Commit 8c712652 authored by sympa-authors's avatar sympa-authors
Browse files

New feature :

*****	wwsympa.fcgi can use sudo instead of setuidperl
*****	You should run 'configure --enable-secure' and
*****	use wwsympa_sudo_wrapper.pl instead of wwsympa.fcgi


git-svn-id: https://subversion.renater.fr/sympa/trunk@3678 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 192c43bc
......@@ -195,12 +195,18 @@ checkperl:
if [ "$(DESTDIR)" = "" ]; then read rep; fi \
fi
@if [ ! -f $(SUIDPERL) ]; then \
echo "##################################"; \
echo "## You don't have suidperl installed."; \
echo "## Suidperl is the default way to run WWSympa with SetUID."; \
echo "## Among other options, you can use suExec with Apache"; \
echo "## Check Sympa reference manual for more details"; \
echo "#####################################################"; \
echo "#################################################################################"; \
echo "## wwsympa.fcgi that provides Sympa's web interface needs to run as user $(USER)"; \
echo "## There are many options to do so : "; \
echo "## 1/ Installing 'suidperl' to run wwsympa.fcgi with SetUID. This is the default method,"; \
echo "## but it might be insecure."; \
echo "## 2/ Use 'sudo' to run wwsympa.fcgi as user $(USER). Your Apache configuration should use wwsympa_sudo_wrapper.pl"; \
echo "## You should edit your /etc/sudoers file (with visudo command) as follows :"; \
echo "## apache ALL = ($(USER) NOPASSWD: $(CGIDIR)/wwsympa.fcgi"; \
echo "## 3/ Use Apache's suExec mode."; \
echo "## For (2) and (3) you should run Sympa's 'configure' with the '--enable-secure' option"; \
echo "#######################################################################################"; \
echo -n "Please hit <Enter> to continue"; \
if [ "$(DESTDIR)" = "" ]; then read rep; fi \
fi
@if [ ! -f $(MSGFMT) ]; then \
......@@ -325,7 +331,7 @@ installwws:
@(cd wwsympa && echo "making in wwsympa..." && \
$(MAKE) SH='${SH}' CC='${CC}' CFLAGS='${CFLAGS}' PERL='${PERL}' \
DIR='${DIR}' BINDIR='${BINDIR}' SBINDIR='${SBINDIR}' LIBDIR='${LIBDIR}' \
USER='${USER}' GROUP='${GROUP}' \
USER='${USER}' GROUP='${GROUP}' SUDO='${SUDO}' enable_secure='${enable_secure}' \
CGIDIR='${CGIDIR}' WWSBINDIR='${WWSBINDIR}' MAILERPROGDIR='${MAILERPROGDIR}' \
PIDDIR='${PIDDIR}' CONFIG='${CONFIG}' WWSCONFIG='${WWSCONFIG}' ETCBINDIR='${ETCBINDIR}' \
DESTDIR='${DESTDIR}' USER='${USER}' GROUP='${GROUP}' ICONSDIR='${ICONSDIR}' newinstall) || exit 1;
......
......@@ -168,6 +168,7 @@ SH = @SH@
SHELL = @SHELL@
SPOOLDIR = @SPOOLDIR@
STRIP = @STRIP@
SUDO = @SUDO@
SUIDPERL = @SUIDPERL@
USER = @USER@
VERSION = @VERSION@
......@@ -188,6 +189,7 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
datadir = @datadir@
enable_secure = @enable_secure@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
......@@ -539,12 +541,18 @@ checkperl:
if [ "$(DESTDIR)" = "" ]; then read rep; fi \
fi
@if [ ! -f $(SUIDPERL) ]; then \
echo "##################################"; \
echo "## You don't have suidperl installed."; \
echo "## Suidperl is the default way to run WWSympa with SetUID."; \
echo "## Among other options, you can use suExec with Apache"; \
echo "## Check Sympa reference manual for more details"; \
echo "#####################################################"; \
echo "#################################################################################"; \
echo "## wwsympa.fcgi that provides Sympa's web interface needs to run as user $(USER)"; \
echo "## There are many options to do so : "; \
echo "## 1/ Installing 'suidperl' to run wwsympa.fcgi with SetUID. This is the default method,"; \
echo "## but it might be insecure."; \
echo "## 2/ Use 'sudo' to run wwsympa.fcgi as user $(USER). "; \
echo "## You should edit your /etc/sudoers file (with visudo command) as follows :"; \
echo "## apache ALL = ($(USER) NOPASSWD: $(CGIDIR)/wwsympa.fcgi"; \
echo "## 3/ Use Apache's suExec mode."; \
echo "## For (2) and (3) you should run Sympa's 'configure' with the '--enable-secure' option"; \
echo "#######################################################################################"; \
echo -n "Please hit <Enter> to continue"; \
if [ "$(DESTDIR)" = "" ]; then read rep; fi \
fi
@if [ ! -f $(MSGFMT) ]; then \
......@@ -668,7 +676,7 @@ installwws:
@(cd wwsympa && echo "making in wwsympa..." && \
$(MAKE) SH='${SH}' CC='${CC}' CFLAGS='${CFLAGS}' PERL='${PERL}' \
DIR='${DIR}' BINDIR='${BINDIR}' SBINDIR='${SBINDIR}' LIBDIR='${LIBDIR}' \
USER='${USER}' GROUP='${GROUP}' \
USER='${USER}' GROUP='${GROUP}' SUDO='${SUDO}' enable_secure='${enable_secure}' \
CGIDIR='${CGIDIR}' WWSBINDIR='${WWSBINDIR}' MAILERPROGDIR='${MAILERPROGDIR}' \
PIDDIR='${PIDDIR}' CONFIG='${CONFIG}' WWSCONFIG='${WWSCONFIG}' ETCBINDIR='${ETCBINDIR}' \
DESTDIR='${DESTDIR}' USER='${USER}' GROUP='${GROUP}' ICONSDIR='${ICONSDIR}' newinstall) || exit 1;
......
......@@ -273,7 +273,7 @@ PACKAGE_BUGREPORT=
ac_unique_file="check_perl_modules.pl"
ac_default_prefix=/home/sympa
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS MAJOR_VERSION MINOR_VERSION MICRO_VERSION build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CONFDIR CGIDIR ICONSDIR BINDIR SBINDIR LIBEXECDIR LIBDIR DATADIR EXPLDIR MANDIR INITDIR LOCKDIR PIDDIR ETCDIR LOCALEDIR DOCDIR SCRIPTDIR SAMPLEDIR SPOOLDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP EGREP PERL SUIDPERL MHONARC OPENSSL CVS2CL MSGFMT SH USER GROUP SENDMAIL_ALIASES VIRTUAL_ALIASES NEWALIASES NEWALIASES_ARG POSTMAP POSTMAP_ARG MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT LIBOBJS LTLIBOBJS'
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS MAJOR_VERSION MINOR_VERSION MICRO_VERSION build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CONFDIR CGIDIR ICONSDIR BINDIR SBINDIR LIBEXECDIR LIBDIR DATADIR EXPLDIR MANDIR INITDIR LOCKDIR PIDDIR ETCDIR LOCALEDIR DOCDIR SCRIPTDIR SAMPLEDIR SPOOLDIR enable_secure CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP EGREP PERL SUIDPERL SUDO MHONARC OPENSSL CVS2CL MSGFMT SH USER GROUP SENDMAIL_ALIASES VIRTUAL_ALIASES NEWALIASES NEWALIASES_ARG POSTMAP POSTMAP_ARG MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
......@@ -814,6 +814,7 @@ if test -n "$ac_init_help"; then
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-secure install wwsympa to be run in a secure mode, without suidperl (default disabled)
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-maintainer-mode enable make rules and dependencies not useful
......@@ -2016,6 +2017,13 @@ if test "${with_spooldir+set}" = set; then
fi;
## to run wwsympa.fcgi without setuidperl
# Check whether --enable-secure or --disable-secure was given.
if test "${enable_secure+set}" = set; then
enableval="$enable_secure"
fi;
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
......@@ -3521,6 +3529,48 @@ fi
# Extract the first word of "sudo", so it can be a program name with args.
set dummy sudo; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_path_SUDO+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
case $SUDO in
[\\/]* | ?:[\\/]*)
ac_cv_path_SUDO="$SUDO" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_SUDO="$as_dir/$ac_word$ac_exec_ext"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
test -z "$ac_cv_path_SUDO" && ac_cv_path_SUDO="/usr/bin/sudo"
;;
esac
fi
SUDO=$ac_cv_path_SUDO
if test -n "$SUDO"; then
echo "$as_me:$LINENO: result: $SUDO" >&5
echo "${ECHO_T}$SUDO" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
# Extract the first word of "mhonarc", so it can be a program name with args.
set dummy mhonarc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
......@@ -4564,6 +4614,7 @@ s,@DOCDIR@,$DOCDIR,;t t
s,@SCRIPTDIR@,$SCRIPTDIR,;t t
s,@SAMPLEDIR@,$SAMPLEDIR,;t t
s,@SPOOLDIR@,$SPOOLDIR,;t t
s,@enable_secure@,$enable_secure,;t t
s,@CC@,$CC,;t t
s,@CFLAGS@,$CFLAGS,;t t
s,@LDFLAGS@,$LDFLAGS,;t t
......@@ -4584,6 +4635,7 @@ s,@CPP@,$CPP,;t t
s,@EGREP@,$EGREP,;t t
s,@PERL@,$PERL,;t t
s,@SUIDPERL@,$SUIDPERL,;t t
s,@SUDO@,$SUDO,;t t
s,@MHONARC@,$MHONARC,;t t
s,@OPENSSL@,$OPENSSL,;t t
s,@CVS2CL@,$CVS2CL,;t t
......
......@@ -133,6 +133,9 @@ SPOOLDIR='${prefix}/spool'
AC_ARG_WITH(spooldir, [ --with-spooldir=DIR spool directory is DIR (default ${prefix}/spool)], [SPOOLDIR="$withval"])
AC_SUBST(SPOOLDIR)
## to run wwsympa.fcgi without setuidperl
AC_ARG_ENABLE(secure, [ --enable-secure install wwsympa to be run in a secure mode, without suidperl (default disabled)])
AC_SUBST(enable_secure)
dnl Checks for programs.
AC_PROG_CC
......@@ -146,6 +149,9 @@ AC_SUBST(PERL)
AC_PATH_PROG(SUIDPERL, suidperl, /usr/bin/suidperl)
AC_SUBST(SUIDPERL)
AC_PATH_PROG(SUDO, sudo, /usr/bin/sudo)
AC_SUBST(SUDO)
AC_PATH_PROG(MHONARC, mhonarc, /usr/bin/mhonarc)
AC_ARG_WITH(mhonarc, [ --with-mhonarc=FULLPATH set full path to MhOnArc mail archiving system (default /usr/bin/mhonarc)], [MHONARC="$withval"])
AC_SUBST(MHONARC)
......
......@@ -67,7 +67,7 @@ version 5.2b.2
Olivier Sala&#252;n,
Christophe Wolfhugel,
</STRONG></P>
<P ALIGN="CENTER"><STRONG>31 March 2006</STRONG></P>
<P ALIGN="CENTER"><STRONG>05 April 2006</STRONG></P>
</DIV>
<P>
......@@ -512,7 +512,7 @@ version 5.2b.2
<BR><HR>
<ADDRESS>
root
2006-03-31
2006-04-05
</ADDRESS>
</BODY>
</HTML>
......@@ -1158,7 +1158,7 @@ Contents</A>
<BR><HR>
<ADDRESS>
root
2006-03-31
2006-04-05
</ADDRESS>
</BODY>
</HTML>
......@@ -139,19 +139,19 @@ WWSympa is <I>Sympa</I>'s web interface.
</H1>
<P>
<A NAME="8662"></A><I>WWSympa</I> is fully integrated with <I>Sympa</I>. It uses <A NAME="8666"></A><TT>sympa.conf</TT>
<A NAME="8677"></A><I>WWSympa</I> is fully integrated with <I>Sympa</I>. It uses <A NAME="8681"></A><TT>sympa.conf</TT>
and <I>Sympa</I>'s libraries. The default <I>Sympa</I> installation will also
install WWSympa.
<P>
Every single piece of HTML in <A NAME="8671"></A><I>WWSympa</I> is generated by the CGI code
Every single piece of HTML in <A NAME="8686"></A><I>WWSympa</I> is generated by the CGI code
using template files (See <A HREF="node17.html#tpl-format">16.1</A>, page&nbsp;<A HREF="node17.html#tpl-format"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>).
This facilitates internationalization of pages, as well as per-site
customization.
<P>
The code consists of one single PERL CGI script, <A NAME="8674"></A><TT>WWSympa.fcgi</TT>.
To enhance performance you can configure <A NAME="8677"></A><I>WWSympa</I> to use
The code consists of one single PERL CGI script, <A NAME="8689"></A><TT>WWSympa.fcgi</TT>.
To enhance performance you can configure <A NAME="8692"></A><I>WWSympa</I> to use
FastCGI ; the CGI will be persistent in memory.
<BR>
All data will be accessed through the CGI, including web archives.
......@@ -160,11 +160,11 @@ systematically.
<P>
Authentication is based on passwords stored in the database table
user_table ; if the appropriate <A NAME="8680"></A><TT>Crypt::CipherSaber</TT> is
user_table ; if the appropriate <A NAME="8695"></A><TT>Crypt::CipherSaber</TT> is
installed, password are encrypted in the database using reversible
encryption based on RC4. Otherwise they are stored in clear text.
In both cases reminding of passwords is possible.
To keep track of authentication information <A NAME="8683"></A><I>WWSympa</I>
To keep track of authentication information <A NAME="8698"></A><I>WWSympa</I>
uses HTTP cookies stored on the client side. The HTTP cookie only
indicates that a specified e-mail address has been authenticated ;
permissions are evaluated when an action is requested.
......@@ -174,7 +174,7 @@ The same web interface is used by the listmaster, list owners, subscribers and
others. Depending on permissions, the same URL may generate a different view.
<P>
<A NAME="8686"></A><I>WWSympa</I>'s main loop algorithm is roughly the following :
<A NAME="8701"></A><I>WWSympa</I>'s main loop algorithm is roughly the following :
<OL>
<LI>Check authentication information returned by
......@@ -212,24 +212,30 @@ others. Depending on permissions, the same URL may generate a different view.
</H2>
<P>
Because Sympa and WWSympa share a lot of files, <A NAME="8689"></A><TT>wwsympa.fcgi</TT>,
Because Sympa and WWSympa share a lot of files, <A NAME="8704"></A><TT>wwsympa.fcgi</TT>,
must run with the same
uid/gid as <A NAME="8692"></A><TT>archived.pl</TT>, <A NAME="8695"></A><TT>bounced.pl</TT> and <A NAME="8698"></A><TT>sympa.pl</TT>.
There are different ways to organize this :
uid/gid as <A NAME="8707"></A><TT>archived.pl</TT>, <A NAME="8710"></A><TT>bounced.pl</TT> and <A NAME="8713"></A><TT>sympa.pl</TT>.
There are different ways to achieve this :
<UL>
<LI>With some operating systems no special setup is required because
wwsympa.fcgi is installed with suid and sgid bits, but this will not work
if suid scripts are refused by your system.
<LI>SetuidPerl : this is the default method but might be insecure. If you don't set the <B>- -enable_secure</B> configure option,
<A NAME="8716"></A><TT>wwsympa.fcgi</TT> is installed with the SetUID bit set. On most you will need to install the suidperl package.
<P>
</LI>
<LI>Run a dedicated Apache server with sympa.sympa as uid.gid (The Apache default
is nobody.nobody)
<LI>Sudo : use <B>sudo</B> to run <A NAME="8719"></A><TT>wwsympa.fcgi</TT> as user sympa. Your Apache configuration should use <A NAME="8722"></A><TT>wwsympa_sudo_wrapper.pl</TT> instead
of <A NAME="8725"></A><TT>wwsympa.fcgi</TT>. You should edit your <A NAME="8728"></A><TT>/etc/sudoers</TT> file (with visudo command) as follows :<PRE>
apache ALL = (sympa NOPASSWD: /usr/local/sympa-os/bin/wwsympa.fcgi
</PRE>
<P>
</LI>
<LI>Dedicated Apache server : run a dedicated Apache server with sympa.sympa as uid.gid (The Apache default
is apache.apache).
<P>
</LI>
<LI>Use a Apache virtual host with sympa.sympa as uid.gid ; Apache
<LI>Apache suExec : use an Apache virtual host with sympa.sympa as uid.gid ; Apache
needs to be compiled with suexec. Be aware that the Apache suexec usually define a lowest
UID/GID allowed to be a target user for suEXEC. For most systems including binaries
distribution of Apache, the default value 100 is common.
......@@ -242,9 +248,9 @@ The User and Group directive have to be set before the FastCgiServer directive
<P>
</LI>
<LI>Otherwise, you can overcome restrictions on the execution of suid scripts
<LI>C wrapper : otherwise, you can overcome restrictions on the execution of suid scripts
by using a short C program, owned by sympa and with the suid bit set, to start
<A NAME="8701"></A><TT>wwsympa.fcgi</TT>. Here is an example (with no guarantee attached) :<PRE>
<A NAME="8731"></A><TT>wwsympa.fcgi</TT>. Here is an example (with no guarantee attached) :<PRE>
#include &lt;unistd.h&gt;
#define WWSYMPA "/usr/local/sympa-os/bin/wwsympa.fcgi"
......@@ -262,7 +268,7 @@ int main(int argn, char **argv, char **envp) {
<H2><A NAME="SECTION001022000000000000000">
9.2.2 Installing wwsympa.fcgi in your Apache server</A>
</H2>
If you chose to run <A NAME="8704"></A><TT>wwsympa.fcgi</TT> as a simple CGI, you simply need to
If you chose to run <A NAME="8734"></A><TT>wwsympa.fcgi</TT> as a simple CGI, you simply need to
script alias it.
<P><PRE>
......@@ -301,22 +307,22 @@ file.
<A NAME="tex2html21"
HREF="http://www.fastcgi.com/">FastCGI</A>
is an extention to CGI that provides persistency for CGI programs. It is extemely useful
with <A NAME="8707"></A><I>WWSympa</I> since source code interpretation and all initialisation tasks are performed only once, at server startup ; then
with <A NAME="8737"></A><I>WWSympa</I> since source code interpretation and all initialisation tasks are performed only once, at server startup ; then
file wwsympa.fcgi instances are waiting for clients requests.
<P>
<A NAME="8710"></A><I>WWSympa</I> can also work without FastCGI, depending on the <B>use_fast_cgi</B> parameter
<A NAME="8740"></A><I>WWSympa</I> can also work without FastCGI, depending on the <B>use_fast_cgi</B> parameter
(see <A HREF="#use-fastcgi">9.3.15</A>, page&nbsp;<A HREF="node10.html#use-fastcgi"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>).
<P>
To run <A NAME="8713"></A><I>WWSympa</I> with FastCGI, you need to install :
To run <A NAME="8743"></A><I>WWSympa</I> with FastCGI, you need to install :
<UL>
<LI><A NAME="8716"></A>mod_fastcgi : the Apache module that provides <A NAME="8717"></A>FastCGI features
<LI><A NAME="8746"></A>mod_fastcgi : the Apache module that provides <A NAME="8747"></A>FastCGI features
<P>
</LI>
<LI><A NAME="8718"></A><TT>FCGI</TT> : the Perl module used by <A NAME="8721"></A><I>WWSympa</I>
<LI><A NAME="8748"></A><TT>FCGI</TT> : the Perl module used by <A NAME="8751"></A><I>WWSympa</I>
<P>
</LI>
......@@ -338,7 +344,7 @@ To run <A NAME="8713"></A><I>WWSympa</I> with FastCGI, you need to install :
(Default value: <TT>/home/httpd/html/arc</TT>)
<BR>
Where to store html archives. This parameter is used
by the <A NAME="8725"></A><TT>archived.pl</TT> daemon. It is a good idea to install the archive
by the <A NAME="8755"></A><TT>archived.pl</TT> daemon. It is a good idea to install the archive
outside the web hierarchy to prevent possible back doors in the access control
powered by WWSympa. However, if Apache is configured with a chroot, you may
have to install the archive in the Apache directory tree.
......@@ -362,7 +368,7 @@ The default index organization when entering web archives : either threaded or
</H2>
(Default value: <TT>archived.pid</TT>)
<BR>
The file containing the PID of <A NAME="8730"></A><TT>archived.pl</TT>.
The file containing the PID of <A NAME="8760"></A><TT>archived.pl</TT>.
<P>
......@@ -372,7 +378,7 @@ The file containing the PID of <A NAME="8730"></A><TT>archived.pl</TT>.
(Default value: <TT>/var/bounce</TT>)
<BR>
Root directory for storing bounces (non-delivery reports). This parameter
is used mainly by the <A NAME="8734"></A><TT>bounced.pl</TT> daemon.
is used mainly by the <A NAME="8764"></A><TT>bounced.pl</TT> daemon.
<P>
......@@ -381,7 +387,7 @@ Root directory for storing bounces (non-delivery reports). This parameter
</H2>
(Default value: <TT>bounced.pid</TT>)
<BR>
The file containing the PID of <A NAME="8738"></A><TT>bounced.pl</TT>.
The file containing the PID of <A NAME="8768"></A><TT>bounced.pl</TT>.
<P>
......@@ -410,7 +416,7 @@ Domain for the HTTP cookies. If beginning with a dot ('.'),
cookie is available for any host within 'cru.fr' domain
</PRE>
The only reason for replacing the default value would be where
<A NAME="8743"></A><I>WWSympa</I>'s authentication process is shared with an application
<A NAME="8773"></A><I>WWSympa</I>'s authentication process is shared with an application
running on another host.
<P>
......@@ -474,7 +480,7 @@ Relative URL to the (superb) online html editor HTMLarea. If you have installed
(Default value: <TT>insensitive</TT>)
<BR>
If set to <B>insensitive</B>, WWSympa's password check will be insensitive.
This only concerns passwords stored in Sympa database, not the ones in <A NAME="8752"></A>LDAP.
This only concerns passwords stored in Sympa database, not the ones in <A NAME="8782"></A>LDAP.
<P>
<B>Be careful :</B> in previous 3.xx versions of Sympa, passwords were
......@@ -519,23 +525,23 @@ MhOnArc is a neat little converter from mime messages to html. Refer to
HREF="http://www.oac.uci.edu/indiv/ehood/mhonarc.html">http://www.oac.uci.edu/indiv/ehood/mhonarc.html</A>.
<P>
The long mhonarc resource file is used by <A NAME="8755"></A><I>WWSympa</I> in a particular way.
The long mhonarc resource file is used by <A NAME="8785"></A><I>WWSympa</I> in a particular way.
MhOnArc is called to produce not a complete html document, but only a part of it
to be included in a complete document (starting with <TT>&lt;</TT>HTML<TT>&gt;</TT> and terminating
with <TT>&lt;</TT>/HTML<TT>&gt;</TT> ;-) ).
The best way is to use the MhOnArc resource file
provided in the <A NAME="8758"></A><I>WWSympa</I> distribution and to modify it for your needs.
provided in the <A NAME="8788"></A><I>WWSympa</I> distribution and to modify it for your needs.
<P>
The mhonarc resource file is named <A NAME="8761"></A><TT>mhonarc-ressources</TT>.
The mhonarc resource file is named <A NAME="8791"></A><TT>mhonarc-ressources</TT>.
You may locate this file either in
<OL>
<LI><A NAME="8764"></A><TT>/usr/local/sympa-os/expl/mylist/mhonarc-ressources</TT>
<LI><A NAME="8794"></A><TT>/usr/local/sympa-os/expl/mylist/mhonarc-ressources</TT>
in order to create a specific archive look for a particular list
<P>
</LI>
<LI>or <A NAME="8767"></A><TT>/usr/local/sympa-os/etc/mhonarc-ressources</TT>
<LI>or <A NAME="8797"></A><TT>/usr/local/sympa-os/etc/mhonarc-ressources</TT>
<P>
</LI>
......@@ -546,11 +552,11 @@ You may locate this file either in
<H1><A NAME="SECTION001050000000000000000">
9.5 Archiving daemon</A>
</H1>
<A NAME="8770"></A><TT>archived.pl</TT> converts messages from <I>Sympa</I>'s spools
and calls <A NAME="8774"></A><TT>mhonarc</TT> to create html versions (whose location is defined by the
<A NAME="8800"></A><TT>archived.pl</TT> converts messages from <I>Sympa</I>'s spools
and calls <A NAME="8804"></A><TT>mhonarc</TT> to create html versions (whose location is defined by the
"arc_path" WWSympa parameter). You should probably install these archives
outside the <I>Sympa</I> home_dir (<I>Sympa</I>'s initial choice for storing mail archives :
<A NAME="8779"></A><TT>/usr/local/sympa-os/expl/mylist</TT>). Note that the html archive
<A NAME="8809"></A><TT>/usr/local/sympa-os/expl/mylist</TT>). Note that the html archive
contains a text version of each message and is totally separate from <I>Sympa</I>'s
main archive.
......@@ -570,23 +576,23 @@ main archive.
<P>
If web_archive is defined for a list, every message distributed by this list is copied
to <A NAME="8783"></A><TT>/usr/local/sympa-os/spool/outgoing/</TT>. (No need to create nonexistent subscribers to receive
to <A NAME="8813"></A><TT>/usr/local/sympa-os/spool/outgoing/</TT>. (No need to create nonexistent subscribers to receive
copies of messages). In this example disk quota for the archive is limited to 10 Mo.
<P>
</LI>
<LI>start <A NAME="8786"></A><TT>archived.pl</TT>.
<LI>start <A NAME="8816"></A><TT>archived.pl</TT>.
<I>Sympa</I> and Apache
<P>
</LI>
<LI>check <A NAME="8790"></A><I>WWSympa</I> logs, or alternatively, start <A NAME="8793"></A><TT>archived.pl</TT> in debug mode (-d).
<LI>check <A NAME="8820"></A><I>WWSympa</I> logs, or alternatively, start <A NAME="8823"></A><TT>archived.pl</TT> in debug mode (-d).
<P>
</LI>
<LI>If you change mhonarc resources and wish to rebuild the entire archive
using the new look defined for mhonarc, simply create an empty file named
".rebuild.mylist@myhost" in <A NAME="8796"></A><TT>/usr/local/sympa-os/spool/outgoing</TT>, and make sure that
".rebuild.mylist@myhost" in <A NAME="8826"></A><TT>/usr/local/sympa-os/spool/outgoing</TT>, and make sure that
the owner of this file is <I>Sympa</I>.
<P><PRE>
......@@ -595,7 +601,7 @@ the owner of this file is <I>Sympa</I>.
You can also rebuild web archives from within the admin page of the list.
<P>
Furthermore, if you want to get list's archives, you can do it via the <A NAME="8800"></A><TT> List-admin menu-&gt; Archive Management</TT>
Furthermore, if you want to get list's archives, you can do it via the <A NAME="8830"></A><TT> List-admin menu-&gt; Archive Management</TT>
</LI>
</OL>
......@@ -606,7 +612,7 @@ Furthermore, if you want to get list's archives, you can do it via the <A NAME="
</H1>
<P>
<A NAME="8803"></A><I>WWSympa</I> needs an RDBMS (Relational Database Management System) in order to
<A NAME="8833"></A><I>WWSympa</I> needs an RDBMS (Relational Database Management System) in order to
run. All database access is performed via the <I>Sympa</I> API. <I>Sympa</I>
currently interfaces with <A NAME="tex2html24"
HREF="http://www.mysql.net/">MySQL</A>,
......@@ -623,14 +629,14 @@ and <A NAME="tex2html28"
A database is needed to store user passwords and preferences.
The database structure is documented in the <I>Sympa</I> documentation ;
scripts for creating it are also provided with the <I>Sympa</I> distribution
(in <A NAME="8810"></A><TT>script</TT>).
(in <A NAME="8840"></A><TT>script</TT>).
<P>
User information (password and preferences) are stored in the &#171;User&#187; table.
User passwords stored in the database are encrypted using reversible
RC4 encryption controlled with the <A NAME="8813"></A><TT>cookie</TT> parameter,
since <A NAME="8816"></A><I>WWSympa</I> might need to remind users of their passwords.
The security of <A NAME="8819"></A><I>WWSympa</I> rests on the security of your database.
RC4 encryption controlled with the <A NAME="8843"></A><TT>cookie</TT> parameter,
since <A NAME="8846"></A><I>WWSympa</I> might need to remind users of their passwords.
The security of <A NAME="8849"></A><I>WWSympa</I> rests on the security of your database.
<P>
......@@ -643,9 +649,9 @@ Once <I>Sympa</I> is running you should log in on the web interface as a privile
to explore the admin interface, create mailing lists.
<P>
Multiple email addresses can be declared as listmaster via the <A NAME="8823"></A><TT>sympa.conf</TT> (or <A NAME="8826"></A><TT>robot.conf</TT>)
<A NAME="8829"></A><TT>listmaster</TT> configuration parameter (see <A HREF="node8.html#exp-admin">7</A>, page&nbsp;<A HREF="node8.html#exp-admin"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>). Note
that listmasters on the main robot (declared in <A NAME="8832"></A><TT>sympa.conf</TT>) also have listmaster privileges on
Multiple email addresses can be declared as listmaster via the <A NAME="8853"></A><TT>sympa.conf</TT> (or <A NAME="8856"></A><TT>robot.conf</TT>)
<A NAME="8859"></A><TT>listmaster</TT> configuration parameter (see <A HREF="node8.html#exp-admin">7</A>, page&nbsp;<A HREF="node8.html#exp-admin"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>). Note
that listmasters on the main robot (declared in <A NAME="8862"></A><TT>sympa.conf</TT>) also have listmaster privileges on
the virtual hosts but they will not receive the various mail notifications (list creation, warnings,...)
regarding these virtual hosts.
......@@ -656,7 +662,7 @@ the <B>Send me a password</B> button on the web interface. As for any user, the
<B>Preferenced</B> menu.
<P>
Note that you must start the <A NAME="8836"></A><TT>sympa.pl</TT> process with the web interface ; it is in responsible for delivering
Note that you must start the <A NAME="8866"></A><TT>sympa.pl</TT> process with the web interface ; it is in responsible for delivering
mail messages including password reminders.
<P>
......@@ -692,7 +698,7 @@ mail messages including password reminders.
<!--End of Navigation Panel-->
<ADDRESS>
root
2006-03-31
2006-04-05
</ADDRESS>
</BODY>
</HTML>
......@@ -76,14 +76,14 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<HR>
<H1><A NAME="SECTION001100000000000000000"></A>
<A NAME="rss"></A><A NAME="1562"></A>
<A NAME="rss"></A><A NAME="1574"></A>
<BR>
10. Sympa RSS channel
</H1>
<P>
This service is provided by <A NAME="8839"></A><I>WWSympa</I> (<I>Sympa</I>'s web interface).
Here is the root of <A NAME="8843"></A><I>WWSympa</I>'s rss channel :
This service is provided by <A NAME="8869"></A><I>WWSympa</I> (<I>Sympa</I>'s web interface).
Here is the root of <A NAME="8873"></A><I>WWSympa</I>'s rss channel :
<BR>
<P>
(Default value: <TT>http://<TT>&lt;</TT>host<TT>&gt;</TT>/wws/rss</TT>)
......@@ -91,23 +91,23 @@ Here is the root of <A NAME="8843"></A><I>WWSympa</I>'s rss channel :
Example: <TT>https://my.server/wws/rss</TT>
<P>
The access control of RSS queries proceed on the same way as <A NAME="8850"></A><I>WWSympa</I> actions referred to.
The access control of RSS queries proceed on the same way as <A NAME="8880"></A><I>WWSympa</I> actions referred to.
<I>Sympa</I> provides the following RSS features :
<UL>
<LI>the latest created lists on a robot (<A NAME="8854"></A><TT>latest_lists</TT>) ;
<LI>the latest created lists on a robot (<A NAME="8884"></A><TT>latest_lists</TT>) ;
</LI>
<LI>the most active lists on a robot(<A NAME="8857"></A><TT>active_lists</TT>) ;
<LI>the most active lists on a robot(<A NAME="8887"></A><TT>active_lists</TT>) ;
</LI>
<LI>the latest messages of a list (<A NAME="8860"></A><TT>active_arc</TT>) ;
<LI>the latest messages of a list (<A NAME="8890"></A><TT>active_arc</TT>) ;
</LI>
<LI>the latest shared documents of a list (<A NAME="8863"></A><TT>latest_d_read</TT>) ;
<LI>the latest shared documents of a list (<A NAME="8893"></A><TT>latest_d_read</TT>) ;
</LI>
</UL>
<P>
<H1><A NAME="SECTION001110000000000000000"></A><A NAME="8866"></A>
<H1><A NAME="SECTION001110000000000000000"></A><A NAME="8896"></A>
<BR>
10.1 <TT>latest_lists</TT>
</H1>
......@@ -129,10 +129,10 @@ This provides the 6 latest created lists with topic ``computing''.
Parameters :
<UL>
<LI><A NAME="8871"></A><TT>for</TT> : period of interest (expressed in days). This is a CGI parameter. It is optional but one of the two parameters
<LI><A NAME="8901"></A><TT>for</TT> : period of interest (expressed in days). This is a CGI parameter. It is optional but one of the two parameters
``for'' or ``count'' is required.
</LI>
<LI><A NAME="8874"></A><TT>count</TT> : maximum number of expected records. This is a CGI parameter. It is optional but one of the two parameters
<LI><A NAME="8904"></A><TT>count</TT> : maximum number of expected records. This is a CGI parameter. It is optional but one of the two parameters
``for'' or ``count'' is required.
</LI>
<LI>topic : the topic is indicated in the path info (see example below with topic computing).
......@@ -142,7 +142,7 @@ Parameters :
<P>
<H1><A NAME="SECTION001120000000000000000"></A><A NAME="8877"></A>
<H1><A NAME="SECTION001120000000000000000"></A><A NAME="8907"></A>
<BR>
10.2 <TT>active_lists</TT>
</H1>
......@@ -164,10 +164,10 @@ This provides the 6 most active lists with topic ``computing''.
Parameters :
<UL>
<LI><A NAME="8882"></A><TT>for</TT> : period of interest (expressed in days). This is a CGI parameter. It is optional but one of the two parameters
<LI><A NAME="8912"></A><TT>for</TT> : period of interest (expressed in days). This is a CGI parameter. It is optional but one of the two parameters
``for'' or ``count'' is required.
</LI>
<LI><A NAME="8885"></A><TT>count</TT> : maximum number of expected records. This is a CGI parameter. It is optional but one of the two parameters