aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2018-01-15 14:05:47 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2018-01-15 14:05:47 +0200
commit505af3c79f7fd4a11e2c33cad7f46b501d810a7e (patch)
tree3878d26984e71aba925c9fd7093c357494fb619f
parentbfec6fffb4acd9673ecf066a0e4f1b4baf2dd831 (diff)
Mention potential issues with SELinux
-rw-r--r--INSTALL12
-rw-r--r--INSTALL-DEV11
2 files changed, 17 insertions, 6 deletions
diff --git a/INSTALL b/INSTALL
index 4a364e4..7588197 100644
--- a/INSTALL
+++ b/INSTALL
@@ -11,8 +11,14 @@ corresponding steps can be omitted.
This user will be used to run the brep package database loader, build database
cleaner, and the database schemes migration utility. We will also use its home
-directory to build and install the brep module, store its configuration,
-etc. We create this user with a disabled password so only root will be able to
+directory to build and install the brep module, store its configuration, etc.
+
+Note: if the deployment machine employs SELinux, then this approach may
+require additional configuration steps (not shown) in order to allow Apache2
+access to the module, configuration, and content (or, alternatively, a
+different deployment approach).
+
+We create this user with a disabled password so only root will be able to
operate as brep. Because of this restriction we will allow brep to run sudo
without a password:
@@ -32,8 +38,6 @@ from root, do:
a) Install a C++ compiler using your distribution's package.
- Also make sure the pkg-config (or one of its replacements) is installed.
-
b) Install PostgreSQL 9.3 or above (including the contrib package containing
the postgres_fdw extension) as well as Apache2 using your distribution's
packages. Below are the names of these packages for some distributions:
diff --git a/INSTALL-DEV b/INSTALL-DEV
index eb74ff8..ed7cb13 100644
--- a/INSTALL-DEV
+++ b/INSTALL-DEV
@@ -20,8 +20,15 @@ And also for all the directories leading up to brep/, for example, if you have
setfacl -m g:www-data:rx ~/ ~/projects
-[Note that strictly speaking www-data in the above two commands is the Apache2
-group, not user. However, most installations use the same name for both.]
+Note: strictly speaking www-data in the above two commands is the Apache2
+group, not user. However, most installations use the same name for both.
+
+Note: if the development machine employs SELinux, then this approach may
+require additional configuration steps (not shown) in order to allow Apache2
+access to the module, configuration, and content. Alternatively, you may
+want to disable the security restrictions for Apache2, for example:
+
+semanage permissive -a httpd_t
1. Create PostgreSQL User and Databases