/[drupal]/contributions/modules/druplet/README.txt
ViewVC logotype

Diff of /contributions/modules/druplet/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.1, Wed Jan 16 16:22:34 2008 UTC revision 1.1.2.1, Wed Jan 16 16:38:05 2008 UTC
# Line 14  There are some critical server configura Line 14  There are some critical server configura
14  SECURITY WARNING: If you are using this for personal use, the security issues are  SECURITY WARNING: If you are using this for personal use, the security issues are
15  minimalized. However, if you allow non-trusted users access to execute PHP code on your  minimalized. However, if you allow non-trusted users access to execute PHP code on your
16  server, they can potentially read the settings.php file of another Druplet.  server, they can potentially read the settings.php file of another Druplet.
17  See http://groups.drupal.org/node/2989#comment-14133 for more info.  Similarly, if you configure for multiple users (as described below), you put
18    yourself at risk of another security issue, in that you have to allow the web server
19    access to create and jail the users on your system. An untrusted user could exploit
20    this as well. See http://groups.drupal.org/node/2989#comment-14133 for more info.
21    
22    There are two primary ways you can configure this module depending on your needs,
23    and installation of this module could be tricky depending on your level of experience
24    with server configuration.
25    
26    == SINGLE USER: Druplets created without SFTP users ==
27    This configuration method is easier out of the box and does not require installation
28    of any extra software on your server, as the method below does. If you need to create
29    Druplets for your own personal use and do not require a separate SFTP account for
30    each one, this method should suit you just fine.
31    
32  A few configuration items:  A few configuration items:
33   - You must configure httpd.conf so that all subdomain traffic is directed to your primary DocumentRoot (i.e. druplet.mydomain.com -> mydomain.com)   - You must configure httpd.conf so that all subdomain traffic is directed to your primary DocumentRoot (i.e. druplet.mydomain.com -> mydomain.com)
34   - The apache user must have write access to the sites directory. (chmod 777 sites)   - The apache user must have write access to the sites directory. (chmod 777 sites)
  - The database user must be able to create databases and grant access. (GRANT USAGE ON * . * TO 'username'@'localhost' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;)  
35     - The database user must be able to create databases and grant access. (GRANT USAGE ON * . * TO 'username'@'localhost' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;)
36    
37    == MULTIPLE USER: Each Druplet is created with an SFTP user
38    This configuration allows each user to have a separate SFTP login which is jailed to
39    the corresponding sites directory (i.e. a user cannot see/edit others' files).
40    You must install JailKit (://olivier.sessink.nl/jailkit/howtos_sftp_scp_only.html)
41    for this to work properly. More details coming soon.
Legend:
Removed from v.1.1  
changed lines
  Added in v.1.1.2.1
  ViewVC Help
Powered by ViewVC 1.1.2