- Timestamp:
- Aug 16, 2012, 10:46:28 AM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/doc/install-howto.sh
r2246 r2298 316 316 python host.py push $server 317 317 318 # This is superseded by credit-card, but only for [PRODUCTION]319 # Don't use credit-card on [WIZARD]: it will put in the wrong creds!318 # This is superseded by credit-card, which works for [PRODUCTION] and 319 # [WIZARD]. We don't have an easy way of running credit-card for XVM... 320 320 # 321 321 # # All types of servers will have an /etc/daemon.keytab file, however, … … 384 384 385 385 # Check for unwanted setuid/setgid binaries 386 find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list 386 find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list 387 find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list 388 # You can prune binaries using 'chmod u-s' and 'chmod g-s' 387 389 388 390 # Fix etc by making sure none of our config files got overwritten … … 425 427 # - We don't serve the web, so don't bind scripts.mit.edu 426 428 # - We don't serve LDAP, so use another server 429 # XXX: Someone should write sed scripts to do this 427 430 # This involves editing the following files: 428 431 \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3} … … 442 445 # with: server_host = ldap://scripts.mit.edu 443 446 # to use scripts.mit.edu instead of localhost. 444 # XXX: someone should write sed scripts to do this445 447 446 448 # [WIZARD/TESTSERVER] If you are setting up a non-production server, … … 449 451 vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu 450 452 451 # [TEST ERVER]453 # [TESTSERVER] 452 454 # - You need a self-signed SSL cert or Apache will refuse to start 453 455 # or do SSL. Generate with:
Note: See TracChangeset
for help on using the changeset viewer.