Skip to content

bugzilla
bugzilla
Commit 4294a4f4 authored by barnboy%trilobyte.net's avatar barnboy%trilobyte.net
Browse files
Options

Added .htaccess files for shadow/, data/, and /.

I added related information to the Bugzilla Guide, and tacked in a couple of last-minute additions. Also fixed the annoying "Tip: HINT:" thing.
parent a5fb063d
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 577 additions and 97 deletions
.htaccess 0 → 100644
View file @ 4294a4f4
<Files globals.pl>
deny from all
</Files>
<Files localconfig>
deny from all
</Files>
allow from all
docs/html/gfdl.html
View file @ 4294a4f4
......@@ -141,7 +141,7 @@ HREF="gfdl_howto.html"
><P
>Version 1.1, March 2000</P
><A
NAME="AEN2019"
NAME="AEN2042"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
......
docs/html/gfdl_howto.html
View file @ 4294a4f4
......@@ -78,7 +78,7 @@ NAME="GFDL_HOWTO"
a copy of the License in the document and put the following
copyright and license notices just after the title page:</P
><A
NAME="AEN2109"
NAME="AEN2132"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
......
docs/html/glossary.html
View file @ 4294a4f4
......@@ -163,7 +163,7 @@ NAME="GLOSS_P"
><DIV
CLASS="EXAMPLE"
><A
NAME="AEN2145"
NAME="AEN2168"
></A
><P
><B
......
docs/html/how.html
View file @ 4294a4f4
......@@ -344,7 +344,7 @@ TYPE="1"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN1095"
NAME="AEN1112"
></A
><P
><B
......@@ -353,7 +353,7 @@ NAME="AEN1095"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN1097"
NAME="AEN1114"
></A
><P
></P
......@@ -405,7 +405,7 @@ NAME="AEN1097"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN1105"
NAME="AEN1122"
></A
><P
><B
......@@ -414,7 +414,7 @@ NAME="AEN1105"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN1107"
NAME="AEN1124"
></A
><P
></P
......
docs/html/index.html
View file @ 4294a4f4
......@@ -309,37 +309,37 @@ HREF="readme.unix.html#AEN334"
></DT
><DT
>2.1.2.14. <A
HREF="readme.unix.html#AEN343"
HREF="readme.unix.html#AEN347"
>Setting Up the MySQL Database</A
></DT
><DT
>2.1.2.15. <A
HREF="readme.unix.html#AEN379"
HREF="readme.unix.html#AEN383"
>Tweaking "localconfig"</A
></DT
><DT
>2.1.2.16. <A
HREF="readme.unix.html#AEN401"
>Setting Up Maintainers Manuall (Optional)</A
HREF="readme.unix.html#AEN410"
>Setting Up Maintainers Manually (Optional)</A
></DT
><DT
>2.1.2.17. <A
HREF="readme.unix.html#AEN410"
HREF="readme.unix.html#AEN419"
>The Whining Cron (Optional)</A
></DT
><DT
>2.1.2.18. <A
HREF="readme.unix.html#AEN417"
HREF="readme.unix.html#AEN426"
>Bug Graphs (Optional)</A
></DT
><DT
>2.1.2.19. <A
HREF="readme.unix.html#AEN429"
HREF="readme.unix.html#AEN438"
>Securing MySQL</A
></DT
><DT
>2.1.2.20. <A
HREF="readme.unix.html#AEN495"
HREF="readme.unix.html#AEN504"
>Installation General Notes</A
></DT
></DL
......@@ -809,57 +809,67 @@ CLASS="LOT"
></DT
><DT
>2-1. <A
HREF="readme.windows.html#AEN646"
HREF="readme.unix.html#AEN341"
>Setting up bonsaitools symlink</A
></DT
><DT
>2-2. <A
HREF="readme.unix.html#AEN403"
>Running checksetup.pl as the web user</A
></DT
><DT
>2-3. <A
HREF="readme.windows.html#AEN655"
>Removing encrypt() for Windows NT installations</A
></DT
><DT
>3-1. <A
HREF="programadmin.html#AEN838"
HREF="programadmin.html#AEN850"
>Creating some Components</A
></DT
><DT
>3-2. <A
HREF="programadmin.html#AEN867"
HREF="programadmin.html#AEN879"
>Common Use of Versions</A
></DT
><DT
>3-3. <A
HREF="programadmin.html#AEN871"
HREF="programadmin.html#AEN883"
>A Different Use of Versions</A
></DT
><DT
>3-4. <A
HREF="programadmin.html#AEN899"
HREF="programadmin.html#AEN911"
>Using SortKey with Target Milestone</A
></DT
><DT
>3-5. <A
HREF="programadmin.html#AEN937"
HREF="programadmin.html#AEN949"
>When to Use Group Security</A
></DT
><DT
>3-6. <A
HREF="programadmin.html#AEN954"
HREF="programadmin.html#AEN966"
>Creating a New Group</A
></DT
><DT
>4-1. <A
HREF="how.html#AEN1095"
HREF="how.html#AEN1112"
>Some Famous Software Versions</A
></DT
><DT
>4-2. <A
HREF="how.html#AEN1105"
HREF="how.html#AEN1122"
>Mozilla Webtools Components</A
></DT
><DT
>D-1. <A
HREF="setperl.html#AEN1963"
HREF="setperl.html#AEN1986"
>Using Setperl to set your perl path</A
></DT
><DT
>1. <A
HREF="glossary.html#AEN2145"
HREF="glossary.html#AEN2168"
>A Sample Product</A
></DT
></DL
......
docs/html/installation.html
View file @ 4294a4f4
......@@ -162,54 +162,54 @@ HREF="readme.unix.html#AEN334"
></DT
><DT
>2.1.2.14. <A
HREF="readme.unix.html#AEN343"
HREF="readme.unix.html#AEN347"
>Setting Up the MySQL Database</A
></DT
><DT
>2.1.2.15. <A
HREF="readme.unix.html#AEN379"
HREF="readme.unix.html#AEN383"
>Tweaking "localconfig"</A
></DT
><DT
>2.1.2.16. <A
HREF="readme.unix.html#AEN401"
>Setting Up Maintainers Manuall (Optional)</A
HREF="readme.unix.html#AEN410"
>Setting Up Maintainers Manually (Optional)</A
></DT
><DT
>2.1.2.17. <A
HREF="readme.unix.html#AEN410"
HREF="readme.unix.html#AEN419"
>The Whining Cron (Optional)</A
></DT
><DT
>2.1.2.18. <A
HREF="readme.unix.html#AEN417"
HREF="readme.unix.html#AEN426"
>Bug Graphs (Optional)</A
></DT
><DT
>2.1.2.19. <A
HREF="readme.unix.html#AEN429"
HREF="readme.unix.html#AEN438"
>Securing MySQL</A
></DT
><DT
>2.1.2.20. <A
HREF="readme.unix.html#AEN495"
HREF="readme.unix.html#AEN504"
>Installation General Notes</A
></DT
><DD
><DL
><DT
>2.1.2.20.1. <A
HREF="readme.unix.html#AEN497"
HREF="readme.unix.html#AEN506"
>Modifying Your Running System</A
></DT
><DT
>2.1.2.20.2. <A
HREF="readme.unix.html#AEN502"
HREF="readme.unix.html#AEN511"
>Upgrading From Previous Versions</A
></DT
><DT
>2.1.2.20.3. <A
HREF="readme.unix.html#AEN505"
HREF="readme.unix.html#AEN514"
>UNIX Installation Instructions History</A
></DT
></DL
......
docs/html/programadmin.html
View file @ 4294a4f4
......@@ -194,7 +194,7 @@ NAME="COMPONENTS"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN838"
NAME="AEN850"
></A
><P
><B
......@@ -203,7 +203,7 @@ NAME="AEN838"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN840"
NAME="AEN852"
></A
><P
></P
......@@ -324,7 +324,7 @@ NAME="VERSIONS"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN867"
NAME="AEN879"
></A
><P
><B
......@@ -333,7 +333,7 @@ NAME="AEN867"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN869"
NAME="AEN881"
></A
><P
></P
......@@ -354,7 +354,7 @@ NAME="AEN869"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN871"
NAME="AEN883"
></A
><P
><B
......@@ -363,7 +363,7 @@ NAME="AEN871"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN873"
NAME="AEN885"
></A
><P
></P
......@@ -472,7 +472,7 @@ TYPE="1"
><DIV
CLASS="EXAMPLE"
><A
NAME="AEN899"
NAME="AEN911"
></A
><P
><B
......@@ -481,7 +481,7 @@ NAME="AEN899"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN901"
NAME="AEN913"
></A
><P
></P
......@@ -645,7 +645,7 @@ NAME="GROUPS"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN937"
NAME="AEN949"
></A
><P
><B
......@@ -654,7 +654,7 @@ NAME="AEN937"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN939"
NAME="AEN951"
></A
><P
></P
......@@ -747,7 +747,7 @@ TYPE="1"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN954"
NAME="AEN966"
></A
><P
><B
......@@ -756,7 +756,7 @@ NAME="AEN954"
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN956"
NAME="AEN968"
></A
><P
></P
......
docs/html/readme.unix.html
View file @ 4294a4f4
......@@ -851,7 +851,7 @@ CLASS="TIP"
><P
><B
>Tip: </B
> HINT: If you symlink the bugzilla directory into your Apache's
> If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the &#60;Directory&#62; entry
for the HTML root.
......@@ -866,12 +866,45 @@ CLASS="TIP"
installation.
</P
><P
> Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
to the correct location of your perl executable (probably /usr/bin/perl).
> Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN341"
></A
><P
><B
>Example 2-1. Setting up bonsaitools symlink</B
></P
><P
> Here's how you set up the Perl symlink on Linux to make Bugzilla work.
Your mileage may vary; if you are running on Solaris, you probably need to subsitute
"/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
Perl may live in weird places like "/opt/perl". As root, run these commands:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>bash# mkdir /usr/bonsaitools
bash# mkdir /usr/bonsaitools/bin
bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
</PRE
></TD
></TR
></TABLE
>
</P
></DIV
>
<DIV
CLASS="TIP"
><BLOCKQUOTE
CLASS="TIP"
......@@ -893,7 +926,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN343"
NAME="AEN347"
>2.1.2.14. Setting Up the MySQL Database</A
></H3
><P
......@@ -1079,7 +1112,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN379"
NAME="AEN383"
>2.1.2.15. Tweaking "localconfig"</A
></H3
><P
......@@ -1146,11 +1179,47 @@ CLASS="NOTE"
><P
><B
>Note: </B
> The second time you run checksetup.pl, it is recommended you be the same
user as your web server runs under, and that you be sure you have set the
> The second time you run checksetup.pl, you should become the
user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
name, if any. Under some systems, otherwise, checksetup.pl will goof up
your file permissions and make them unreadable to your web server.
name, if any. I believe, for the next release of Bugzilla, this will
be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
as well.
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN403"
></A
><P
><B
>Example 2-2. Running checksetup.pl as the web user</B
></P
><P
> Assuming your web server runs as user "apache", and Bugzilla is installed in
"/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
As root, for the <EM
>second run</EM
> of checksetup.pl, do this:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>bash# chown -R apache:apache /usr/local/bugzilla
bash# su - apache
bash# cd /usr/local/bugzilla
bash# ./checksetup.pl
</PRE
></TD
></TR
></TABLE
>
</P
></DIV
>
</P
></BLOCKQUOTE
></DIV
......@@ -1174,8 +1243,8 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN401"
>2.1.2.16. Setting Up Maintainers Manuall (Optional)</A
NAME="AEN410"
>2.1.2.16. Setting Up Maintainers Manually (Optional)</A
></H3
><P
> If you want to add someone else to every group by hand, you can do it
......@@ -1220,7 +1289,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN410"
NAME="AEN419"
>2.1.2.17. The Whining Cron (Optional)</A
></H3
><P
......@@ -1258,7 +1327,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN417"
NAME="AEN426"
>2.1.2.18. Bug Graphs (Optional)</A
></H3
><P
......@@ -1313,7 +1382,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN429"
NAME="AEN438"
>2.1.2.19. Securing MySQL</A
></H3
><P
......@@ -1591,7 +1660,7 @@ CLASS="SECTION"
><H3
CLASS="SECTION"
><A
NAME="AEN495"
NAME="AEN504"
>2.1.2.20. Installation General Notes</A
></H3
><DIV
......@@ -1599,7 +1668,7 @@ CLASS="SECTION"
><H4
CLASS="SECTION"
><A
NAME="AEN497"
NAME="AEN506"
>2.1.2.20.1. Modifying Your Running System</A
></H4
><P
......@@ -1626,7 +1695,7 @@ CLASS="SECTION"
><H4
CLASS="SECTION"
><A
NAME="AEN502"
NAME="AEN511"
>2.1.2.20.2. Upgrading From Previous Versions</A
></H4
><P
......@@ -1642,7 +1711,7 @@ CLASS="SECTION"
><H4
CLASS="SECTION"
><A
NAME="AEN505"
NAME="AEN514"
>2.1.2.20.3. UNIX Installation Instructions History</A
></H4
><P
......
docs/html/readme.windows.html
View file @ 4294a4f4
......@@ -510,7 +510,7 @@ CLASS="TIP"
>Tip: </B
> From Andrew Pearson:
<A
NAME="AEN624"
NAME="AEN633"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
......@@ -557,7 +557,7 @@ CLASS="TIP"
>Tip: </B
>"Brian" had this to add, about upgrading to Bugzilla 2.12 from previous versions:</P
><A
NAME="AEN634"
NAME="AEN643"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
......@@ -613,11 +613,11 @@ CLASS="PROGRAMLISTING"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN646"
NAME="AEN655"
></A
><P
><B
>Example 2-1. Removing encrypt() for Windows NT installations</B
>Example 2-3. Removing encrypt() for Windows NT installations</B
></P
><P
> Replace this:
......@@ -691,6 +691,63 @@ open SENDMAIL, "|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t &#62; ma
></BLOCKQUOTE
></BLOCKQUOTE
></DIV
><DIV
CLASS="TIP"
><BLOCKQUOTE
CLASS="TIP"
><P
><B
>Tip: </B
> This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
</P
><P
CLASS="LITERALLAYOUT"
>I'm&nbsp;busy&nbsp;installing&nbsp;bugzilla&nbsp;on&nbsp;a&nbsp;WinNT&nbsp;machine&nbsp;and&nbsp;I&nbsp;thought&nbsp;I'd&nbsp;notify&nbsp;you<br>
at&nbsp;this&nbsp;moment&nbsp;of&nbsp;the&nbsp;commments&nbsp;I&nbsp;have&nbsp;to&nbsp;section&nbsp;2.2.1&nbsp;of&nbsp;the&nbsp;bugzilla<br>
guide&nbsp;(at&nbsp;http://www.trilobyte.net/barnsons/html/).<br>
<br>
Step&nbsp;1:<br>
I've&nbsp;used&nbsp;apache,&nbsp;installation&nbsp;is&nbsp;really&nbsp;straightforward.<br>
After&nbsp;reading&nbsp;the&nbsp;Unix&nbsp;installation&nbsp;instructions,&nbsp;I&nbsp;found&nbsp;that&nbsp;it&nbsp;is<br>
necessary&nbsp;to&nbsp;add&nbsp;the&nbsp;ExecCGI&nbsp;option&nbsp;to&nbsp;the&nbsp;bugzilla&nbsp;directory.&nbsp;Also&nbsp;the<br>
'AddHandler'&nbsp;line&nbsp;for&nbsp;.cgi&nbsp;is&nbsp;by&nbsp;default&nbsp;commented&nbsp;out.<br>
<br>
Step&nbsp;3:&nbsp;although&nbsp;just&nbsp;a&nbsp;detail,&nbsp;'ppm&nbsp;install&nbsp;&#60;module%gt;'&nbsp;will&nbsp;also&nbsp;work<br>
(wihtout&nbsp;.ppd).&nbsp;And,&nbsp;it&nbsp;can&nbsp;also&nbsp;download&nbsp;these&nbsp;automatically&nbsp;from<br>
ActiveState.<br>
<br>
Step&nbsp;4:&nbsp;although&nbsp;I&nbsp;have&nbsp;cygwin&nbsp;installed,&nbsp;it&nbsp;seems&nbsp;that&nbsp;it&nbsp;is&nbsp;not&nbsp;necessary.<br>
On&nbsp;my&nbsp;machine&nbsp;cygwin&nbsp;is&nbsp;not&nbsp;in&nbsp;the&nbsp;PATH&nbsp;and&nbsp;everything&nbsp;seems&nbsp;to&nbsp;work&nbsp;as<br>
expected.<br>
However,&nbsp;I've&nbsp;not&nbsp;used&nbsp;everything&nbsp;yet.<br>
<br>
Step&nbsp;6:&nbsp;the&nbsp;'bugs_password'&nbsp;given&nbsp;in&nbsp;SQL&nbsp;command&nbsp;d&nbsp;needs&nbsp;to&nbsp;be&nbsp;edited&nbsp;into<br>
localconfig&nbsp;later&nbsp;on&nbsp;(Step&nbsp;7)&nbsp;if&nbsp;the&nbsp;password&nbsp;is&nbsp;not&nbsp;empty.&nbsp;I've&nbsp;also&nbsp;edited<br>
it&nbsp;into&nbsp;globals.pl,&nbsp;but&nbsp;I'm&nbsp;not&nbsp;sure&nbsp;that&nbsp;is&nbsp;needed.&nbsp;In&nbsp;both&nbsp;places,&nbsp;the<br>
variable&nbsp;is&nbsp;named&nbsp;db_pass.<br>
<br>
Step&nbsp;8:&nbsp;all&nbsp;the&nbsp;sendmail&nbsp;replacements&nbsp;mentioned&nbsp;are&nbsp;not&nbsp;as&nbsp;simple&nbsp;as<br>
described&nbsp;there.&nbsp;Since&nbsp;I&nbsp;am&nbsp;not&nbsp;familiar&nbsp;(yet)&nbsp;with&nbsp;perl,&nbsp;I&nbsp;don't&nbsp;have&nbsp;any<br>
mail&nbsp;working&nbsp;yet.<br>
<br>
Step&nbsp;9:&nbsp;in&nbsp;globals.pl&nbsp;the&nbsp;encrypt()&nbsp;call&nbsp;can&nbsp;be&nbsp;replaced&nbsp;by&nbsp;just&nbsp;the<br>
unencrypted&nbsp;password.&nbsp;In&nbsp;CGI.pl,&nbsp;the&nbsp;complete&nbsp;SQL&nbsp;command&nbsp;can&nbsp;be&nbsp;removed.<br>
<br>
Step&nbsp;11:&nbsp;I've&nbsp;only&nbsp;changed&nbsp;the&nbsp;#!&nbsp;lines&nbsp;in&nbsp;*.cgi.&nbsp;I&nbsp;haven't&nbsp;noticed&nbsp;problems<br>
with&nbsp;the&nbsp;system()&nbsp;call&nbsp;yet.<br>
There&nbsp;seem&nbsp;to&nbsp;be&nbsp;only&nbsp;four&nbsp;system()&nbsp;called&nbsp;programs:&nbsp;processmail.pl&nbsp;(handled<br>
by&nbsp;step&nbsp;10),&nbsp;syncshadowdb&nbsp;(which&nbsp;should&nbsp;probably&nbsp;get&nbsp;the&nbsp;same&nbsp;treatment&nbsp;as<br>
processmail.pl),&nbsp;diff&nbsp;and&nbsp;mysqldump.&nbsp;The&nbsp;last&nbsp;one&nbsp;is&nbsp;only&nbsp;needed&nbsp;with&nbsp;the<br>
shadowdb&nbsp;feature&nbsp;(which&nbsp;I&nbsp;don't&nbsp;use).<br>
<br>
There&nbsp;seems&nbsp;to&nbsp;be&nbsp;one&nbsp;step&nbsp;missing:&nbsp;copying&nbsp;the&nbsp;bugzilla&nbsp;files&nbsp;somehwere<br>
that&nbsp;apache&nbsp;can&nbsp;serve&nbsp;them.<br>
<br>
Just&nbsp;noticed&nbsp;the&nbsp;updated&nbsp;guide...&nbsp;Brian's&nbsp;comment&nbsp;is&nbsp;new.&nbsp;His&nbsp;first&nbsp;comment<br>
will&nbsp;work,&nbsp;but&nbsp;opens&nbsp;up&nbsp;a&nbsp;huge&nbsp;security&nbsp;hole.<br>
</P
></BLOCKQUOTE
></DIV
></DIV
></DIV
><DIV
......
docs/html/rhbugzilla.html
View file @ 4294a4f4
......@@ -80,7 +80,7 @@ NAME="RHBUGZILLA"
database, as well as MySQL.
Here's what Dave Lawrence had to say about the status of Red Hat Bugzilla,
<A
NAME="AEN1913"
NAME="AEN1936"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
......
docs/html/security.html
View file @ 4294a4f4
......@@ -173,14 +173,49 @@ TARGET="_top"
><LI
><P
> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
$BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
of a criminal, while the "globals.pl" stores some default information regarding your
installation which could aid a system cracker.
In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
> Bugzilla provides default .htaccess files to protect the most common Apache
installations. However, you should verify these are adequate according to the site-wide
security policy of your web server, and ensure that the .htaccess files are
allowed to "override" default permissions set in your Apache configuration files.
Covering Apache security is beyond the scope of this Guide; please consult the Apache
documentation for details.
</P
><P
> If you are using a web server that does not support the .htaccess control method,
<EM
>you are at risk!</EM
> After installing, check to see if you can
view the file "localconfig" in your web browser (ergo:
<A
HREF="http://bugzilla.mozilla.org/localconfig"
TARGET="_top"
> http://bugzilla.mozilla.org/localconfig</A
>. If you can read the contents of this
file, your web server has not secured your bugzilla directory properly and you
must fix this problem before deploying Bugzilla. If, however, it gives you a
"Forbidden" error, then it probably respects the .htaccess conventions and you
are good to go.
</P
></BLOCKQUOTE
></DIV
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <A
......
docs/html/setperl.html
View file @ 4294a4f4
......@@ -219,7 +219,7 @@ CLASS="COMMAND"
<DIV
CLASS="EXAMPLE"
><A
NAME="AEN1963"
NAME="AEN1986"
></A
><P
><B
......
docs/sgml/Bugzilla-Guide.sgml
View file @ 4294a4f4
......@@ -59,7 +59,7 @@ http://www.linuxdoc.org/LDP/LDP-Author-Guide/tools-hints.html
<BOOKINFO>
<TITLE>The Bugzilla Guide</TITLE>
<PUBDATE>v2.12.0, 24 April 2001</PUBDATE>
<PUBDATE>2001-04-25</PUBDATE>
<AUTHOR>
<FIRSTNAME>Matthew</FIRSTNAME>
<OTHERNAME>P.</OTHERNAME>
......
docs/sgml/administration.sgml
View file @ 4294a4f4
......@@ -1049,14 +1049,38 @@ operating parameters for bugzilla.</PARA>
<LISTITEM>
<PARA>
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
$BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
of a criminal, while the "globals.pl" stores some default information regarding your
installation which could aid a system cracker.
In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA>
<NOTE>
<PARA>
Bugzilla provides default .htaccess files to protect the most common Apache
installations. However, you should verify these are adequate according to the site-wide
security policy of your web server, and ensure that the .htaccess files are
allowed to "override" default permissions set in your Apache configuration files.
Covering Apache security is beyond the scope of this Guide; please consult the Apache
documentation for details.
</PARA>
<PARA>
If you are using a web server that does not support the .htaccess control method,
<EMPHASIS>you are at risk!</EMPHASIS> After installing, check to see if you can
view the file "localconfig" in your web browser (ergo:
<ULINK URL="http://bugzilla.mozilla.org/localconfig">
http://bugzilla.mozilla.org/localconfig</ULINK>. If you can read the contents of this
file, your web server has not secured your bugzilla directory properly and you
must fix this problem before deploying Bugzilla. If, however, it gives you a
"Forbidden" error, then it probably respects the .htaccess conventions and you
are good to go.
</PARA>
</NOTE>
<PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <ULINK URL="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ULINK> for the
......
docs/sgml/faq.sgml
View file @ 4294a4f4
......@@ -680,6 +680,54 @@
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
The index.html page doesn't show the footer. It's really annoying to have
to go to the querypage just to check my "my bugs" link. How do I get a footer
on static HTML pages?
</para>
</question>
<answer>
<para>
This was a late-breaking question for the Guide, so I just have to
quote the relevant newsgroup thread on it.
</para>
<literallayout>
> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd
> enabled. Perhaps what would be better is a #include virtual and a
> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.
>
> Please note that under most configurations, this also requires naming
> the file from index.html to index.shtml (and making sure that it will
> still be reconized as an index). Personally, I think this is better on
> a per-installation basis (perhaps add something to the FAQ that says how
> to do this).
Good point. Yeah, easy enough to do, that it shouldn't be a big deal for
someone to take it on if they want it. FAQ is a good place for it.
> Dave Miller wrote:
>
>> I did a little experimenting with getting the command menu and footer on
>> the end of the index page while leaving it as an HTML file...
>>
>> I was successful. :)
>>
>> I added this line:
>>
>> <!--#exec cmd="/usr/bin/perl -e &quot;require 'CGI.pl';
>>PutFooter();&quot;" -->
>>
>> Just before the &lt;/BODY&gt; &lt;/HTML&gt; at the end of the file. And it worked.
>>
>> Thought I'd toss that out there. Should I check this in? For those that
>> have SSI disabled, it'll act like a comment, so I wouldn't think it would
>> break anything.
</literallayout>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
......
docs/sgml/installation.sgml
View file @ 4294a4f4
......@@ -479,7 +479,7 @@
</PARA>
<TIP>
<PARA>
HINT: If you symlink the bugzilla directory into your Apache's
If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the &lt;Directory&gt; entry
for the HTML root.
......@@ -493,11 +493,25 @@
installation.
</PARA>
<PARA>
Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
to the correct location of your perl executable (probably /usr/bin/perl).
Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
<EXAMPLE>
<TITLE>Setting up bonsaitools symlink</TITLE>
<PARA>
Here's how you set up the Perl symlink on Linux to make Bugzilla work.
Your mileage may vary; if you are running on Solaris, you probably need to subsitute
"/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
Perl may live in weird places like "/opt/perl". As root, run these commands:
<PROGRAMLISTING>
bash# mkdir /usr/bonsaitools
bash# mkdir /usr/bonsaitools/bin
bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
</PROGRAMLISTING>
</PARA>
</EXAMPLE>
<TIP>
<PARA>
If you don't have root access to set this symlink up, check out the
......@@ -663,11 +677,26 @@
<ERRORCODE>Now regenerating the shadow database for all bugs.</ERRORCODE>
<NOTE>
<PARA>
The second time you run checksetup.pl, it is recommended you be the same
user as your web server runs under, and that you be sure you have set the
The second time you run checksetup.pl, you should become the
user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
name, if any. Under some systems, otherwise, checksetup.pl will goof up
your file permissions and make them unreadable to your web server.
name, if any. I believe, for the next release of Bugzilla, this will
be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
as well.
<EXAMPLE>
<TITLE>Running checksetup.pl as the web user</TITLE>
<PARA>
Assuming your web server runs as user "apache", and Bugzilla is installed in
"/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
As root, for the <EMPHASIS>second run</EMPHASIS> of checksetup.pl, do this:
<PROGRAMLISTING>
bash# chown -R apache:apache /usr/local/bugzilla
bash# su - apache
bash# cd /usr/local/bugzilla
bash# ./checksetup.pl
</PROGRAMLISTING>
</PARA>
</EXAMPLE>
</PARA>
</NOTE>
</PARA>
......@@ -680,7 +709,7 @@
</SECTION>
<SECTION>
<TITLE>Setting Up Maintainers Manuall (Optional)</TITLE>
<TITLE>Setting Up Maintainers Manually (Optional)</TITLE>
<PARA>
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run '<COMPUTEROUTPUT>
......@@ -1295,6 +1324,56 @@ open SENDMAIL, "|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t > mail.l
</PROCEDURE>
</BLOCKQUOTE>
</TIP>
<TIP>
<PARA>
This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
</PARA>
<LITERALLAYOUT>
I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you
at this moment of the commments I have to section 2.2.1 of the bugzilla
guide (at http://www.trilobyte.net/barnsons/html/).
Step 1:
I've used apache, installation is really straightforward.
After reading the Unix installation instructions, I found that it is
necessary to add the ExecCGI option to the bugzilla directory. Also the
'AddHandler' line for .cgi is by default commented out.
Step 3: although just a detail, 'ppm install &lt;module%gt;' will also work
(wihtout .ppd). And, it can also download these automatically from
ActiveState.
Step 4: although I have cygwin installed, it seems that it is not necessary.
On my machine cygwin is not in the PATH and everything seems to work as
expected.
However, I've not used everything yet.
Step 6: the 'bugs_password' given in SQL command d needs to be edited into
localconfig later on (Step 7) if the password is not empty. I've also edited
it into globals.pl, but I'm not sure that is needed. In both places, the
variable is named db_pass.
Step 8: all the sendmail replacements mentioned are not as simple as
described there. Since I am not familiar (yet) with perl, I don't have any
mail working yet.
Step 9: in globals.pl the encrypt() call can be replaced by just the
unencrypted password. In CGI.pl, the complete SQL command can be removed.
Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems
with the system() call yet.
There seem to be only four system() called programs: processmail.pl (handled
by step 10), syncshadowdb (which should probably get the same treatment as
processmail.pl), diff and mysqldump. The last one is only needed with the
shadowdb feature (which I don't use).
There seems to be one step missing: copying the bugzilla files somehwere
that apache can serve them.
Just noticed the updated guide... Brian's comment is new. His first comment
will work, but opens up a huge security hole.
</LITERALLAYOUT>
</TIP>
</SECTION>
</SECTION>
</CHAPTER>
......
docs/xml/Bugzilla-Guide.xml
View file @ 4294a4f4
......@@ -59,7 +59,7 @@ http://www.linuxdoc.org/LDP/LDP-Author-Guide/tools-hints.html
<BOOKINFO>
<TITLE>The Bugzilla Guide</TITLE>
<PUBDATE>v2.12.0, 24 April 2001</PUBDATE>
<PUBDATE>2001-04-25</PUBDATE>
<AUTHOR>
<FIRSTNAME>Matthew</FIRSTNAME>
<OTHERNAME>P.</OTHERNAME>
......
docs/xml/administration.xml
View file @ 4294a4f4
......@@ -1049,14 +1049,38 @@ operating parameters for bugzilla.</PARA>
<LISTITEM>
<PARA>
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
$BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
of a criminal, while the "globals.pl" stores some default information regarding your
installation which could aid a system cracker.
In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA>
<NOTE>
<PARA>
Bugzilla provides default .htaccess files to protect the most common Apache
installations. However, you should verify these are adequate according to the site-wide
security policy of your web server, and ensure that the .htaccess files are
allowed to "override" default permissions set in your Apache configuration files.
Covering Apache security is beyond the scope of this Guide; please consult the Apache
documentation for details.
</PARA>
<PARA>
If you are using a web server that does not support the .htaccess control method,
<EMPHASIS>you are at risk!</EMPHASIS> After installing, check to see if you can
view the file "localconfig" in your web browser (ergo:
<ULINK URL="http://bugzilla.mozilla.org/localconfig">
http://bugzilla.mozilla.org/localconfig</ULINK>. If you can read the contents of this
file, your web server has not secured your bugzilla directory properly and you
must fix this problem before deploying Bugzilla. If, however, it gives you a
"Forbidden" error, then it probably respects the .htaccess conventions and you
are good to go.
</PARA>
</NOTE>
<PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <ULINK URL="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ULINK> for the
......
docs/xml/faq.xml
View file @ 4294a4f4
......@@ -680,6 +680,54 @@
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
The index.html page doesn't show the footer. It's really annoying to have
to go to the querypage just to check my "my bugs" link. How do I get a footer
on static HTML pages?
</para>
</question>
<answer>
<para>
This was a late-breaking question for the Guide, so I just have to
quote the relevant newsgroup thread on it.
</para>
<literallayout>
> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd
> enabled. Perhaps what would be better is a #include virtual and a
> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.
>
> Please note that under most configurations, this also requires naming
> the file from index.html to index.shtml (and making sure that it will
> still be reconized as an index). Personally, I think this is better on
> a per-installation basis (perhaps add something to the FAQ that says how
> to do this).
Good point. Yeah, easy enough to do, that it shouldn't be a big deal for
someone to take it on if they want it. FAQ is a good place for it.
> Dave Miller wrote:
>
>> I did a little experimenting with getting the command menu and footer on
>> the end of the index page while leaving it as an HTML file...
>>
>> I was successful. :)
>>
>> I added this line:
>>
>> <!--#exec cmd="/usr/bin/perl -e &quot;require 'CGI.pl';
>>PutFooter();&quot;" -->
>>
>> Just before the &lt;/BODY&gt; &lt;/HTML&gt; at the end of the file. And it worked.
>>
>> Thought I'd toss that out there. Should I check this in? For those that
>> have SSI disabled, it'll act like a comment, so I wouldn't think it would
>> break anything.
</literallayout>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
......
docs/xml/installation.xml
View file @ 4294a4f4
......@@ -479,7 +479,7 @@
</PARA>
<TIP>
<PARA>
HINT: If you symlink the bugzilla directory into your Apache's
If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the &lt;Directory&gt; entry
for the HTML root.
......@@ -493,11 +493,25 @@
installation.
</PARA>
<PARA>
Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
to the correct location of your perl executable (probably /usr/bin/perl).
Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
<EXAMPLE>
<TITLE>Setting up bonsaitools symlink</TITLE>
<PARA>
Here's how you set up the Perl symlink on Linux to make Bugzilla work.
Your mileage may vary; if you are running on Solaris, you probably need to subsitute
"/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
Perl may live in weird places like "/opt/perl". As root, run these commands:
<PROGRAMLISTING>
bash# mkdir /usr/bonsaitools
bash# mkdir /usr/bonsaitools/bin
bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
</PROGRAMLISTING>
</PARA>
</EXAMPLE>
<TIP>
<PARA>
If you don't have root access to set this symlink up, check out the
......@@ -663,11 +677,26 @@
<ERRORCODE>Now regenerating the shadow database for all bugs.</ERRORCODE>
<NOTE>
<PARA>
The second time you run checksetup.pl, it is recommended you be the same
user as your web server runs under, and that you be sure you have set the
The second time you run checksetup.pl, you should become the
user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
name, if any. Under some systems, otherwise, checksetup.pl will goof up
your file permissions and make them unreadable to your web server.
name, if any. I believe, for the next release of Bugzilla, this will
be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
as well.
<EXAMPLE>
<TITLE>Running checksetup.pl as the web user</TITLE>
<PARA>
Assuming your web server runs as user "apache", and Bugzilla is installed in
"/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
As root, for the <EMPHASIS>second run</EMPHASIS> of checksetup.pl, do this:
<PROGRAMLISTING>
bash# chown -R apache:apache /usr/local/bugzilla
bash# su - apache
bash# cd /usr/local/bugzilla
bash# ./checksetup.pl
</PROGRAMLISTING>
</PARA>
</EXAMPLE>
</PARA>
</NOTE>
</PARA>
......@@ -680,7 +709,7 @@
</SECTION>
<SECTION>
<TITLE>Setting Up Maintainers Manuall (Optional)</TITLE>
<TITLE>Setting Up Maintainers Manually (Optional)</TITLE>
<PARA>
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run '<COMPUTEROUTPUT>
......@@ -1295,6 +1324,56 @@ open SENDMAIL, "|\"C:/General/Web/tools/Windmail 4.0 Beta/windmail\" -t > mail.l
</PROCEDURE>
</BLOCKQUOTE>
</TIP>
<TIP>
<PARA>
This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
</PARA>
<LITERALLAYOUT>
I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you
at this moment of the commments I have to section 2.2.1 of the bugzilla
guide (at http://www.trilobyte.net/barnsons/html/).
Step 1:
I've used apache, installation is really straightforward.
After reading the Unix installation instructions, I found that it is
necessary to add the ExecCGI option to the bugzilla directory. Also the
'AddHandler' line for .cgi is by default commented out.
Step 3: although just a detail, 'ppm install &lt;module%gt;' will also work
(wihtout .ppd). And, it can also download these automatically from
ActiveState.
Step 4: although I have cygwin installed, it seems that it is not necessary.
On my machine cygwin is not in the PATH and everything seems to work as
expected.
However, I've not used everything yet.
Step 6: the 'bugs_password' given in SQL command d needs to be edited into
localconfig later on (Step 7) if the password is not empty. I've also edited
it into globals.pl, but I'm not sure that is needed. In both places, the
variable is named db_pass.
Step 8: all the sendmail replacements mentioned are not as simple as
described there. Since I am not familiar (yet) with perl, I don't have any
mail working yet.
Step 9: in globals.pl the encrypt() call can be replaced by just the
unencrypted password. In CGI.pl, the complete SQL command can be removed.
Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems
with the system() call yet.
There seem to be only four system() called programs: processmail.pl (handled
by step 10), syncshadowdb (which should probably get the same treatment as
processmail.pl), diff and mysqldump. The last one is only needed with the
shadowdb feature (which I don't use).
There seems to be one step missing: copying the bugzilla files somehwere
that apache can serve them.
Just noticed the updated guide... Brian's comment is new. His first comment
will work, but opens up a huge security hole.
</LITERALLAYOUT>
</TIP>
</SECTION>
</SECTION>
</CHAPTER>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment