diff options
author | cvs2git <cvs2git> | 2006-08-23 22:25:40 +0000 |
---|---|---|
committer | cvs2git <cvs2git> | 2006-08-23 22:25:40 +0000 |
commit | 58d093219cf60264550b8c34649d9f3190eda042 (patch) | |
tree | 10418dd70b52416a5f52da8e17d8e282d914595d /rt/UPGRADING | |
parent | 3ce7691203a7737406bf2d4442f7fd84b81f847e (diff) |
This commit was manufactured by cvs2svn to create tagAFTER_FINAL_MASONIZE
'AFTER_FINAL_MASONIZE'.
Diffstat (limited to 'rt/UPGRADING')
-rw-r--r-- | rt/UPGRADING | 205 |
1 files changed, 0 insertions, 205 deletions
diff --git a/rt/UPGRADING b/rt/UPGRADING deleted file mode 100644 index 11a26e81e..000000000 --- a/rt/UPGRADING +++ /dev/null @@ -1,205 +0,0 @@ -UPGRADING - -Detailed information about upgrading can be found in the README file. -This document is intended to supplement the instructions in that file. - -Additional information about upgrading from specific versions of RT is -contained below. - -******* -WARNING -******* - -Before making any changes to your database, always ensure that you have a -complete current backup. If you don't have a current backup, you could -accidentally damage your database and lose data or worse. - -******* - -UPGRADING FROM 3.3.14 and earlier - Changes: - -The "ModifyObjectCustomFieldValues" right name was too long. It's been changed to -"ModifyCustomField" - - -UPGRADING FROM 3.3.11 and earlier - Changes: - -= Rights Changes = - -Custom Fields now have an additional right "ModifyCustomField". -This right governs whether a user can modify an object's custom field values -for a particular custom field. This includes adding, deleting and changing values. - - -UPGRADING FROM 3.2 and earlier - Changes: - -= Rights changes = - -Now, if you want any user to be able to access the Admin tools (a.k.a. -the Configuration tab), you must grant that user the "ShowConfigTab" -right. Making the user a privileged user is no longer sufficient. - -"SuperUser" users are no longer automatically added to the list of users who can own tickets in a queue. You now need to explicitly give them the "own tickets" right. - - - -UPGRADING FROM 3.0.x - Changes: - -= Installation = - -We recommend you move your existing /opt/rt3 tree completely out -of the way before installating the newversion of RT, to make sure -that you don't inadvertently leave old files hanging around. - -= Rights changes = - -Now, if you want RT to automatically create new users upon ticket -submission, you MUST grant 'Everyone' the right to create tickets. -Granting this right only to "Unprivileged Users" is now insufficient. - - -= FastCGI configuration = - -This section is a snapshot of the documentation available at: - -http://wiki.bestpractical.com/index.cgi?FastCGIConfiguration - -It's worth checking out that resource if these instructions don't -work right for you - - -RT 3.2 includes a signficant change to the FastCGI handler. It is -no longer "setgid" to the RT group. Perl's setid support has been -deprecated for the last several releases and a number of platforms -don't bundle the "sperl" or "suidperl" executable by default. -Additionally, when perl is run SetUID or SetGID, the interpreter -is automatically switched into /taint mode/, in which all incoming -data, no matter the source is considered suspect. At first, this -seems like a great idea. But perl's taint mode is a big sledgehammer -used to hit small nails. Many perl libraries aren't tested in taint -mode and will fail when least expected. Moving away from a SetGID -FastCGI handler will enable more users to have a smoother RT -experience. It does require some changes in how you set up and -configure RT. - -Beginning with RT 3.2, you have several choices about how to configure -RT to run as a FastCGI: - - -== Install RT as the user your webserver runs as == - -Pros: Very easy to configure - -Cons: Your webserver has access to RT's private database password - - -=== How To - -When installing RT, run: - - ./configure --with-web-user="webuser" --with-web-group="webgroup" \ - --with-rt-user="webuser" --with-rt-group="webgroup" - -(Don't forget to include other configuration options that matter to you) - -If you're using apache, you'll want to add something like the following -to your httpd.conf: - - <VirtualHost rt.example.com> - - # Pass through requests to display images - Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/ - - # Tell FastCGI to put its temporary files somewhere sane. - FastCgiIpcDir /tmp - - FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120 - - AddHandler fastcgi-script fcgi - ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/ - - </VirtualHost> - - -== Make your webserver user a member of the "rt" group == - -Pros: Easy to configure - -Cons: Your webserver has access to RT's private database password - - -=== How To - -Install RT normally. Add whichever user your webserver runs as -(whatever you set --with-web-user to) to the "rt" group (whatever -you set --with-rt-group to) in /etc/groups. - -To find out what user your webserver runs as, look for the line - - User some-user-name - -in your apache httpd.conf. Common values are www, www-data, web and nobody. - - - -== Run RT using _suexec_ or a similar mechanism - - -Pros: More secure - -Cons: Sometimes very difficult to configure - -Apache's _suexec_ utility allows you run CGI programs as specific -users. Because that's a relatively heavy responsibility, it's very, -very conservative about what it's willing to do for you. On top of -that, Apache's mod_fastcgi plugin doesn't respect all of suexec's -features. While suexec is designed to execute CGI scripts in a -given virtual host's !DocumentRoot, It can only execute FastCGI -scripts in the system's *main* !DocumentRoot. - -This means you have to copy the RT FastCGI handler into your main -!DocumentRoot - -The following example !VirtualHost will run RT as a FastCGI on -Apache 1.3 on a Debian Linux server. - - - <VirtualHost rt.example.com> - - DocumentRoot /opt/rt3/share/html - - # Set the rt user and group as the executing user for this virtual host - User rt - Group rt - - - # Pass through requests to display images - Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/ - - # Tell FastCGI to put its temporary files somewhere sane. - FastCgiIpcDir /tmp - - # Tell FastCGI that it should use apache's "suexec" binary to call any - # FastCGI script. - # This is a GLOBAL setting - FastCgiWrapper /usr/lib/apache/suexec - - # You need to copy the rt mason_handler.fcgi into a directory inside - # the main server DocumentRoot - # That directory must be owned by the user and group that will execute - # the FastCGI script - # In this case, that directory is /var/www/rt - - # To find the local DocumentRoot, run "suexec -V" as root and look for the - # -D DOC_ROOT parameter. - - # Apache 1.3 discards the user and group parameters on the FastCgiServer - # line. Apache 2.0 requires them. - - FastCgiServer /var/www/rt/mason_handler.fcgi -idle-timeout 120 -user rt -group rt - - AddHandler fastcgi-script fcgi - ScriptAlias / /var/www/rt/mason_handler.fcgi/ - - </VirtualHost> - |