diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2007-11-10 08:15:29 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2007-11-10 08:15:29 +0000 |
| commit | 0b56cd4bfcc4a8f0da1df90de4dd9ac34c27a1cd (patch) | |
| tree | ae2dcf4f5b15f4cab2628a486ced212191d702f2 /README | |
| parent | Add scripts for running updates as cronjobs. (diff) | |
| download | packages-3-0b56cd4bfcc4a8f0da1df90de4dd9ac34c27a1cd.tar.gz packages-3-0b56cd4bfcc4a8f0da1df90de4dd9ac34c27a1cd.tar.bz2 packages-3-0b56cd4bfcc4a8f0da1df90de4dd9ac34c27a1cd.zip | |
Document privileges seps.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 45 |
1 files changed, 37 insertions, 8 deletions
@@ -52,10 +52,14 @@ APPROOT = the directory you checked out of Git 0) Add the following to your /etc/portage/package.keywords: =dev-python/genshi-0.4* =dev-python/cherrypy-3.0* + dev-python/dbutils + dev-python/formencode -1) emerge cherrypy genshi pysqlite +1) emerge cherrypy genshi dbutils formencode -2) 'cp etc/database_config.py{.example,}'. +2) emerge pysqlite || emerge mysql-python + +3) 'cp etc/database_config.py{.example,}'. Edit 'etc/database_config.py' If you want to use SQLite, set mode='sqlite' and choose a path for the file. @@ -63,15 +67,40 @@ APPROOT = the directory you checked out of Git If you are lazy, you can use a single MySQL user, but you should seperate RW and RO users for security! -3) Generate the initial database: - cd $APPROOT/dbgenerator && \ - time CONFIG_ROOT=.. PYTHONPATH=.. python core.py +4) 'cp etc/make.conf{.example,}'. + Edit 'etc/make.conf' + If you want a copy of the tree in a specific location, set + it here. + +5) Generate the initial database: + cd $APPROOT && \ + time /bin/sh ./run-update.sh -4) start CherryPy standalone: +6) start CherryPy standalone: cd $APPROOT && PYTHONPATH=. python web/controller.py this should give you something like - "HTTP Serving HTTP on http://0.0.0.0:8080/" + "HTTP Serving HTTP on http://0.0.0.0:8081/" -5) now point a webbrowser at http://localhost:8080/ +7) now point a webbrowser at http://localhost:8081/ and you should see the packages.gentoo.org site + +PRIVILEGE SEPARATION +==================== +You can run packages2 with privileges seperated to enhance security. +1. You should have the following users: +webuser (eg: apache, lighttpd) +pkguser (eg: gpackages) +realuser (eg: bob) + +2. You should have the following groups: +pkggroup (eg: gpackages) + +3. Place all 3 users into the group. + +4. chown -R realuser:pkggroup $APPROOT + +5. chown -R pkguser:pkggroup $PORTDIR +(the PORTDIR in packages2 etc/make.conf!) + +6. chmod o-rwx,g+rX $APPROOT $PORTDIR |