breakingdefaults

Subject: Installation instruction best practices Tags: koha, software, debian, web, standards I install lots of web applications while working for my webmaster cooperative http://www.ttllp.co.uk/ and, quite often, the installation instructions include boners like "chmod 777 /path/to/your/public_html" which would let any user on the server write to your website. On some large webservers, they have special tricks (chrooting and custom httpds) which limits the damage done by such commands, but on smaller webservers, it's both unnecessary (because of things like suexec and similar) and dangerous. When I find chmod 777 instructions, I often email the maintainer and suggest at least adding a warning comment. I've tried to avoid including it in my instructions - access rights are really something between the webmaster and sysadmin. So I was a bit unhappy with the Koha-patch entitled Debian installation instructions minor editing http://lists.koha.org/pipermail/koha-patches/2008-April/000254.html which included the dangerous command "sudo a2dissite default" The effect of that (disabling the site in /var/www on a default debian apache httpd installation) wasn't even commented. Hopefully, the submitter has learned something about how apache httpd virtual hosts from my complaint. In other notes, I'm ecstatic about see shy jo: cdbs killer (design phase) http://kitenet.net/~joey/blog/entry/cdbs_killer40_design_phase41__/ and will try to get koha ready for that ASAP.