зеркало из https://github.com/mozilla/gecko-dev.git
Lots of formatting fixups, removed tab characters. Also removed incorrect DB_File requirement.
This commit is contained in:
Родитель
9f556a9d3e
Коммит
8707e0cc16
|
@ -127,7 +127,7 @@ a few perl modules; this can be quite ornery if your perl installation
|
|||
isn't up to snuff.
|
||||
|
||||
|
||||
SHORTCUT: You can skip the following Perl module installation
|
||||
SHORTCUT: You can skip the following Perl module installation
|
||||
steps by installing "Bundle::Bugzilla" from CPAN, which includes them.
|
||||
All Perl module installation steps require you have an active Internet
|
||||
connection.
|
||||
|
@ -251,13 +251,7 @@ module, only the specific versions listed above will work. Earlier
|
|||
versions used GIF's, which are no longer supported by the latest
|
||||
versions of GD.
|
||||
|
||||
1.9. DB_File Perl module
|
||||
|
||||
DB_File is a module which allows Perl programs to make use of the facilities provided by
|
||||
Berkeley DB version 1.x. This module is required by collectstats.pl which is used for
|
||||
bug charting. If you plan to make use of bug charting, you must install this module.
|
||||
|
||||
1.10. HTTP server
|
||||
1.9. HTTP server
|
||||
|
||||
You have a freedom of choice here - Apache, Netscape or any other
|
||||
server on UNIX would do. You can easily run the web server on a different
|
||||
|
@ -301,7 +295,7 @@ directories if they were accidentally tarred up with the rest of Bugzilla)
|
|||
and make sure you can access the files in that directory through your
|
||||
web server.
|
||||
|
||||
HINT: If you symlink the bugzilla directory into your Apache's
|
||||
HINT: If you symlink the bugzilla directory into your Apache's
|
||||
HTML heirarchy, you may receive "Forbidden" errors unless you
|
||||
add the "FollowSymLinks" directive to the <Directory> entry
|
||||
for the HTML root.
|
||||
|
@ -362,7 +356,7 @@ user.
|
|||
IDENTIFIED BY 'bugs_password';
|
||||
mysql> FLUSH PRIVILEGES;
|
||||
|
||||
Next, run the magic checksetup.pl script. (Many thanks to Holger
|
||||
Next, run the magic checksetup.pl script. (Many thanks to Holger
|
||||
Schurig <holgerschurig@nikocity.de> for writing this script!)
|
||||
It will make sure Bugzilla files and directories have reasonable
|
||||
permissions, set up the "data" directory, and create all the MySQL
|
||||
|
@ -438,17 +432,17 @@ as well turn on the nifty bugzilla bug reporting graphs.
|
|||
Adding this entry runs collectstats daily at 5 after midnight:
|
||||
5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl
|
||||
|
||||
After two days have passed you'll be able to view bug graphs from the
|
||||
After two days have passed you'll be able to view bug graphs from the
|
||||
Bug Reports page.
|
||||
|
||||
8. Real security for MySQL
|
||||
|
||||
If you followed the README for setting up your "bugs" and "root" user in
|
||||
If you followed the README for setting up your "bugs" and "root" user in
|
||||
MySQL, much of this should not apply to you. If you are upgrading
|
||||
an existing installation of Bugzilla, you should pay close attention
|
||||
to this section.
|
||||
|
||||
MySQL has "interesting" default security parameters:
|
||||
MySQL has "interesting" default security parameters:
|
||||
mysqld defaults to running as root
|
||||
it defaults to allowing external network connections
|
||||
it has a known port number, and is easy to detect
|
||||
|
@ -457,25 +451,25 @@ MySQL has "interesting" default security parameters:
|
|||
This means anyone from anywhere on the internet can not only drop the
|
||||
database with one SQL command, and they can write as root to the system.
|
||||
|
||||
To see your permissions do:
|
||||
To see your permissions do:
|
||||
> mysql -u root -p
|
||||
use mysql;
|
||||
show tables;
|
||||
select * from user;
|
||||
select * from db;
|
||||
|
||||
To fix the gaping holes:
|
||||
To fix the gaping holes:
|
||||
DELETE FROM user WHERE User='';
|
||||
UPDATE user SET Password=PASSWORD('new_password') WHERE user='root';
|
||||
FLUSH PRIVILEGES;
|
||||
|
||||
If you're not running "mit-pthreads" you can use:
|
||||
If you're not running "mit-pthreads" you can use:
|
||||
GRANT USAGE ON *.* TO bugs@localhost;
|
||||
GRANT ALL ON bugs.* TO bugs@localhost;
|
||||
REVOKE DROP ON bugs.* FROM bugs@localhost;
|
||||
FLUSH PRIVILEGES;
|
||||
|
||||
With "mit-pthreads" you'll need to modify the "globals.pl" Mysql->Connect
|
||||
With "mit-pthreads" you'll need to modify the "globals.pl" Mysql->Connect
|
||||
line to specify a specific host name instead of "localhost", and accept
|
||||
external connections:
|
||||
GRANT USAGE ON *.* TO bugs@bounce.hop.com;
|
||||
|
@ -483,7 +477,7 @@ external connections:
|
|||
REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;
|
||||
FLUSH PRIVILEGES;
|
||||
|
||||
Consider also:
|
||||
Consider also:
|
||||
o Turning off external networking with "--skip-networking",
|
||||
unless you have "mit-pthreads", in which case you can't.
|
||||
Without networking, MySQL connects with a Unix domain socket.
|
||||
|
@ -554,7 +548,7 @@ generally you want it to notice right away, so that you can test things.
|
|||
|
||||
Appendix C. Upgrading from previous versions of Bugzilla
|
||||
|
||||
The developers of Bugzilla are constantly adding new tables, columns and
|
||||
The developers of Bugzilla are constantly adding new tables, columns and
|
||||
fields. You'll get SQL errors if you just update the code. The strategy
|
||||
to update is to simply always run the checksetup.pl script whenever
|
||||
you upgrade your installation of Bugzilla. If you want to see what has
|
||||
|
|
Загрузка…
Ссылка в новой задаче