Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/aolserver4.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/aolserver4.xml,v
diff -u -N -r1.19 -r1.20
--- openacs-4/packages/acs-core-docs/www/xml/install-guide/aolserver4.xml	29 Oct 2004 17:46:08 -0000	1.19
+++ openacs-4/packages/acs-core-docs/www/xml/install-guide/aolserver4.xml	29 Oct 2004 21:45:52 -0000	1.20
@@ -160,6 +160,15 @@
 	  communicate with the database.  There is one script each for
 	  Oracle and PostgreSQL.  They don't conflict, so if you plan
 	  to use both databases, install both.</para>
+
+    <para>
+      Note that this section requires you to have the OpenACS, which
+      you can get through CVS, through a tarball, or by other
+      means. You can come back to this section after you acquire the
+      OpenACS code, but don't forget to come back. (Note to
+      maintainers: this should be moved to the next page and
+      integrated into the text there)
+    </para>
       </formalpara>
       <itemizedlist>
             <listitem>
Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml,v
diff -u -N -r1.20 -r1.21
--- openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml	12 Jul 2004 14:49:47 -0000	1.20
+++ openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml	29 Oct 2004 21:45:53 -0000	1.21
@@ -571,6 +571,11 @@
           <listitem>
             <para>It takes two files to support an SSL connection.  The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl.  The key is the private half of the key pair.  In addition, the certificate must be signed by Certificate Authority or browsers will protest.  Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys.  Only a site certificate signed by a known and approved CA will work smoothly.  Any other certificate will cause browsers to produce some messages or block the site.  Unfortunately, getting a site certificate signed by a CA costs money.  In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.</para>
             <para>Use an OpenSSL perl script to generate a certificate and key.</para>
+
+        <para>
+          Debian users: use /usr/lib/ssl/misc/CA.pl instead of /usr/share/ssl/CA
+        </para>
+
             <screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>cd /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/certs</userinput>
 [$OPENACS_SERVICE_NAME certs]$ <userinput>perl /usr/share/ssl/misc/CA -newcert</userinput>
 Using configuration from /usr/share/ssl/openssl.cnf
Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml,v
diff -u -N -r1.23 -r1.24
--- openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml	10 Sep 2004 16:40:52 -0000	1.23
+++ openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml	29 Oct 2004 21:45:53 -0000	1.24
@@ -11,23 +11,6 @@
     <para>by <ulink url="mailto:vinod@kurup.com">Vinod Kurup</ulink></para>
   </authorblurb>
 
-  <sect2 id="openacs-setup">
-    <title>Set up the file system for one or more OpenACS Sites</title>
-    <para>For Linux Standard Base compliance and ease of backup,
-      all of the files in each OpenACS site are stored in a
-      subdirectory of
-      <computeroutput>/var/lib/aolserver</computeroutput>, one
-      subdirectory per site.  The first time you install an OpenACS
-      site on a server, you must create the parent directory and set its permissions:</para>
-    <screen>[root root]# <userinput>mkdir /var/lib/aolserver</userinput>
-[root root]# <userinput>chgrp web /var/lib/aolserver</userinput>
-[root root]# <userinput>chmod 770 /var/lib/aolserver</userinput>
-[root root]#
-<action>mkdir /var/lib/aolserver
-chgrp web /var/lib/aolserver
-chmod 770 /var/lib/aolserver</action></screen>
-
-  </sect2>
   <sect2 id="install-aolserver-user-accounts">
     <title>Set up a user account for each site.</title>
     <para>
@@ -61,7 +44,39 @@
 <screen>
 [root root]# <userinput>useradd <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
 </screen>
+
+    <para>You also need to set up a group called web.<para>
+      <screen>
+[root root]# <userinput>groupadd web</userinput>
+      </screen>
+
+    <para>
+      Then change the user to be a part of this group:
+    </para>
+
+      <screen>
+[root root]# <userinput>usermod -g web <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
+      </screen>
+
   </sect2>
+
+  <sect2 id="openacs-setup">
+    <title>Set up the file system for one or more OpenACS Sites</title>
+    <para>For Linux Standard Base compliance and ease of backup,
+      all of the files in each OpenACS site are stored in a
+      subdirectory of
+      <computeroutput>/var/lib/aolserver</computeroutput>, one
+      subdirectory per site.  The first time you install an OpenACS
+      site on a server, you must create the parent directory and set its permissions:</para>
+    <screen>[root root]# <userinput>mkdir /var/lib/aolserver</userinput>
+[root root]# <userinput>chgrp web /var/lib/aolserver</userinput>
+[root root]# <userinput>chmod 770 /var/lib/aolserver</userinput>
+[root root]#
+<action>mkdir /var/lib/aolserver
+chgrp web /var/lib/aolserver
+chmod 770 /var/lib/aolserver</action></screen>
+
+  </sect2>
   
   <sect2 id="install-with-script">
     <title>Installation Option 1: Use automated script</title>