Changeset 2298


Ignore:
Timestamp:
Aug 16, 2012, 10:46:28 AM (9 years ago)
Author:
ezyang
Message:
More updates from Wizard install.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/doc/install-howto.sh

    r2246 r2298  
    316316python host.py push $server
    317317
    318 # This is superseded by credit-card, but only for [PRODUCTION]
    319 # Don't use credit-card on [WIZARD]: it will put in the wrong creds!
     318# This is superseded by credit-card, which works for [PRODUCTION] and
     319# [WIZARD].  We don't have an easy way of running credit-card for XVM...
    320320#
    321321#   # All types of servers will have an /etc/daemon.keytab file, however,
     
    384384
    385385# Check for unwanted setuid/setgid binaries
    386     find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list
     386    find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list
     387    find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list
     388    # You can prune binaries using 'chmod u-s' and 'chmod g-s'
    387389
    388390# Fix etc by making sure none of our config files got overwritten
     
    425427#   - We don't serve the web, so don't bind scripts.mit.edu
    426428#   - We don't serve LDAP, so use another server
     429# XXX: Someone should write sed scripts to do this
    427430# This involves editing the following files:
    428431        \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
     
    442445#       with: server_host = ldap://scripts.mit.edu
    443446# to use scripts.mit.edu instead of localhost.
    444 # XXX: someone should write sed scripts to do this
    445447
    446448# [WIZARD/TESTSERVER] If you are setting up a non-production server,
     
    449451    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    450452
    451 # [TESTERVER]
     453# [TESTSERVER]
    452454#   - You need a self-signed SSL cert or Apache will refuse to start
    453455#     or do SSL.  Generate with:
Note: See TracChangeset for help on using the changeset viewer.