From 505af3c79f7fd4a11e2c33cad7f46b501d810a7e Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Mon, 15 Jan 2018 14:05:47 +0200 Subject: Mention potential issues with SELinux --- INSTALL | 12 ++++++++---- INSTALL-DEV | 11 +++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/INSTALL b/INSTALL index 4a364e4..7588197 100644 --- a/INSTALL +++ b/INSTALL @@ -11,8 +11,14 @@ corresponding steps can be omitted. This user will be used to run the brep package database loader, build database cleaner, and the database schemes migration utility. We will also use its home -directory to build and install the brep module, store its configuration, -etc. We create this user with a disabled password so only root will be able to +directory to build and install the brep module, store its configuration, etc. + +Note: if the deployment machine employs SELinux, then this approach may +require additional configuration steps (not shown) in order to allow Apache2 +access to the module, configuration, and content (or, alternatively, a +different deployment approach). + +We create this user with a disabled password so only root will be able to operate as brep. Because of this restriction we will allow brep to run sudo without a password: @@ -32,8 +38,6 @@ from root, do: a) Install a C++ compiler using your distribution's package. - Also make sure the pkg-config (or one of its replacements) is installed. - b) Install PostgreSQL 9.3 or above (including the contrib package containing the postgres_fdw extension) as well as Apache2 using your distribution's packages. Below are the names of these packages for some distributions: diff --git a/INSTALL-DEV b/INSTALL-DEV index eb74ff8..ed7cb13 100644 --- a/INSTALL-DEV +++ b/INSTALL-DEV @@ -20,8 +20,15 @@ And also for all the directories leading up to brep/, for example, if you have setfacl -m g:www-data:rx ~/ ~/projects -[Note that strictly speaking www-data in the above two commands is the Apache2 -group, not user. However, most installations use the same name for both.] +Note: strictly speaking www-data in the above two commands is the Apache2 +group, not user. However, most installations use the same name for both. + +Note: if the development machine employs SELinux, then this approach may +require additional configuration steps (not shown) in order to allow Apache2 +access to the module, configuration, and content. Alternatively, you may +want to disable the security restrictions for Apache2, for example: + +semanage permissive -a httpd_t 1. Create PostgreSQL User and Databases -- cgit v1.1