinfo
+
+
+
+
+winbindd
+resolves names from Windows NT servers.
+
+winbindd
+
+
+
+
+
+
+
+
+
Index: server/major/vsftpd.xml
===================================================================
--- server/major/vsftpd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/vsftpd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,163 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+$LastChangedBy$
+$Date$
+
+
+vsFTPD-&vsftpd-version;
+
+
+
+Introduction to
+vsFTPD
+
+The vsFTPD package
+contains a very secure and very small FTP daemon. This is
+useful for serving files over a network.
+
+Package information
+
+Download (HTTP):
+
+Download (FTP):
+
+Download MD5 sum: &vsftpd-md5sum;
+Download size: &vsftpd-size;
+Estimated disk space required:
+&vsftpd-buildsize;
+Estimated build time:
+&vsftpd-time;
+
+
+vsFTPD dependencies
+Optional
+,
+, and
+
+
+
+
+
+
+
+Installation of vsFTPD
+
+For security reasons, running
+vsFTPD as an unprivileged user
+and group is encouraged. Also, a user to map anonymous users to should be
+created.
+
+install -d -m 0755 /var/ftp/empty &&
+install -d -m 0755 /home/ftp &&
+groupadd vsftpd &&
+useradd -d /dev/null -c "vsFTPD User" -g vsftpd -s /bin/false vsftpd &&
+groupadd ftp &&
+useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false ftp
+
+
+Install vsFTPD by running
+the following commands:
+
+make &&
+install -m 755 vsftpd /usr/sbin/vsftpd &&
+install -m 644 vsftpd.8 /usr/share/man/man8 &&
+install -m 644 vsftpd.conf.5 /usr/share/man/man5 &&
+install -m 644 vsftpd.conf /etc
+
+
+
+
+Command explanations
+
+install -d [...]: This creates the directory that
+anonymous users will use (/home/ftp)
+and the directory the daemon will chroot into
+(/var/ftp/empty).
+
+/home/ftp should not be
+owned by the user vsftpd, or the user ftp.
+
+echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h:
+Use this prior to make to add support for
+tcpwrappers.
+
+echo "#define VSF_BUILD_SSL" >>builddefs.h:
+Use this prior to make to add support for
+SSL.
+
+install -m [...]:
+The Makefile hardwires
+/usr/local (if it exists). These
+commands install the files in
+/usr.
+
+
+
+
+Configuring vsFTPD
+
+vsftpd init.d script
+Install the /etc/rc.d/init.d/vsftpd
+init script included in the
+ package.
+
+make install-vsftpd
+
+
+
+Config files
+/etc/vsftpd.conf
+
+
+Configuration information
+vsFTPD comes with a basic
+anonymous-only configuration file that was copied to
+/etc above. This file should be modified
+because it is now recommended to run vsftpd in standalone
+mode as opposed to inetd/xinetd mode.
+Also, you should specify the privilege separation user created above. Finally,
+you should specify the chroot directory.
+man vsftpd.conf will give you all the details.
+
+cat >> /etc/vsftpd.conf << "EOF"
+background=YES
+listen=YES
+nopriv_user=vsftpd
+secure_chroot_dir=/var/ftp/empty
+EOF
+
+
+
+
+
+Contents
+
+The vsFTPD package contains
+vsftpd.
+
+
+
+Description
+
+vsftpd
+vsftpd is the FTP
+daemon.
+
+
+
+
+
Index: server/major/xinetd.xml
===================================================================
--- server/major/xinetd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
+++ server/major/xinetd.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -0,0 +1,717 @@
+
+
+ %general-entities;
+
+
+
+
+
+
+
+]>
+
+
+
+ $LastChangedBy$
+ $Date$
+
+
+
+xinetd-&xinetd-version;
+
+
+ Xinetd
+
+
+
+Introduction to xinetd
+
+xinetd is the eXtended InterNET services
+Daemon, a secure replacement for inetd.
+
+
+Package information
+
+ Download (HTTP):
+ Download (FTP):
+ Download MD5 sum: &xinetd-md5sum;
+ Download size: &xinetd-size;
+ Estimated disk space required: &xinetd-buildsize;
+ Estimated build time: &xinetd-time;
+
+
+
+
+xinetd dependencies
+
+
+Optional
+
+
+
+
+
+
+
+Installation of xinetd
+
+Install xinetd by running the following
+commands:
+
+./configure --prefix=/usr &&
+make
+
+Now, as the root user:
+
+make install
+
+
+
+
+Configuring xinetd
+
+
+Config files
+
+/etc/xinetd.conf
+
+
+ /etc/xinetd.conf
+
+
+
+
+Configuration Information
+
+Ensure the path to all daemons is
+/usr/sbin, rather than the default path
+of /usr/etc, and install the
+xinetd configuration files by running the following
+commands as the root user:
+
+cat > /etc/xinetd.conf << "EOF"
+# Begin /etc/xinetd
+# Configuration file for xinetd
+#
+
+defaults
+{
+ instances = 60
+ log_type = SYSLOG daemon
+ log_on_success = HOST PID USERID
+ log_on_failure = HOST USERID
+ cps = 25 30
+}
+
+# All service files are stored in the /etc/xinetd.d directory
+#
+includedir /etc/xinetd.d
+# End /etc/xinetd
+EOF
+
+All of the following files have the statement, "disable = yes". To activate
+any of the services, this statement will need to be changed to "disable = no".
+
+The following files are listed to demonstrate classic
+xinetd applications. In many cases, these
+applications are not needed. In some cases, the applications are
+considered security risks. For example, telnet, rlogin, rexec, and rsh
+transmit unencrypted usernames and passwords over the network and can be easily
+replaced with a more secure alternative: ssh.
+
+install -d -m755 /etc/xinetd.d &&
+cat > /etc/xinetd.d/login << "EOF" &&
+# Begin /etc/xinetd.d/login
+
+service login
+{
+ disable = yes
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = root
+ server = /usr/sbin/in.rlogind
+ log_type = SYSLOG local4 info
+}
+
+# End /etc/xinetd.d/login
+EOF
+cat > /etc/xinetd.d/shell << "EOF" &&
+# Begin /etc/xinetd.d/shell
+
+service shell
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ instances = UNLIMITED
+ flags = IDONLY
+ log_on_success += USERID
+ server = /usr/sbin/in.rshd
+}
+
+# End /etc/xinetd.d/shell
+EOF
+cat > /etc/xinetd.d/exec << "EOF" &&
+# Begin /etc/xinetd.d/exec
+
+service exec
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/sbin/in.rexecd
+}
+
+# End /etc/xinetd.d/exec
+EOF
+cat > /etc/xinetd.d/comsat << "EOF" &&
+# Begin /etc/xinetd.d/comsat
+
+service comsat
+{
+ disable = yes
+ socket_type = dgram
+ wait = yes
+ user = nobody
+ group = tty
+ server = /usr/sbin/in.comsat
+}
+
+# End /etc/xinetd.d/comsat
+EOF
+cat > /etc/xinetd.d/talk << "EOF" &&
+# Begin /etc/xinetd.d/talk
+
+service talk
+{
+ disable = yes
+ socket_type = dgram
+ wait = yes
+ user = root
+ server = /usr/sbin/in.talkd
+}
+
+# End /etc/xinetd.d/talk
+EOF
+cat > /etc/xinetd.d/ntalk << "EOF" &&
+# Begin /etc/xinetd.d/ntalk
+
+service ntalk
+{
+ disable = yes
+ socket_type = dgram
+ wait = yes
+ user = root
+ server = /usr/sbin/in.ntalkd
+}
+
+# End /etc/xinetd.d/ntalk
+EOF
+cat > /etc/xinetd.d/telnet << "EOF" &&
+# Begin /etc/xinetd.d/telnet
+
+service telnet
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/sbin/in.telnetd
+ bind = 127.0.0.1
+ log_on_failure += USERID
+}
+
+service telnet
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+# server = /usr/sbin/in.telnetd
+ bind = 192.231.139.175
+ redirect = 128.138.202.20 23
+ log_on_failure += USERID
+}
+
+# End /etc/xinetd.d/telnet
+EOF
+cat > /etc/xinetd.d/ftp << "EOF" &&
+# Begin /etc/xinetd.d/ftp
+
+service ftp
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/sbin/in.ftpd
+ server_args = -l
+ instances = 4
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ access_times = 2:00-8:59 12:00-23:59
+ nice = 10
+}
+
+# End /etc/xinetd.d/ftp
+EOF
+cat > /etc/xinetd.d/tftp << "EOF" &&
+# Begin /etc/xinetd.d/tftp
+
+service tftp
+{
+ disable = yes
+ socket_type = dgram
+ wait = yes
+ user = root
+ server = /usr/sbin/in.tftpd
+ server_args = -s /tftpboot
+}
+
+# End /etc/xinetd.d/tftp
+EOF
+cat > /etc/xinetd.d/finger << "EOF" &&
+# Begin /etc/xinetd.d/finger
+
+service finger
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = nobody
+ server = /usr/sbin/in.fingerd
+}
+
+# End /etc/xinetd.d/finger
+EOF
+cat > /etc/xinetd.d/systat << "EOF" &&
+# Begin /etc/xinetd.d/systat
+
+service systat
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = nobody
+ server = /usr/bin/ps
+ server_args = -auwwx
+ only_from = 128.138.209.0
+ log_on_success = HOST
+}
+
+# End /etc/xinetd.d/systat
+EOF
+cat > /etc/xinetd.d/netstat << "EOF" &&
+# Begin /etc/xinetd.d/netstat
+
+service netstat
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = nobody
+ server = /usr/ucb/netstat
+ server_args = -f inet
+ only_from = 128.138.209.0
+ log_on_success = HOST
+}
+
+# End /etc/xinetd.d/netstat
+EOF
+cat > /etc/xinetd.d/echo << "EOF" &&
+# Begin /etc/xinetd.d/echo
+
+service echo
+{
+ disable = yes
+ type = INTERNAL
+ id = echo-stream
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+}
+
+service echo
+{
+ disable = yes
+ type = INTERNAL
+ id = echo-dgram
+ socket_type = dgram
+ protocol = udp
+ user = root
+ wait = yes
+}
+
+# End /etc/xinetd.d/echo
+EOF
+cat > /etc/xinetd.d/chargen << "EOF" &&
+# Begin /etc/xinetd.d/chargen
+
+service chargen
+{
+ disable = yes
+ type = INTERNAL
+ id = chargen-stream
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+}
+
+service chargen
+{
+ disable = yes
+ type = INTERNAL
+ id = chargen-dgram
+ socket_type = dgram
+ protocol = udp
+ user = root
+ wait = yes
+}
+
+# End /etc/xinetd.d/chargen
+EOF
+cat > /etc/xinetd.d/daytime << "EOF" &&
+# Begin /etc/xinetd.d/daytime
+
+service daytime
+{
+ disable = yes
+ type = INTERNAL
+ id = daytime-stream
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+}
+
+service daytime
+{
+ disable = yes
+ type = INTERNAL
+ id = daytime-dgram
+ socket_type = dgram
+ protocol = udp
+ user = root
+ wait = yes
+}
+
+# End /etc/xinetd.d/daytime
+EOF
+cat > /etc/xinetd.d/time << "EOF" &&
+# Begin /etc/xinetd.d/time
+
+service time
+{
+ disable = yes
+ type = INTERNAL
+ id = time-stream
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+}
+
+
+service time
+{
+ disable = yes
+ type = INTERNAL
+ id = time-dgram
+ socket_type = dgram
+ protocol = udp
+ user = root
+ wait = yes
+}
+
+# End /etc/xinetd.d/time
+EOF
+cat > /etc/xinetd.d/rstatd << "EOF" &&
+# Begin /etc/xinetd.d/rstatd
+
+ervice rstatd
+{
+ disable = yes
+ type = RPC
+ flags = INTERCEPT
+ rpc_version = 2-4
+ socket_type = dgram
+ protocol = udp
+ server = /usr/sbin/rpc.rstatd
+ wait = yes
+ user = root
+}
+
+# End /etc/xinetd.d/rstatd
+EOF
+cat > /etc/xinetd.d/rquotad << "EOF" &&
+# Begin /etc/xinetd.d/rquotad
+
+service rquotad
+{
+ disable = yes
+ type = RPC
+ rpc_version = 1
+ socket_type = dgram
+ protocol = udp
+ wait = yes
+ user = root
+ server = /usr/sbin/rpc.rstatd
+}
+
+# End /etc/xinetd.d/rquotad
+EOF
+cat > /etc/xinetd.d/rusersd << "EOF" &&
+# Begin /etc/xinetd.d/rusersd
+
+service rusersd
+{
+ disable = yes
+ type = RPC
+ rpc_version = 1-2
+ socket_type = dgram
+ protocol = udp
+ wait = yes
+ user = root
+ server = /usr/sbin/rpc.rusersd
+}
+
+# End /etc/xinetd.d/rusersd
+EOF
+cat > /etc/xinetd.d/sprayd << "EOF" &&
+# Begin /etc/xinetd.d/sprayd
+
+service sprayd
+{
+ disable = yes
+ type = RPC
+ rpc_version = 1
+ socket_type = dgram
+ protocol = udp
+ wait = yes
+ user = root
+ server = /usr/sbin/rpc.sprayd
+}
+
+# End /etc/xinetd.d/sprayd
+EOF
+cat > /etc/xinetd.d/walld << "EOF" &&
+# Begin /etc/xinetd.d/walld
+
+service walld
+{
+ disable = yes
+ type = RPC
+ rpc_version = 1
+ socket_type = dgram
+ protocol = udp
+ wait = yes
+ user = nobody
+ group = tty
+ server = /usr/sbin/rpc.rwalld
+}
+
+# End /etc/xinetd.d/walld
+EOF
+cat > /etc/xinetd.d/irc << "EOF"
+# Begin /etc/xinetd.d/irc
+
+service irc
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ flags = SENSOR
+ type = INTERNAL
+ bind = 192.168.1.30
+ deny_time = 60
+}
+
+# End /etc/xinetd.d/irc
+EOF
+
+
+ /etc/xinetd.d/login
+
+
+
+ /etc/xinetd.d/shell
+
+
+
+ /etc/xinetd.d/exec
+
+
+
+ /etc/xinetd.d/comsat
+
+
+
+ /etc/xinetd.d/talk
+
+
+
+ /etc/xinetd.d/ntalk
+
+
+
+ /etc/xinetd.d/telnet
+
+
+
+ /etc/xinetd.d/ftp
+
+
+
+ /etc/xinetd.d/tftp
+
+
+
+ /etc/xinetd.d/systat
+
+
+
+ /etc/xinetd.d/finger
+
+
+
+ /etc/xinetd.d/netstat
+
+
+
+ /etc/xinetd.d/echo
+
+
+
+ /etc/xinetd.d/chargen
+
+
+
+ /etc/xinetd.d/daytime
+
+
+
+ /etc/xinetd.d/time
+
+
+
+ /etc/xinetd.d/rstatd
+
+
+
+ /etc/xinetd.d/rquotad
+
+
+
+ /etc/xinetd.d/ruserd
+
+
+
+ /etc/xinetd.d/sprayd
+
+
+
+ /etc/xinetd.d/walld
+
+
+
+ /etc/xinetd.d/irc
+
+
+
+
+The format of the /etc/xinetd.conf is
+documented in the xinetd.conf.5 man page. Further
+information can be found at .
+
+As the root user, install the
+/etc/rc.d/init.d/xinetd init script included in the
+ package.
+
+
+ xinetd
+
+
+make install-xinetd
+
+As the root user, use the new boot script to start
+xinetd:
+
+/etc/rc.d/init.d/xinetd start
+
+Checking the /var/log/daemon.log file
+should prove quite entertaining. This file may contain entries
+similar to the following:
+
+Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
+executable [line=29]
+Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
+DISABLING SERVICE [line=29]
+Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
+executable [line=42]
+
+These errors are because most of the servers xinetd
+is trying to control are not installed yet.
+
+
+
+
+
+Contents
+
+
+Installed Programs
+Installed Libraries
+Installed Directories
+
+
+itox, xconv.pl and xinetd
+None
+/etc/xinetd.d/
+
+
+
+
+Short Descriptions
+
+
+
+itox
+is a utility used for converting
+inetd.conf files to
+xinetd.conf format.
+
+itox
+
+
+
+
+xconv.pl
+is a Perl script used for
+converting inetd.conf files to
+xinetd.conf format, similar to
+itox.
+
+xconv.pl
+
+
+
+
+xinetd
+is the Internet services daemon.
+
+xinetd
+
+
+
+
+
+
+
Index: rver/other/bind.xml
===================================================================
--- server/other/bind.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,538 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-BIND-&bind-version;p1
-
-BIND
-
-
-
-Introduction to
-BIND
-
-The BIND package
-provides a DNS server and client utilities. If you
-are only interested in the utilities, refer to the
-.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum:
-&bind-md5sum;
-Download size:
-&bind-size;
-Estimated disk space required:
-&bind-buildsize;
-Estimated build time:
-&bind-time;
-
-
-Additional downloads
-
-
-
-
-
-
-BIND
-dependencies
-Optional
-
-
-
-Optional (to run the full test suite)
- (for ifconfig) and
-: Net-DNS
-
-
-Optional (to [re]build documentation)
-,
-,
-
-
-
-
-
-
-
-Installation of
-BIND
-
-Install BIND by
-running the following commands:
-
-patch -Np1 -i ../&bind-version;-patch1 &&
-sed -i -e "s/dsssl-stylesheets/&-1.78/g" configure &&
-./configure --prefix=/usr --sysconfdir=/etc \
- --enable-threads --with-libtool &&
-make
-
-Now, as the root user:
-
-make install &&
-chmod 755 \
- /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &&
-mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &&
-cd doc &&
-install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &&
-install -m644 arm/*.html \
- /usr/share/doc/bind-9.3.0/arm &&
-install -m644 draft/*.txt \
- /usr/share/doc/bind-9.3.0/draft &&
-install -m644 rfc/* \
- /usr/share/doc/bind-9.3.0/rfc &&
-install -m644 \
- misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
- /usr/share/doc/bind-9.3.0/misc
-
-In order to run the complete test suite before installing the
-package, you need to set up some dummy interfaces (requires
-ifconfig). Issue the following commands to run the
-complete suite of tests (you will have to be the root user to issue the
-ifconfig commands):
-
-bin/tests/system/ifconfig.sh up &&
-make check >check.log 2>&1 &&
-bin/tests/system/ifconfig.sh down
-
-If desired, issue the following command to ensure all 145 tests ran
-successfully:
-
-grep "R:PASS" check.log | wc -l
-
-
-
-
-Command explanations
-
-patch -Np1 -i ../&bind-version;-patch1: There's a
-vulnerability in the DNSSEC code. See
-. The patch fixes the
-bug.
-
-sed -i -e ... configure: This command forces
-configure to look for the DSSSL
-stylesheets in the standard BLFS location.
-
---sysconfdir=/etc: This parameter forces
-BIND to look for configuration
-files in /etc instead of
-/usr/etc.
-
---enable-threads: This parameter enables
-multi-threading capability.
-
---with-libtool: This parameter forces the
-building of dynamic libraries and links the installed binaries to these
-libraries.
-
-cd doc; install ...: These commands install the
-additional package documentation. Optionally, omit any or all of these
-commands.
-
-
-
-
-Configuring
-BIND
-
-Config files
-named.conf,
-root.hints,
-127.0.0,
-rndc.conf and
-resolv.conf
-
-/etc/named.conf
-
-/etc/rndc.conf
-
-/etc/resolv.conf
-
-/etc/namedb/root.hints
-
-
-/etc/namedb/pz/127.0.0.0
-
-
-
-Configuration Information
-
-BIND will be configured
-to run in a chroot jail as an unprivileged user (named).
-This configuration is more secure in that a DNS compromise
-can only affect a few files in the named user's HOME
-directory.
-
-Create the unprivileged user and group named:
-
-groupadd named &&
-useradd -m -c "BIND Owner" -g named -s /bin/false named
-
-Set up some files, directories and devices needed by
-BIND:
-
-cd /home/named &&
-mkdir -p dev etc/namedb/slave var/run &&
-mknod /home/named/dev/null c 1 3 &&
-mknod /home/named/dev/random c 1 8 &&
-chmod 666 /home/named/dev/{null,random} &&
-mkdir /home/named/etc/namedb/pz &&
-cp /etc/localtime /home/named/etc
-
-Then, generate a key for use in the named.conf
-and rdnc.conf files using the
-rndc-confgen command:
-
-rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2
-
-Create the named.conf file from which named
-will read the location of zone files, root name servers and secure
-DNS keys:
-
-cat > /home/named/etc/named.conf << "EOF"
- options {
- directory "/etc/namedb";
- pid-file "/var/run/named.pid";
- statistics-file "/var/run/named.stats";
-
- };
- controls {
- inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
- };
- key "rndc_key" {
- algorithm hmac-md5;
- secret "[Insert secret from rndc-confgen's output here]";
- };
- zone "." {
- type hint;
- file "root.hints";
- };
- zone "0.0.127.in-addr.arpa" {
- type master;
- file "pz/127.0.0";
- };
-
-// Bind 9 now logs by default through syslog (except debug).
-// These are the default logging rules.
-
-logging {
- category default { default_syslog; default_debug; };
- category unmatched { null; };
-
- channel default_syslog {
- syslog daemon; // send to syslog's daemon
- // facility
- severity info; // only send priority info
- // and higher
- };
-
- channel default_debug {
- file "named.run"; // write to named.run in
- // the working directory
- // Note: stderr is used instead
- // of "named.run"
- // if the server is started
- // with the '-f' option.
- severity dynamic; // log at the server's
- // current debug level
- };
-
- channel default_stderr {
- stderr; // writes to stderr
- severity info; // only send priority info
- // and higher
- };
-
- channel null {
- null; // toss anything sent to
- // this channel
- };
-};
-
-
-
-EOF
-
-Create the rndc.conf file with the following
-commands:
-
-cat > /etc/rndc.conf << "EOF"
-key rndc_key {
-algorithm "hmac-md5";
- secret
- "[Insert secret from rndc-confgen's output here]";
- };
-options {
- default-server localhost;
- default-key rndc_key;
-};
-EOF
-
-The rndc.conf file contains information for
-controlling named operations with the rndc
-utility.
-
-Create a zone file with the following contents:
-
-cat > /home/named/etc/namedb/pz/127.0.0 << "EOF"
-$TTL 3D
-@ IN SOA ns.local.domain. hostmaster.local.domain. (
- 1 ; Serial
- 8H ; Refresh
- 2H ; Retry
- 4W ; Expire
- 1D) ; Minimum TTL
- NS ns.local.domain.
-1 PTR localhost.
-EOF
-
-Create the root.hints file with the following
-commands:
-
-Caution must be used to ensure there are no leading spaces in this
-file.
-
-cat > /home/named/etc/namedb/root.hints << "EOF"
-. 6D IN NS A.ROOT-SERVERS.NET.
-. 6D IN NS B.ROOT-SERVERS.NET.
-. 6D IN NS C.ROOT-SERVERS.NET.
-. 6D IN NS D.ROOT-SERVERS.NET.
-. 6D IN NS E.ROOT-SERVERS.NET.
-. 6D IN NS F.ROOT-SERVERS.NET.
-. 6D IN NS G.ROOT-SERVERS.NET.
-. 6D IN NS H.ROOT-SERVERS.NET.
-. 6D IN NS I.ROOT-SERVERS.NET.
-. 6D IN NS J.ROOT-SERVERS.NET.
-. 6D IN NS K.ROOT-SERVERS.NET.
-. 6D IN NS L.ROOT-SERVERS.NET.
-. 6D IN NS M.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
-B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
-C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
-D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
-E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
-F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
-G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
-H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
-I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
-J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
-K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
-L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
-M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
-EOF
-
-The root.hints file is a list of root name servers.
-This file must be updated periodically with the dig
-utility. A current copy of root.hints can be obtained from
-. Consult the
-
-BIND 9 Administrator Reference Manual
-for details.
-
-Create or modify resolv.conf to use the new
-name server with the following commands:
-
-Replace [yourdomain.com] with your own
-valid domain name.
-
-cp /etc/resolv.conf /etc/resolv.conf.bak &&
-cat > /etc/resolv.conf << "EOF"
-search [yourdomain.com]
-nameserver 127.0.0.1
-EOF
-
-Set permissions on the chroot jail with the
-following command:
-
-chown -R named.named /home/named
-
-To start the DNS server at boot, install the
-/etc/rc.d/init.d/bind init script included in the
- package.
-
-bind
-
-make install-bind
-
-Now start BIND with
-the new boot script:
-
-/etc/rc.d/init.d/bind start
-
-
-
-Testing BIND
-
-Test out the new
-BIND 9 installation. First
-query the local host address with dig:
-
-dig -x 127.0.0.1
-
-Now try an external name lookup, taking note of the speed
-difference in repeated lookups due to the caching. Run the
-dig command twice on the same address:
-
-dig www.linuxfromscratch.org &&
-dig www.linuxfromscratch.org
-
-You can see almost instantaneous results with the named caching lookups.
-Consult the BIND Administrator
-Reference Manual located at
-doc/arm/Bv9ARM.html in the package source tree, for
-further configuration options.
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
-named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc and
-rndc-confgen
-libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a],
-libisccfg.[so,a] and liblwres.[so,a]
-/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
-/usr/include/isc, /usr/include/isccc, /usr/include/isccfg, /usr/include/lwres
-and /usr/share/doc/bind-&bind-version;
-
-
-
-
-Short Descriptions
-
-
-
-dig
-interrogates DNS servers.
-
-dig
-
-
-
-
-dnssec-keygen
-is a key generator for secure DNS.
-
-dnssec-keygen
-
-
-
-
-dnssec-signzone
-generates signed versions of zone files.
-
-dnssec-signzone
-
-
-
-
-host
-is a utility for DNS lookups.
-
-host
-
-
-
-
-lwresd
-is a caching-only name server for local process use.
-
-lwresd
-
-
-
-
-named
-is the name server daemon.
-
-named
-
-
-
-
-named-checkconf
-checks the syntax of named.conf
-files.
-
-named-checkconf
-
-
-
-
-named-checkzone
-checks zone file validity.
-
-named-checkzone
-
-
-
-
-nslookup
-is a program used to query Internet domain nameservers.
-
-nslookup
-
-
-
-
-nsupdate
-is used to submit DNS update
-requests.
-
-nsupdate
-
-
-
-
-rndc
-controls the operation of
-BIND.
-
-rndc
-
-
-
-
-rndc-confgen
-generates rndc.conf files.
-
-rndc-confgen
-
-
-
-
-
-
-
-
Index: rver/other/openssh.xml
===================================================================
--- server/other/openssh.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,309 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-OpenSSH-&openssh-version;
-
-OpenSSH
-
-
-Introduction to
-OpenSSH
-
-The OpenSSH package
-contains ssh clients and the sshd daemon.
-This is useful for encrypting authentication and subsequent traffic over a
-network.
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum: &openssh-md5sum;
-Download size: &openssh-size;
-Estimated disk space required:
-&openssh-buildsize;
-Estimated build time:
-&openssh-time;
-
-
-OpenSSH
-dependencies
-Required
-
-
-
-Optional
-,
-,
-X ( or ),
- or ,
-,
-,
-OpenSC and
-libedit
-
-
-
-
-
-
-Installation of
-OpenSSH
-
-OpenSSH runs as two
-processes when connecting to other computers. The first process is a
-privileged process and controls the issuance of privileges as necessary.
-The second process communicates with the network. Additional installation
-steps are necessary to set up the proper environment, which are performed
-by the following commands:
-
-install -v -d -m700 /var/lib/sshd &&
-chown root:sys /var/lib/sshd &&
-groupadd sshd &&
-useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false sshd
-
-OpenSSH is very sensitive to changes in the
-linked OpenSSL libraries. If you recompile
-OpenSSL, OpenSSH may
-fail to startup. An alternative is to link against the static
-OpenSSL library. To link against the static
-library, execute the following command:
-
-sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure
-
-Install OpenSSH by running
-the following commands:
-
-./configure --prefix=/usr --sysconfdir=/etc/ssh \
- --libexecdir=/usr/sbin --with-md5-passwords \
- --with-privsep-path=/var/lib/sshd
-
-If you use Heimdal as your Kerberos5
-implementation and you linked the Heimdal libraries
-into the build using the parameter, you'll
-need to modify the Makefile or the build will fail. Use
-the following command:
-
-sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile
-
-Continue the build:
-
-make
-
-If you linked tcp_wrappers into the build
-using the parameter, ensure you add
-127.0.0.1 to the sshd line in /etc/hosts.allow if you
-have a restrictive /etc/hosts.deny file, or the testsuite
-will fail. To run the testsuite, issue: make -k
-tests.
-
-Now, as the root user:
-
-make install
-
-
-
-
-Command explanations
-
---sysconfdir=/etc/ssh: This prevents the
-configuration files from being installed in
-/usr/etc.
-
---with-md5-passwords: This is required
-if you made the changes recommended by the shadowpasswd_plus
-LFS hint on
-your SSH server when you installed the Shadow Password
-Suite or if you access a SSH server that authenticates by
-user passwords encrypted with md5.
-
---libexecdir=/usr/sbin: This parameter
-changes the installation path of some programs to
-/usr/sbin instead of
-/usr/libexec.
-
-
-
-
-Configuring OpenSSH
-
-Config files
-
-~/.ssh/*, /etc/ssh/ssh_config and
-/etc/ssh/sshd_config
-
-~/.ssh/*
-
-/etc/ssh/ssh_config
-
-
-/etc/ssh/sshd_config
-
-
-There are no required changes to any of these files. However,
-you may wish to view the /etc/ssh/
-files and make any changes appropriate for the security of your system. One
-recomended change is that you disable root login via ssh.
-Execute the following command to disable root login via
-ssh:
-
-echo "PermitRootLogin no" >> /etc/ssh/sshd_config
-
-Additional configuration information can be found in the man pages for
-sshd, ssh and
-ssh-agent.
-
-
-sshd init.d script
-
-To start the SSH server at system boot, install the
-/etc/rc.d/init.d/sshd init script included in the
- package.
-
-sshd
-
-make install-sshd
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
-ssh-keygen, ssh-keyscan and ssh-keysign
-None
-/etc/ssh and /var/lib/sshd
-
-
-
-
-Short Descriptions
-
-
-
-scp
-is a file copy program that acts like rcp
-except it uses an encrypted protocol.
-
-scp
-
-
-
-
-sftp
-is an FTP-like program that works over
-SSH1 and SSH2 protocols.
-
-sftp
-
-
-
-
-sftp-server
-is an SFTP server subsystem.
-
-sftp-server
-
-
-
-
-slogin
-is a symlink to ssh.
-
-slogin
-
-
-
-
-ssh
-is an rlogin/rsh-like
-client program except it uses an encrypted protocol.
-
-ssh
-
-
-
-
-sshd
-is a daemon that listens for ssh login
-requests.
-
-sshd
-
-
-
-
-ssh-add
-is a tool which adds keys to the
-ssh-agent.
-
-ssh-add
-
-
-
-
-ssh-agent
-is an authentication agent that can store private keys.
-
-ssh-agent
-
-
-
-
-ssh-keygen
-is a key generation tool.
-
-ssh-keygen
-
-
-
-
-ssh-keyscan
-is a utility for gathering public host keys from a number of
-hosts.
-
-ssh-keyscan
-
-
-
-
-ssh-keysign
-is used by ssh to access the local host
-keys and generate the digital signature required during hostbased
-authentication with SSH protocol version 2.
-
-ssh-keysign
-
-
-
-
-
-
-
-
Index: server/other/other.xml
===================================================================
--- server/other/other.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ server/other/other.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -17,14 +17,10 @@
that you can analyze the risks.
-
+
+
+
+
-
-
-
-
-
-
-
Index: rver/other/samba3.xml
===================================================================
--- server/other/samba3.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,669 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-$LastChangedBy$
-$Date$
-
-
-Samba-&samba3-version;
-
-Samba
-
-
-Introduction to Samba
-
-The Samba package provides file and print
-services to SMB/CIFS clients and
-Windows networking to Linux clients. Samba can also
-be configured as a Windows NT 4.0 Domain Controller replacement
-(with caveats working with NT PDC's and
-BDC's), a file/print server acting as a member of a
-Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002)
-nameserver (which amongst other things provides
-LAN browsing support).
-
-Package information
-
-Download (HTTP):
-
-Download (FTP):
-
-Download MD5 sum:
-&samba3-md5sum;
-Download size:
-&samba3-size;
-Estimated disk space required:
-&samba3-buildsize;
-Estimated build time:
-&samba3-time;
-
-
-
-Samba dependencies
-
-Optional
-,
-,
-,
-,
- or ,
-,
- or ,
-,
-,
-Valgrind and
- (used to encrypt access to SWAT)
-
-
-
-
-
-
-Installation of Samba
-
-Install Samba by running the following
-commands:
-
-cd source &&
-install -d /var/cache/samba &&
-./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --with-piddir=/var/run \
- --with-fhs \
- --with-smbmount &&
-make
-
-Now, as the root user:
-
-make install &&
-mv /usr/lib/samba/libsmbclient.so /usr/lib &&
-ln -sf ../libsmbclient.so /usr/lib/samba &&
-chmod 644 /usr/include/libsmbclient.h \
- /usr/lib/samba/libsmbclient.a &&
-install -m755 nsswitch/libnss_win{s,bind}.so /lib &&
-ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 &&
-ln -sf libnss_wins.so /lib/libnss_wins.so.2 &&
-cp ../examples/smb.conf.default /etc/samba &&
-install -m644 ../docs/*.pdf /usr/share/samba &&
-if [ -f nsswitch/pam_winbind.so ]; then
- install -m755 nsswitch/pam_winbind.so /lib/security
-fi
-
-You may want to run configure with the
---help parameter. There may be other parameters
-needed to take advantage of the optional dependencies.
-
-
-
-
-Command explanations
-
-install -d /var/cache/samba: This directory is
-needed for proper operation of the smbd and
-nmbd daemons.
-
---sysconfdir=/etc: Sets the configuration
-file directory to avoid the default of
-/usr/etc.
-
---localstatedir=/var: Sets the variable
-data directory to avoid the default of
-/usr/var.
-
-: Assigns all other file paths in a manner
-compliant with the Filesystem Hierarchy Standard
-(FHS).
-
-: Orders the creation of an extra
-binary for use by the mount command so that mounting remote
-SMB (Windows) shares becomes no more complex than mounting
-remote NFS shares.
-
-: Use this parameter to link
-Linux-PAM into the build. This
-also builds the pam_winbind.so
-PAM module. You can find
-instructions on how to configure and use the module by running
-man winbindd.
-
-mv /usr/lib/samba/libsmbclient.so ...; ln -sf
-../libsmbclient.so ...: The
-libsmbclient.so library is needed
-by other packages. This command moves it to a location where other packages
-can find it.
-
-install -m755 nsswitch/libnss_win{s,bind}.so /lib:
-The nss libraries are not installed by default. If you intend to use
-winbindd for domain auth, and/or WINS name resolution,
-you need these libraries.
-
-ln -sf libnss_winbind.so /lib/libnss_winbind.so.2
-and ln -sf libnss_wins.so /lib/libnss_wins.so.2:
-These symlinks are required by glibc to use the nss libraries.
-
-cp ../examples/smb.conf.default /etc/samba:
-This copies a default smb.conf into
-/etc/samba. This sample configuration will not
-work unless edited for your site, and renamed
-smb.conf.
-
-
-
-
-Configuring Samba
-
-Config files
-/etc/samba/smb.conf
-
-/etc/samba/smb.conf
-
-
-
-Configuration overview and available documentation
-
-Due to the complexity and the many various uses for
-Samba, complete configuration is well beyond the
-scope of the BLFS book. Advanced configurations including
-setting up Primary and Backup Domain Controllers are advanced topics and
-cannot be adequately covered in BLFS (it should be noted,
-however, that a Samba BDC cannot
-be used as a fallback for a
-Windows PDC, and conversely, a
-Windows BDC cannot be used as a
-fallback for a Samba PDC). Many
-complete books have been written on these topics alone.
-
-There is quite a bit of documentation available which covers many of
-these advanced configurations. Point your web browser to the links below to
-view some of the documentation included with the
-Samba package:
-
-
-Using Samba, 2nd Edition; a popular book published by O'Reilly
-
-
-
-The Official Samba HOWTO and Reference Guide
-
-
-
-Samba-3 by Example
-
-
-
-The Samba-3 man Pages
-
-
-
-
-
-Configuring SWAT
-
-The built in SWAT
-(Samba Web Administration Tool) utility can be used
-for basic configuration of the Samba installation,
-but because it may be inconvenient, undesireable or perhaps even impossible
-to gain access to the console, BLFS recommends setting up access to
-SWAT using Stunnel.
-
-SWAT
-
-First you must add entries to /etc/services and
-modify the inetd/xinetd
-configuration.
-
-
- /etc/services
-
-
-
- /etc/inetd.conf
-
-
-
- /etc/xinetd.conf
-
-
-Add swat and swat_tunnel entries to
-/etc/services with the following commands issued as the
-root user:
-
-echo "swat 901/tcp" >> /etc/services &&
-echo "swat_tunnel 902/tcp" >> /etc/services
-
-If inetd is used, the following command will add the
-swat_tunnel entry to /etc/inetd.conf (as user root):
-
-echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
- >> /etc/inetd.conf
-Issue a killall -HUP inetd to reread the
-changed inetd.conf file.
-
-If you use xinetd, the following command will create the
-Samba file as /etc/xinetd.d/swat_tunnel:
-(you may need to modify or remove the
-only_from line to include the desired host[s]):
-
-cat >> /etc/xinetd.d/swat_tunnel << "EOF"
-# Begin /etc/xinetd.d/swat_tunnel
-
-service swat_tunnel
-{
- port = 902
- socket_type = stream
- wait = no
- only_from = 127.0.0.1
- user = root
- server = /usr/sbin/swat
- log_on_failure += USERID
-}
-
-# End /etc/xinetd.d/swat_tunnel
-EOF
-
-
- /etc/xinetd.d/swat_tunnel
-
-
-Issue a killall -HUP xinetd to reread the
-changed xinetd.conf file.
-
-Next, you must add an entry for the swat service to the
-/etc/stunnel/stunnel.conf file (as user root):
-
-
- /etc/stunnel/stunnel.conf
-
-
-cat >> /etc/stunnel/stunnel.conf << "EOF"
-[swat]
-accept = 901
-connect = 902
-
-EOF
-
-Restart the stunnel daemon using the following
-command as the root user:
-
-/etc/rc.d/init.d/stunnel restart
-
-SWAT can be launched by pointing your web browser to
-https://[CA_DN_field]:901.
-Substitute the hostname listed in the DN field of the
-CA certificate used with
-Stunnel for
-[CA_DN_field].
-
-If you linked
-Linux-PAM into the
-Samba build, you'll need to create an
-/etc/pam.d/samba file.
-
-
- /etc/pam.d/samba
-
-
-
-
-Printing to SMB clients
-
-If you use CUPS for print
-services, and you wish to print to a printer attached to an
-SMB client, you need to create an SMB
-backend device. To create the device, issue the following command as the
-root user:
-
-ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb
-
-
-Installing bootscripts
-
-For your convenience, boot scripts have been provided for
-Samba. There are two included in the
- package. The first,
-samba, will start the smbd and
-nmbd daemons needed to provide
-SMB/CIFS services. The second
-script, winbind, starts the winbindd
-daemon, used for providing Windows domain services to Linux clients.
-
-
- samba
-
-
-
- winbind
-
-
-Install the samba script with the following
-command issued as the root user:
-
-make install-samba
-
-If you also need the winbind script:
-
-make install-winbind
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit, profiles,
-rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbmnt,
-smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat,
-tdbbackup, tdbdump, tdbtool, testparm, testprns, wbinfo and winbindd
-libnss_winbind.so, libnss_wins.so, libsmbclient.[so,a], the
-pam_winbind.so PAM library and assorted character set,
-filesystem and support modules.
-/etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba and
-/var/lib/samba
-
-
-
-
-Short Descriptions
-
-
-
-findsmb
-lists information about machines that respond to
-SMB name queries on a subnet.
-
-findsmb
-
-
-
-
-mount.smbfs
-is a symlink to mountsmb which provides
-/bin/mount with a way to mount remote Windows (or
-Samba) fileshares.
-
-mount.smbfs
-
-
-
-
-net
-is a tool for administration of
-Samba and remote CIFS servers,
-similar to the net utility for
-DOS/Windows.
-
-net
-
-
-
-
-nmbd
-is the Samba
-NetBIOS name server.
-
-nmbd
-
-
-
-
-nmblookup
-is used to query NetBIOS names and map
-them to IP addresses.
-
-nmblookup
-
-
-
-
-ntlm_auth
-is a tool to allow external access to Winbind's
-NTLM authentication function.
-
-ntlm_auth
-
-
-
-
-pdbedit
-is a tool used to manage the SAM
-database.
-
-pdbedit
-
-
-
-
-profiles
-is a utility that reports and changes SIDs
-in Windows registry files. It currently only supports Windows NT.
-
-profiles
-
-
-
-
-rpcclient
-is used to execute MS-RPC client side
-functions.
-
-rpcclient
-
-
-
-
-smbcacls
-is used to manipulate Windows NT access control lists.
-
-smbcacls
-
-
-
-
-smbclient
-is a SMB/CIFS access
-utility, similar to FTP.
-
-smbclient
-
-
-
-
-smbcontrol
-is used to control running smbd,
-nmbd and winbindd daemons.
-
-smbcontrol
-
-
-
-
-smbcquotas
-is used to manipulate Windows NT quotas on
-SMB file shares.
-
-smbcquotas
-
-
-
-
-smbd
-is the main Samba daemon which
-provides SMB/CIFS services to
-clients.
-
-smbd
-
-
-
-
-smbmnt
-is a helper application used by the
-smbmount program to do the actual mounting of
-SMB shares. It can be installed setuid root if you want
-normal users to be able to mount their SMB shares.
-
-smbmnt
-
-
-
-
-smbmount
-is usually invoked as mount.smbfs by the
-mount command when using the
--t smbfs option, mounts a Linux SMB
-filesystem.
-
-smbmount
-
-
-
-
-smbpasswd
-changes a user's Samba
-password.
-
-smbpasswd
-
-
-
-
-smbspool
-sends a print job to an SMB printer.
-
-smbspool
-
-
-
-
-smbstatus
-reports current Samba
-connections.
-
-smbstatus
-
-
-
-
-smbtar
-is a shell script used for backing up
-SMB/CIFS shares directly to Linux tape
-drives or a file.
-
-smbtar
-
-
-
-
-smbtree
-is a text-based SMB network browser.
-
-smbtree
-
-
-
-
-smbumount
-is used by normal users to unmount SMB
-filesystems, provided that it is setuid root.
-
-smbumount
-
-
-
-
-swat
-is the Samba Web Administration
-Tool.
-
-swat
-
-
-
-
-tdbbackup
-is a tool for backing up or validating the integrity of
-Samba.tdb files.
-
-tdbbackup
-
-
-
-
-tdbdump
- is a tool used to print the contents of a
-Samba.tdb file.
-
-tdbdump
-
-
-
-
-tdbtool
-is a tool which allows simple database manipulation from the
-command line.
-
-tdbtool
-
-
-
-
-testparm
-checks an smb.conf file for proper
-syntax.
-
-testparm
-
-
-
-
-testprns
-tests printer names.
-
-testprns
-
-
-
-
-wbinfo
-queries a running winbindd daemon.
-
-wbinfo
-
-
-
-
-winbindd
-resolves names from Windows NT servers.
-
-winbindd
-
-
-
-
-
-
-
-
-
Index: rver/other/xinetd.xml
===================================================================
--- server/other/xinetd.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ (revision )
@@ -1,717 +1,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
- $LastChangedBy$
- $Date$
-
-
-
-xinetd-&xinetd-version;
-
-
- Xinetd
-
-
-
-Introduction to xinetd
-
-xinetd is the eXtended InterNET services
-Daemon, a secure replacement for inetd.
-
-
-Package information
-
- Download (HTTP):
- Download (FTP):
- Download MD5 sum: &xinetd-md5sum;
- Download size: &xinetd-size;
- Estimated disk space required: &xinetd-buildsize;
- Estimated build time: &xinetd-time;
-
-
-
-
-xinetd dependencies
-
-
-Optional
-
-
-
-
-
-
-
-Installation of xinetd
-
-Install xinetd by running the following
-commands:
-
-./configure --prefix=/usr &&
-make
-
-Now, as the root user:
-
-make install
-
-
-
-
-Configuring xinetd
-
-
-Config files
-
-/etc/xinetd.conf
-
-
- /etc/xinetd.conf
-
-
-
-
-Configuration Information
-
-Ensure the path to all daemons is
-/usr/sbin, rather than the default path
-of /usr/etc, and install the
-xinetd configuration files by running the following
-commands as the root user:
-
-cat > /etc/xinetd.conf << "EOF"
-# Begin /etc/xinetd
-# Configuration file for xinetd
-#
-
-defaults
-{
- instances = 60
- log_type = SYSLOG daemon
- log_on_success = HOST PID USERID
- log_on_failure = HOST USERID
- cps = 25 30
-}
-
-# All service files are stored in the /etc/xinetd.d directory
-#
-includedir /etc/xinetd.d
-# End /etc/xinetd
-EOF
-
-All of the following files have the statement, "disable = yes". To activate
-any of the services, this statement will need to be changed to "disable = no".
-
-The following files are listed to demonstrate classic
-xinetd applications. In many cases, these
-applications are not needed. In some cases, the applications are
-considered security risks. For example, telnet, rlogin, rexec, and rsh
-transmit unencrypted usernames and passwords over the network and can be easily
-replaced with a more secure alternative: ssh.
-
-install -d -m755 /etc/xinetd.d &&
-cat > /etc/xinetd.d/login << "EOF" &&
-# Begin /etc/xinetd.d/login
-
-service login
-{
- disable = yes
- socket_type = stream
- protocol = tcp
- wait = no
- user = root
- server = /usr/sbin/in.rlogind
- log_type = SYSLOG local4 info
-}
-
-# End /etc/xinetd.d/login
-EOF
-cat > /etc/xinetd.d/shell << "EOF" &&
-# Begin /etc/xinetd.d/shell
-
-service shell
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
- instances = UNLIMITED
- flags = IDONLY
- log_on_success += USERID
- server = /usr/sbin/in.rshd
-}
-
-# End /etc/xinetd.d/shell
-EOF
-cat > /etc/xinetd.d/exec << "EOF" &&
-# Begin /etc/xinetd.d/exec
-
-service exec
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
- server = /usr/sbin/in.rexecd
-}
-
-# End /etc/xinetd.d/exec
-EOF
-cat > /etc/xinetd.d/comsat << "EOF" &&
-# Begin /etc/xinetd.d/comsat
-
-service comsat
-{
- disable = yes
- socket_type = dgram
- wait = yes
- user = nobody
- group = tty
- server = /usr/sbin/in.comsat
-}
-
-# End /etc/xinetd.d/comsat
-EOF
-cat > /etc/xinetd.d/talk << "EOF" &&
-# Begin /etc/xinetd.d/talk
-
-service talk
-{
- disable = yes
- socket_type = dgram
- wait = yes
- user = root
- server = /usr/sbin/in.talkd
-}
-
-# End /etc/xinetd.d/talk
-EOF
-cat > /etc/xinetd.d/ntalk << "EOF" &&
-# Begin /etc/xinetd.d/ntalk
-
-service ntalk
-{
- disable = yes
- socket_type = dgram
- wait = yes
- user = root
- server = /usr/sbin/in.ntalkd
-}
-
-# End /etc/xinetd.d/ntalk
-EOF
-cat > /etc/xinetd.d/telnet << "EOF" &&
-# Begin /etc/xinetd.d/telnet
-
-service telnet
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
- server = /usr/sbin/in.telnetd
- bind = 127.0.0.1
- log_on_failure += USERID
-}
-
-service telnet
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
-# server = /usr/sbin/in.telnetd
- bind = 192.231.139.175
- redirect = 128.138.202.20 23
- log_on_failure += USERID
-}
-
-# End /etc/xinetd.d/telnet
-EOF
-cat > /etc/xinetd.d/ftp << "EOF" &&
-# Begin /etc/xinetd.d/ftp
-
-service ftp
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
- server = /usr/sbin/in.ftpd
- server_args = -l
- instances = 4
- log_on_success += DURATION USERID
- log_on_failure += USERID
- access_times = 2:00-8:59 12:00-23:59
- nice = 10
-}
-
-# End /etc/xinetd.d/ftp
-EOF
-cat > /etc/xinetd.d/tftp << "EOF" &&
-# Begin /etc/xinetd.d/tftp
-
-service tftp
-{
- disable = yes
- socket_type = dgram
- wait = yes
- user = root
- server = /usr/sbin/in.tftpd
- server_args = -s /tftpboot
-}
-
-# End /etc/xinetd.d/tftp
-EOF
-cat > /etc/xinetd.d/finger << "EOF" &&
-# Begin /etc/xinetd.d/finger
-
-service finger
-{
- disable = yes
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/sbin/in.fingerd
-}
-
-# End /etc/xinetd.d/finger
-EOF
-cat > /etc/xinetd.d/systat << "EOF" &&
-# Begin /etc/xinetd.d/systat
-
-service systat
-{
- disable = yes
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/bin/ps
- server_args = -auwwx
- only_from = 128.138.209.0
- log_on_success = HOST
-}
-
-# End /etc/xinetd.d/systat
-EOF
-cat > /etc/xinetd.d/netstat << "EOF" &&
-# Begin /etc/xinetd.d/netstat
-
-service netstat
-{
- disable = yes
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/ucb/netstat
- server_args = -f inet
- only_from = 128.138.209.0
- log_on_success = HOST
-}
-
-# End /etc/xinetd.d/netstat
-EOF
-cat > /etc/xinetd.d/echo << "EOF" &&
-# Begin /etc/xinetd.d/echo
-
-service echo
-{
- disable = yes
- type = INTERNAL
- id = echo-stream
- socket_type = stream
- protocol = tcp
- user = root
- wait = no
-}
-
-service echo
-{
- disable = yes
- type = INTERNAL
- id = echo-dgram
- socket_type = dgram
- protocol = udp
- user = root
- wait = yes
-}
-
-# End /etc/xinetd.d/echo
-EOF
-cat > /etc/xinetd.d/chargen << "EOF" &&
-# Begin /etc/xinetd.d/chargen
-
-service chargen
-{
- disable = yes
- type = INTERNAL
- id = chargen-stream
- socket_type = stream
- protocol = tcp
- user = root
- wait = no
-}
-
-service chargen
-{
- disable = yes
- type = INTERNAL
- id = chargen-dgram
- socket_type = dgram
- protocol = udp
- user = root
- wait = yes
-}
-
-# End /etc/xinetd.d/chargen
-EOF
-cat > /etc/xinetd.d/daytime << "EOF" &&
-# Begin /etc/xinetd.d/daytime
-
-service daytime
-{
- disable = yes
- type = INTERNAL
- id = daytime-stream
- socket_type = stream
- protocol = tcp
- user = root
- wait = no
-}
-
-service daytime
-{
- disable = yes
- type = INTERNAL
- id = daytime-dgram
- socket_type = dgram
- protocol = udp
- user = root
- wait = yes
-}
-
-# End /etc/xinetd.d/daytime
-EOF
-cat > /etc/xinetd.d/time << "EOF" &&
-# Begin /etc/xinetd.d/time
-
-service time
-{
- disable = yes
- type = INTERNAL
- id = time-stream
- socket_type = stream
- protocol = tcp
- user = root
- wait = no
-}
-
-
-service time
-{
- disable = yes
- type = INTERNAL
- id = time-dgram
- socket_type = dgram
- protocol = udp
- user = root
- wait = yes
-}
-
-# End /etc/xinetd.d/time
-EOF
-cat > /etc/xinetd.d/rstatd << "EOF" &&
-# Begin /etc/xinetd.d/rstatd
-
-ervice rstatd
-{
- disable = yes
- type = RPC
- flags = INTERCEPT
- rpc_version = 2-4
- socket_type = dgram
- protocol = udp
- server = /usr/sbin/rpc.rstatd
- wait = yes
- user = root
-}
-
-# End /etc/xinetd.d/rstatd
-EOF
-cat > /etc/xinetd.d/rquotad << "EOF" &&
-# Begin /etc/xinetd.d/rquotad
-
-service rquotad
-{
- disable = yes
- type = RPC
- rpc_version = 1
- socket_type = dgram
- protocol = udp
- wait = yes
- user = root
- server = /usr/sbin/rpc.rstatd
-}
-
-# End /etc/xinetd.d/rquotad
-EOF
-cat > /etc/xinetd.d/rusersd << "EOF" &&
-# Begin /etc/xinetd.d/rusersd
-
-service rusersd
-{
- disable = yes
- type = RPC
- rpc_version = 1-2
- socket_type = dgram
- protocol = udp
- wait = yes
- user = root
- server = /usr/sbin/rpc.rusersd
-}
-
-# End /etc/xinetd.d/rusersd
-EOF
-cat > /etc/xinetd.d/sprayd << "EOF" &&
-# Begin /etc/xinetd.d/sprayd
-
-service sprayd
-{
- disable = yes
- type = RPC
- rpc_version = 1
- socket_type = dgram
- protocol = udp
- wait = yes
- user = root
- server = /usr/sbin/rpc.sprayd
-}
-
-# End /etc/xinetd.d/sprayd
-EOF
-cat > /etc/xinetd.d/walld << "EOF" &&
-# Begin /etc/xinetd.d/walld
-
-service walld
-{
- disable = yes
- type = RPC
- rpc_version = 1
- socket_type = dgram
- protocol = udp
- wait = yes
- user = nobody
- group = tty
- server = /usr/sbin/rpc.rwalld
-}
-
-# End /etc/xinetd.d/walld
-EOF
-cat > /etc/xinetd.d/irc << "EOF"
-# Begin /etc/xinetd.d/irc
-
-service irc
-{
- disable = yes
- socket_type = stream
- wait = no
- user = root
- flags = SENSOR
- type = INTERNAL
- bind = 192.168.1.30
- deny_time = 60
-}
-
-# End /etc/xinetd.d/irc
-EOF
-
-
- /etc/xinetd.d/login
-
-
-
- /etc/xinetd.d/shell
-
-
-
- /etc/xinetd.d/exec
-
-
-
- /etc/xinetd.d/comsat
-
-
-
- /etc/xinetd.d/talk
-
-
-
- /etc/xinetd.d/ntalk
-
-
-
- /etc/xinetd.d/telnet
-
-
-
- /etc/xinetd.d/ftp
-
-
-
- /etc/xinetd.d/tftp
-
-
-
- /etc/xinetd.d/systat
-
-
-
- /etc/xinetd.d/finger
-
-
-
- /etc/xinetd.d/netstat
-
-
-
- /etc/xinetd.d/echo
-
-
-
- /etc/xinetd.d/chargen
-
-
-
- /etc/xinetd.d/daytime
-
-
-
- /etc/xinetd.d/time
-
-
-
- /etc/xinetd.d/rstatd
-
-
-
- /etc/xinetd.d/rquotad
-
-
-
- /etc/xinetd.d/ruserd
-
-
-
- /etc/xinetd.d/sprayd
-
-
-
- /etc/xinetd.d/walld
-
-
-
- /etc/xinetd.d/irc
-
-
-
-
-The format of the /etc/xinetd.conf is
-documented in the xinetd.conf.5 man page. Further
-information can be found at .
-
-As the root user, install the
-/etc/rc.d/init.d/xinetd init script included in the
- package.
-
-
- xinetd
-
-
-make install-xinetd
-
-As the root user, use the new boot script to start
-xinetd:
-
-/etc/rc.d/init.d/xinetd start
-
-Checking the /var/log/daemon.log file
-should prove quite entertaining. This file may contain entries
-similar to the following:
-
-Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
-executable [line=29]
-Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
-DISABLING SERVICE [line=29]
-Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
-executable [line=42]
-
-These errors are because most of the servers xinetd
-is trying to control are not installed yet.
-
-
-
-
-
-Contents
-
-
-Installed Programs
-Installed Libraries
-Installed Directories
-
-
-itox, xconv.pl and xinetd
-None
-/etc/xinetd.d/
-
-
-
-
-Short Descriptions
-
-
-
-itox
-is a utility used for converting
-inetd.conf files to
-xinetd.conf format.
-
-itox
-
-
-
-
-xconv.pl
-is a Perl script used for
-converting inetd.conf files to
-xinetd.conf format, similar to
-itox.
-
-xconv.pl
-
-
-
-
-xinetd
-is the Internet services daemon.
-
-xinetd
-
-
-
-
-
-
-
Index: server/server.xml
===================================================================
--- server/server.xml (revision e5243605259981daa416a15a03141f9571623259)
+++ server/server.xml (revision addff0a608cfc6eef335a18b84efac27bcc042fd)
@@ -6,9 +6,11 @@
]>
-
+
-Server Networking
+Servers
+
+