modules/druplet/README.txt

$Id: README.txt,v 1.4 2007/06/29 16:31:59 antinomia Exp $

Druplet.module - Conjur up Drupal sandboxes as subdomains using Multi-Site and available installation profiles

Druplet is an demand Drupal sandbox generating machine. It uses Drupal's multi-site
and install profile capabilities to allow for multiple unique sandboxes running under
the same codebase. This module is not meant for use on production servers. Rather,
it is a time-saving tool for developers. Druplet is currently in early development.
Feel free to download the code from CVS, but be warned that support is limited.

There are some critical server configuration issues regarding this module. Please read below for more detail.

== IMPORTANT! NEVER ALLOW UNTRUSTED USERS TO EXECUTE PHP CODE ON YOUR SERVER! ==
SECURITY WARNING: If you are using this for personal use, the security issues are
minimalized. However, if you allow non-trusted users access to execute PHP code on your
server, they can potentially read the settings.php file of another Druplet.
Similarly, if you configure for multiple users (as described below), you put
yourself at risk of another security issue, in that you have to allow the web server
access to create and jail the users on your system. An untrusted user could exploit
this as well. See http://groups.drupal.org/node/2989#comment-14133 for more info.

There are two primary ways you can configure this module depending on your needs,
and installation of this module could be tricky depending on your level of experience
with server configuration.

== SINGLE USER: Druplets created without SFTP users ==
This configuration method is easier out of the box and does not require installation
of any extra software on your server, as the method below does. If you need to create
Druplets for your own personal use and do not require a separate SFTP account for
each one, this method should suit you just fine.

A few configuration items:
 - You must configure httpd.conf so that all subdomain traffic is directed to your primary DocumentRoot (i.e. druplet.mydomain.com -> mydomain.com)
 - The apache user must have write access to the sites directory. (chmod 777 sites)
 - The database user must be able to create databases and grant access. (GRANT USAGE ON * . * TO 'username'@'localhost' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;)

== MULTIPLE USER: Each Druplet is created with an SFTP user
This configuration allows each user to have a separate SFTP login which is jailed to
the corresponding sites directory (i.e. a user cannot see/edit others' files).
You must install JailKit (://olivier.sessink.nl/jailkit/howtos_sftp_scp_only.html)
for this to work properly. More details coming soon.
1	$Id: README.txt,v 1.4 2007/06/29 16:31:59 antinomia Exp $
2
3	Druplet.module - Conjur up Drupal sandboxes as subdomains using Multi-Site and available installation profiles
4
5	Druplet is an demand Drupal sandbox generating machine. It uses Drupal's multi-site
6	and install profile capabilities to allow for multiple unique sandboxes running under
7	the same codebase. This module is not meant for use on production servers. Rather,
8	it is a time-saving tool for developers. Druplet is currently in early development.
9	Feel free to download the code from CVS, but be warned that support is limited.
10
11	There are some critical server configuration issues regarding this module. Please read below for more detail.
12
13	== IMPORTANT! NEVER ALLOW UNTRUSTED USERS TO EXECUTE PHP CODE ON YOUR SERVER! ==
14	SECURITY WARNING: If you are using this for personal use, the security issues are
15	minimalized. However, if you allow non-trusted users access to execute PHP code on your
16	server, they can potentially read the settings.php file of another Druplet.
17	Similarly, if you configure for multiple users (as described below), you put
18	yourself at risk of another security issue, in that you have to allow the web server
19	access to create and jail the users on your system. An untrusted user could exploit
20	this as well. See http://groups.drupal.org/node/2989#comment-14133 for more info.
21
22	There are two primary ways you can configure this module depending on your needs,
23	and installation of this module could be tricky depending on your level of experience
24	with server configuration.
25
26	== SINGLE USER: Druplets created without SFTP users ==
27	This configuration method is easier out of the box and does not require installation
28	of any extra software on your server, as the method below does. If you need to create
29	Druplets for your own personal use and do not require a separate SFTP account for
30	each one, this method should suit you just fine.
31
32	A few configuration items:
33	- You must configure httpd.conf so that all subdomain traffic is directed to your primary DocumentRoot (i.e. druplet.mydomain.com -> mydomain.com)
34	- The apache user must have write access to the sites directory. (chmod 777 sites)
35	- The database user must be able to create databases and grant access. (GRANT USAGE ON * . * TO 'username'@'localhost' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;)
36
37	== MULTIPLE USER: Each Druplet is created with an SFTP user
38	This configuration allows each user to have a separate SFTP login which is jailed to
39	the corresponding sites directory (i.e. a user cannot see/edit others' files).
40	You must install JailKit (://olivier.sessink.nl/jailkit/howtos_sftp_scp_only.html)
41	for this to work properly. More details coming soon.