Changeset b8214dc6 for server


Ignore:
Timestamp:
10/20/2004 06:55:24 AM (20 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
94b1dc3
Parents:
e16d90ee
Message:

bind-9.3.0 and fsfs for svnserver

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2850 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:
server/other
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • server/other/bind.xml

    re16d90ee rb8214dc6  
    77<!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
    88<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
    9 <!ENTITY bind-size "4.4 MB">
    10 <!ENTITY bind-buildsize "88 MB">
    11 <!ENTITY bind-time "0.89 SBU">
     9<!ENTITY bind-size "4.6 MB">
     10<!ENTITY bind-buildsize "138 MB">
     11<!ENTITY bind-time "0.67 SBU">
    1212
    1313]>
     
    7272<sect3><title>Configuration Information</title>
    7373
    74 <para>We will configure
    75 <application><acronym>BIND</acronym></application> to run in a chroot
    76 jail as an unprivileged user (named). This configuration is more secure
    77 in that a <acronym>DNS</acronym> compromise can only affect a few files
    78 in the named user's <envar>HOME</envar> directory.</para>
    79 
    80 <para>First we create the unprivileged user and group named:</para>
     74<para><application><acronym>BIND</acronym></application> will configured
     75to run in a chroot jail as an unprivileged user (named). This configuration
     76is more secure in that a <acronym>DNS</acronym> compromise can only affect
     77a few files in the named user's <envar>HOME</envar> directory.</para>
     78
     79<para>Create the unprivileged user and group named:</para>
    8180
    8281<screen><userinput><command>groupadd named &amp;&amp;
    8382useradd -m -g named -s /bin/false named</command></userinput></screen>
    8483
    85 <para>Then we set up some files, directories and devices needed by
     84<para>Set up some files, directories and devices needed by
    8685<application><acronym>BIND</acronym></application>:</para>
    8786
     
    9493cp /etc/localtime /home/named/etc</command></userinput></screen>
    9594
     95<para>Then, generate a key for use in the <filename>named.conf</filename>
     96and <filename>rdnc.conf</filename> files using the
     97<command>rndc-confgen</command> command:</para>
     98
     99<screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
     100
    96101<para>Create the <filename>named.conf</filename> file from which named
    97102will read the location of zone files, root name servers and secure
     
    110115 key "rndc_key" {
    111116     algorithm hmac-md5;
    112      secret "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
     117     secret "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
    113118 };
    114119 zone "." {
     
    121126 };
    122127<command>EOF</command></userinput></screen>
     128
     129<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
     130                                                                                                                     
     131<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
     132key rndc_key {
     133algorithm "hmac-md5";
     134    secret
     135    "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
     136    };
     137options {
     138    default-server localhost;
     139    default-key    rndc_key;
     140};
     141<command>EOF</command></userinput></screen>
     142                                                                                                                     
     143<para>The <filename>rndc.conf</filename> file contains information for
     144controlling named operations with the <command>rndc</command>
     145utility.</para>
    123146
    124147<para>Create a zone file with the following contents:</para>
     
    177200details.</para>
    178201
    179 <para>Create the <filename>rndc.conf</filename> with the following commands:</para>
    180 
    181 <screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
    182 key rndc_key {
    183 algorithm "hmac-md5";
    184     secret
    185     "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
    186     };
    187 options {
    188     default-server localhost;
    189     default-key    rndc_key;
    190 };
    191 <command>EOF</command></userinput></screen>
    192 
    193 <para>The <filename>rndc.conf</filename> file contains information for
    194 controlling named operations with the <command>rndc</command>
    195 utility.</para>
    196 
    197202<para>Create or modify <filename>resolv.conf</filename> to use the new
    198203name server with the following commands:</para>

  • server/other/svnserver.xml

    re16d90ee rb8214dc6  
    8383<sect3><title>2. Create a <application>Subversion</application>
    8484repository.</title>
     85
     86<para>With subversion-1.1.0 and greater, a new type of repository
     87data-store is availible, <acronym>FSFS</acronym>.  There is a tradeoff
     88for speed with the new backend, however, the repository can now be
     89placed on a network mount, and any corruption does not require an
     90admin to recover the repository.  For more information and comparison
     91between <acronym>FSFS</acronym> and <acronym>BDB</acronym>, plese see
     92<ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>.
     93Optionally you can pass <parameter>bdb</parameter> in place of
     94<parameter>fsfs</parameter> in the following command to create a
     95BerkelyDB data-store.</para>
     96
    8597<para>Create a new <application>Subversion</application> repository with
    8698the following commands:</para>
     
    88100<screen><userinput><command>install -d -m0755 /srv &amp;&amp;
    89101install -d -m0755 -o svn -g svn /srv/svn/repositories &amp;&amp;
    90 svnadmin create /srv/svn/repositories/svntest</command></userinput></screen>
     102svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen>
    91103
    92104<para>Now that the repository is created, we need to populate it with
     
    209221<command>EOF</command></userinput></screen>
    210222
    211 <para>Finally, if you wish to simply start the sever in daemon mode at
     223<para>Finally, if you wish to simply start the sever at
    212224startup, install the svn bootscript included in the
    213225<xref linkend="intro-important-bootscripts"/> package.</para>
Note: See TracChangeset for help on using the changeset viewer.