Changes between Version 23 and Version 24 of ServerIntro


Ignore:
Timestamp:
Jul 14, 2007, 5:27:50 PM (17 years ago)
Author:
Nicolas
Comment:

Formatting (loads of monospace) and some minor rewording

Legend:

Unmodified
Added
Removed
Modified
  • ServerIntro

    v23 v24  
    2020=== Groups and permissions ===
    2121BOINC server programs run as two different users:
    22  * The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (on Fedora this is user 'apache'; on Debian it's 'www-data').
    23  * BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc').
    24 
    25 By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (apache, apache), and the [http://boinc.berkeley.edu/trac/wiki/FileDeleter file deleter] (which runs as boincadm) won't be able to delete the files there.
    26 
    27 To solve this problem, edit /etc/group so that apache belongs to group boinc, i.e. the line:
     22 * The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (on Fedora this is user '`apache`'; on Debian it's '`www-data`').
     23 * BOINC daemons runs as whoever created the project (let's say user '`boincadm`', group '`boinc`').
     24
     25By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (apache, apache), and the [http://boinc.berkeley.edu/trac/wiki/FileDeleter file deleter] (which runs as `boincadm`) won't be able to delete the files there.
     26
     27To solve this problem, edit `/etc/group` so that `apache` belongs to group `boinc`, i.e. the line:
    2828
    2929{{{
     
    3636(Apache will need to be stopped/restarted for this to take effect.)
    3737
    38 Both boincadm and apache should have umasks that allow group read and write.
    39 
    40 When you create a BOINC project using [MakeProject make_project], the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.
     38Both `boincadm` and `apache` should have umasks that allow group read and write.
     39
     40When you create a BOINC project using [MakeProject make_project], the critical directories are owned by `boincadm` and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group `boinc` (not group `apache`). The BOINC software makes all directories group read/write. Thus, both `apache` and `boinc` will have read/write access to all directories and files, but other users will have no access.
    4141
    4242To fix permissions on an existing project, do:
     
    5151}}}
    5252
    53 You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc.  If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.
    54 
    55 When serving your project files from apache, note that all directories up to and including the html directory must have execute permissions.  For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700.  If this is not corrected, you will receive a 403 Permission Denied error when attempted to browse to your project page.  More information on dealing with apache permissions problems can be found [http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden here].
    56 
     53You may also need to change the ownership of these directories and all their subdirectories to `boincadm/boinc`.  If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add `apache` to all of the groups.
     54
     55When serving your project files from Apache, note that all directories up to and including the html directory must have execute permissions.  For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a '''403 Forbidden''' error when attempted to browse to your project page. See [http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden more information] on dealing with Apache permissions problems].
    5756
    5857=== Installing BOINC software ===
    59  * Download and install whatever [SoftwarePrereqsUnix software prerequisites] are needed on your system.
     58 * Download and install the needed [SoftwarePrereqsUnix software prerequisites].
    6059 * [SourceCode Download] the BOINC software.
    6160 * [BuildSystem Configure and build] the BOINC software.
     
    6564
    6665=== MySQL notes ===
    67  * After installing and running the server, grant permissions for your own account and for the account under which Apache runs ('nobody' in the following; may be different on your machine). All mysql accounts should be password protected including root.
     66 * After installing and running the server, grant permissions for your own account and for the account under which Apache runs ('nobody' in the following; may be different on your machine). All MySQL accounts should be password protected, especially `root`.
    6867{{{
    6968mysql -u root
     
    7372grant all on *.* to nobody identified by 'password';
    7473}}}
    75  * Set your `PATH` environment variable to include MySQL programs (typically /usr/local/mysql and /usr/local/mysql/bin).
     74 * Set your `PATH` environment variable to include MySQL programs (typically `/usr/local/mysql` and `/usr/local/mysql/bin`).
    7675 * You'll need to back up your database. Generally this requires stopping the project, making a copy or snapshot, and restarting. An example is [http://boinc.berkeley.edu/mysql_backup.txt here].
    77  * BOINC gets MySQL compiler and linker flags from a program called mysql_config which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as -lnsl or -lnss_files. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles.
     76 * BOINC gets MySQL compiler and linker flags from a program called `mysql_config` which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as `-lnsl` or `-lnss_files`. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles.
    7877 * MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about [MysqlConfig configuring MySQL for BOINC].
    7978 * [http://boinc.berkeley.edu/mysql_cluster.txt Notes on running MySQL on a cluster].