Server Guide

What went into making acm.pct.edu operational.

FIXME

stuff_done.evan

Before Sun Oct 30th, 2005:
   * Playing around in sshd_config, nssswitch.conf, and anywhere else that
     relates to PAM/SSH/NSS
   * Rebuilt libpam-ncp with some debug information and installed the resulting
     deb package
   * Installed libnss-ncp (by hand, will do deb later) ls /usr/lib/libnss-ncp*

Sun Oct 30th, 2005:
   * Added BOFH excuses fortune.  Not that funny, might remove.
   * apt-get installed apache2 php5 (Not configured yet)
   * Put all my garbage in ~/evan/
   * Installed phpmyadmin (working)
   * Installed cacti, created a mysql user and db for it.  Still need to put the
     cron stuff in (I think)
   * Installed viewcvs.  Not configured yet.  Waiting for subdomain/firefox
     access.
   * Fleshed out the basic code for the AUP command then put it in /etc/profile.
   * Rough configuration of viewcvs

Mon Oct 31st, 2005:
   * More work on /usr/local/bin/aup and /etc/profile.

Thu Nov 3rd, 2005:
   * Some work on ldap useradd done.

Sat Nov 5th, 2005:
   * Inital setup of ldap authenticated Subversion over WebDAV.  It works, still
     need to figure out exactly how we want to layout the svn directory
     structure and what filesystem backend to use.  Subversion does not
     maintain file permissions.

Sun Nov 6th, 2005:
   * Finished ldap useradd.  It's /usr/local/bin/ldap-auth.py and
     /usr/local/bin/caller, where caller is adduser's shell and executes
     ldap-auth.py.  From there it executes /usr/local/bin/loginscript with
     username and password as the arguments, respectively.
   * Added aup alias in /etc/profile.
   * Added a temporary fix to the ldap-auth script's problem of creating users
     too slowly, and thus, ssh not finding the user when they relogin quickly.
   * Working on authz-svn.  /etc/apache2/conf.d/authzsvn.conf is the authz rules
     and /etc/apache2/mods-enabled/davsvn.conf has the rest.
   * Loginscript is broken.  Incorporate it into a function in the account
     creation script since we only need to run it once anyway.  Someone correct
     me if I'm wrong.
   * Some work on mailman.  It seems to recieve just fine, but doesn't send.
   * Subversion fully works, directory-level permissions, ldap auth, and all.
   * Planet works, just not with Atom apparently (currently).

Mon Nov 7th, 2005:
   * Incorporate loginscript into account creation script (see above).
   * Get mailman working.  Amish did this.  It was as simple as starting
     mailman.
   * Planet works with Atom.  I added Toby's feed.

Tue Nov 8th, 2005:
   * Email list about tomorrow's meeting, python materials, and server details.
   * Safe Mode is enabled in the PHP config.
   * Secure archive with mod_ldap.
   * Disabled ctrlaltdel in /etc/inittab.  Not sure if it will do anything.
   * Installed irssi-scripts

Wed Nov 9th, 2005:
   * chown www-data:webteam /var/www -R && chmod 2750 /var/www
   * Added keyand57 and rusmic67 to webteam group.

Thu Nov 10th, 2005:
   * Added alias in Apache for Mailman archives.
   * Added category support to PlanetPlanet.  See blog post.

Fri Nov 11th, 2005:
   * Added alias for webteam and treasurer.
   * Roundcube webmail is running in /webmail/.  Needs LDAP address book
     support, but waiting on the developers for that.  Needs to foward to SSL.
   * Supybot up with RSS feed plugin and partially working ET plugin.

Sat Nov 12th, 2005:
   * Brandon added the cacti subdomain and I turned PHP safe mode off on it to
     fix cacti.
   * Installed ntp-server.
   * SVN-Admin link in ViewCVS now points to serverteam@pclug.
   * Patched ldap-auth.py to ignore Ctrl-C and exit on a blank username or
     password.
   * Made a 'using the shell' tutorial with pyvnc2swf.

Wed Nov 11th, 2005:
   * Set up website in Subversion.  See blog post for details.

TODO:
   * Have account creation script create the history file in /home/history and
     make it append only (chatter a).
   * Remove ubuntu symlink, make mirror symlink.
   * Go to lab, make VNC SWF guide to ssh.
   * Rollback in creation script through perror.
   * Mail serverteam on failure and success.
   * Mailman archives.  Searchable.
   * Robert's sticky bit.  Check umask config.  There should be an option for
     preserve sticky.
   * Jive Messenger.
   * Email JC again.
   * Initatives page.
   * executiveboard ML, contains president@, vp@, sgorka@,jrmiller3@, etc

NOTES:
   * Do not mount /tmp noexec.  It will break apt.  It also apparently does
     little to protect against programs running from /tmp.
   * Make security-conference and lanparty lists.
 
server/guide.txt · Last modified: 2007/08/24 18:44 by penbra67
Recent changes RSS feed