| |
39 |
39 |
want her to have any ability to do damage to the rest of your |
| |
40 |
40 |
server.</para> |
| |
41 |
41 |
<para>At the same time, AOLserver needs to have write access to |
| |
42 |
42 |
some files on your system in order for OpenACS to function |
| |
43 |
43 |
properly. So, we'll run AOLserver with a different user account |
| |
44 |
44 |
for each different service. A service name should be a single |
| |
45 |
45 |
word, <emphasis>letters and numbers only</emphasis>. If the name |
| |
46 |
46 |
of your site is one word, that would be a good choice. For |
| |
47 |
47 |
example "<replaceable>service0</replaceable>" might be the service name for the |
| |
48 |
48 |
<ulink url="http://service0.net/"><replaceable>service0</replaceable>.net</ulink> |
| |
49 |
49 |
community.</para> |
| |
50 |
50 |
<para>We'll leave the password blank, which prevents login by |
| |
51 |
51 |
password, for increased security. The only way to log in will |
| |
52 |
52 |
be with ssh certificates. The only people who should log in are |
| |
53 |
53 |
developers for that specific instance. Add this user, and put |
| |
54 |
54 |
it in the <computeroutput><replaceable>service0</replaceable></computeroutput> group so that it |
| |
55 |
55 |
can use database and server commands associated with that group. |
| |
56 |
56 |
</para> |
| |
57 |
57 |
|
| |
58 |
58 |
<screen>[root root]# <userinput>groupadd <replaceable>web</replaceable></userinput> |
| |
|
59 |
[root root]# <userinput>groupadd <replaceable>service0</replaceable></userinput> |
| |
59 |
60 |
[root root]# <userinput>useradd -g <replaceable>service0</replaceable> -G web <replaceable>service0</replaceable> -d /home/<replaceable>service0</replaceable></userinput> |
| |
60 |
61 |
[root root]#</screen> |
| |
61 |
62 |
</sect2> |
| |
62 |
63 |
|
| |
63 |
64 |
<sect2 id="install-with-script"> |
| |
64 |
65 |
<title>Install with automated script (EXPERIMENTAL)</title> |
| |
65 |
66 |
<para>Starting with OpenACS 5.0, an experimental script is |
| |
66 |
67 |
available to automate all of the steps for the rest of this |
| |
67 |
68 |
section. Requires <link linkend="install-tclwebtest">tclwebtest</link>. If you are not feeling lucky, skip to <xref |
| |
68 |
69 |
linkend="install-from-tarball"/>.</para> |
| |
69 |
70 |
<para>Get the install script from CVS. It is located within |
| |
70 |
71 |
the main cvs tree, at /etc/install. Use anonymous CVS |
| |
71 |
72 |
checkout to get that directory in the home directory of the |
| |
72 |
73 |
service's dedicated user. We put it there so that it is not |
| |
73 |
74 |
overwritten when we do the main CVS checkout to the target |
| |
74 |
75 |
location.</para> |
| |
75 |
76 |
<screen>[root root]# <userinput>su - <replaceable>service0</replaceable></userinput> |
| |
76 |
77 |
[service0 service0]$ <userinput>cvs -d :pserver:anonymous@openacs.org:/cvsroot co -d install openacs-4/etc/install</userinput> |
| |
77 |
78 |
cvs server: Updating install |
| |
78 |
79 |
U install/README |
