wiki:ServerIntro

Version 10 (modified by haydentech, 11 years ago) (diff)

Add link to apache permissions problems FAQ

Setting up a BOINC server

Using a virtual machine

The easiest (and recommended) way to set up a BOINC server is in a virtual machine that we've created for that purpose, with all the necessary software already installed. You can run this virtual machine using the VMWare player and any Intel-based computer (Windows, Linux, or Mac OS X). If you take this approach, skip the rest of this page.

Using a real machine

You can potentially use any Unix system as a BOINC server (we recommend using a recent Linux release). Set up the machine as follows.

Groups and permissions

BOINC server programs run as two different users:

  • The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (typically user 'apache', group 'apache').
  • BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc').

By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the upload hierarchy, it's owned by (apache, apache), and the file deleter (which runs as boincadm) won't be able to delete the files there.

To solve this problem, edit /etc/group so that apache belongs to group boinc, i.e. the line:

boinc:x:566:

becomes:

boinc:x:566:apache

(Apache will need to be stopped/restarted for this to take effect.)

When you create a BOINC project using make_project, the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.

To fix permissions on an existing project, do:

chmod 02770 upload
chmod 02770 html/cache
chmod 02770 html/inc
chmod 02770 html/languages
chmod 02770 html/languages/compiled
chmod 02770 html/user_profiles

You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc. If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.

When serving your project files from apache, note that all directories up to and including the html directory must have execute permissions. For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a 403 Permission Denied error when attempted to browse to your project page. More information on dealing with apache permissions problems can be found here.

Installing BOINC software

Operating system configuration

Some parts of the BOINC server (the feeder and scheduling server) use shared memory. Hosts where these run must have shared memory enabled, with a maximum segment size of at least 32 MB. How to do this depends on the operating system; some information is here.

MySQL notes

  • After installing and running the server, grant permissions for your own account and for the account under which Apache runs ('nobody' in the following; may be different on your machine). All mysql accounts should be password protected including root.
    mysql -u root
    grant all on *.* to yourname@localhost identified by 'password';
    grant all on *.* to yourname identified by 'password';
    grant all on *.* to nobody@localhost identified by 'password';
    grant all on *.* to nobody identified by 'password';
    
  • Set your PATH variable to include MySQL programs (typically /usr/local/mysql and /usr/local/mysql/bin).
  • You'll need to back up your database. Generally this requires stopping the project, making a copy or snapshot, and restarting. An example is here.
  • BOINC gets MySQL compiler and linker flags from a program called mysql_config which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as -lnsl or -lnss_files. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles.
  • MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about configuring MySQL for BOINC.
  • Notes on running MySQL on a cluster.

MySQLclient notes

  • Configure mysql with the --enable-thread-safe-client switch.
  • Set your LD_LIBRARY_PATH to refer to the correct library.

Apache notes

In httpd.conf, set the default MIME type as follows (otherwise you'll get file upload signature verification errors):

DefaultType application/octet-stream

To limit denial-of-service attacks, we recommend turning off directory indexing by adding -Indexes to the Options directive.

PHP notes

  • Make sure 'magic quotes' are enabled (this is the default). The file /etc/php.ini should contain
    magic_quotes_gpc = On
    
  • By default, BOINC uses PHP's mail function to send email to participants. This uses sendmail. If this doesn't work, you can use PHPMailer instead, which is a very flexible mail-sending mechanism. To do this:
    • Download PHPMailer and put it under PROJECT/html/inc/phpmailer.
    • Set the following variables in your PROJECT/html/project/project.inc file (substitute your own values):
       = true;
       = "xxx.xxx.xxx";
       = "smtp";