Difference between revisions of "Configuring Apache without changing User and Group"
(Added instructions for installing EPrints without changing Apache's User or Group) |
(Fixed typo and improved SPAG) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Instructions for installing EPrints on [[Installing_EPrints_on_RHEL/Fedora/CentOS|Red Hat based]] or [[Installing_EPrints_on_Debian/Ubuntu|Debian based]] Linux operating systems advises that you reconfigure Apache's configuration to set the Apache <tt>User</tt> and <tt>Group</tt> to <tt>eprints</tt> | + | Instructions for installing EPrints on [[Installing_EPrints_on_RHEL/Fedora/CentOS|Red Hat based]] or [[Installing_EPrints_on_Debian/Ubuntu|Debian based]] Linux operating systems advises that you reconfigure Apache's configuration to set the Apache <tt>User</tt> and <tt>Group</tt> to <tt>eprints</tt> rather than <tt>apache</tt> (for Red Hat based Linux) or <tt>www-data</tt> (for Debian based Linux, where these settings are defined as <tt>APACHE_RUN_USER</tt> and <tt>APACHE_RUN_GROUP</tt>). It is not absolutely necessary to set <tt>eprints</tt> as the Apache <tt>User</tt> and <tt>Group</tt> but if you choose not to do this, the alternative configuration is somewhat more complex and may still lead to certain EPrints functionality not working as expected. Particularly functionality provided by Bazaar plugins or as a result of bespoke configuration. |
| − | If you choose to not configure <tt>eprints</tt> as the Apache <tt>User</tt> and <tt>Group</tt> you need to perform the following steps instead. If you want to make these changes to an existing EPrints repository, it is | + | If you choose to not configure <tt>eprints</tt> as the Apache <tt>User</tt> and <tt>Group</tt> you need to perform the following steps instead. '''If you want to make these changes to an existing EPrints repository, it is strongly recommended that you do this on a pre-production or test system first.''' This will allow you to test and fix any snags before changing your production system. |
| − | 1. | + | 1. As the root user, add the <tt>eprints</tt> user to the <tt>apache</tt> or <tt>www-data</tt> group, (depending on the Linux OS you are running). |
usermod -a -G apache eprints | usermod -a -G apache eprints | ||
usermod -a -G www-data eprints | usermod -a -G www-data eprints | ||
| − | 2. | + | 2. As the root user, add the <tt>apache</tt> or <tt>www-data</tt> user, (depending on the Linux OS you are running), to the <tt>eprints</tt> group. |
usermod -a -G eprints apache | usermod -a -G eprints apache | ||
usermod -a -G eprints www-data | usermod -a -G eprints www-data | ||
| − | 3. Ensure that all the files and directories have the same permissions for the group as for the user. If you are just starting | + | 3. Ensure that all the files and directories have the same permissions for the group as for the user. If you are just starting your EPrints installation this can be achieved by running one of the following commands as the root user. (The former command is already in the main installation instructions. Use the latter command if you do not want users other to be able to read EPrints code, configuration or uploaded files). |
| + | chmod 2775 /opt/eprints3 | ||
chmod 2770 /opt/eprints3 | chmod 2770 /opt/eprints3 | ||
| − | + | If you already have an EPrints repository, changing permissions is slightly more difficult. In theory, it should suffice to just run (as the root user) the following command to add group write permissions to all files and directories. (This may take some time if you have a lot of items in your archive). | |
| − | If you already have an EPrints repository changing | ||
chmod -R g+w /opt/eprints3 | chmod -R g+w /opt/eprints3 | ||
| − | However, depending on how your permissions are | + | However, depending on how your permissions are currently set, this may not be sufficient and therefore is not recommended to follow the instructions on this page unless you have a good understanding of Linux filesystem permissions and how to use Apache's error logs to debug any issues that may result of following these instructions. |
| − | 4. If you previously configured to use <tt>eprints</tt> as the Apache <tt>User</tt> and <tt>Group</tt>, change these back to their original values (e.g. <tt>apache</tt> in | + | 4. If you previously configured to use <tt>eprints</tt> as the Apache <tt>User</tt> and <tt>Group</tt>, change these back to their original values (e.g. <tt>apache</tt> in <tt>/etc/httpd/conf/httpd.conf</tt> for Red Hat based Linux and <tt>www-data</tt> in <tt>/etc/apache2/envvars</tt> for Debian based Linux). |
| − | 5. | + | 5. As the root user, check your Apache configuration is still valid and then restart Apache. (Use <tt>apache2ctl</tt> rather than <tt>apachectl</tt> for Debian based Linux). |
apachectl configtest | apachectl configtest | ||
apachectl restart | apachectl restart | ||
| − | 6. Particularly if you are changing an existing EPrints repository | + | 6. Particularly if you are changing an pre-existing EPrints repository, thoroughly test all your repository's functionality. In particular, any functionality that interacts with other applications or services. E.g. |
| − | * Logging into your repository, particularly if you don't use local authentication (e.g. you use LDAP, Shibboleth, etc.) | + | * Logging into your repository, particularly if you don't generally use local authentication (e.g. you use LDAP, Shibboleth, etc.) |
* Creating new eprint records. | * Creating new eprint records. | ||
* Uploading and downloading documents. | * Uploading and downloading documents. | ||
| − | * Check that abstract pages update | + | * Check that abstract pages update after changing eprint records. |
* Check browse view menus update after running <tt>epadmin refresh_views</tt> | * Check browse view menus update after running <tt>epadmin refresh_views</tt> | ||
* Searching for items. Particularly those newly added since following these instructions. | * Searching for items. Particularly those newly added since following these instructions. | ||
| Line 34: | Line 34: | ||
* Starting and stopping the EPrints Indexer. | * Starting and stopping the EPrints Indexer. | ||
* Sending a test email. | * Sending a test email. | ||
| − | * Any bespoke | + | * Any Bazaar plugins or bespoke functionality you have added to your EPrints repository. |
| − | If everything is working as expected, then you are done. If you | + | If everything is working as expected, then you are done. If you encounter any problems, try using Apache's error logs to debug and update the files with incorrect permissions. If some functionality is still broken, then you may want to revert. It should be sufficient to just change the Apache <tt>User</tt> and <tt>Group</tt> back to <tt>eprints</tt> and restart Apache. |
Latest revision as of 11:33, 23 February 2024
Instructions for installing EPrints on Red Hat based or Debian based Linux operating systems advises that you reconfigure Apache's configuration to set the Apache User and Group to eprints rather than apache (for Red Hat based Linux) or www-data (for Debian based Linux, where these settings are defined as APACHE_RUN_USER and APACHE_RUN_GROUP). It is not absolutely necessary to set eprints as the Apache User and Group but if you choose not to do this, the alternative configuration is somewhat more complex and may still lead to certain EPrints functionality not working as expected. Particularly functionality provided by Bazaar plugins or as a result of bespoke configuration.
If you choose to not configure eprints as the Apache User and Group you need to perform the following steps instead. If you want to make these changes to an existing EPrints repository, it is strongly recommended that you do this on a pre-production or test system first. This will allow you to test and fix any snags before changing your production system.
1. As the root user, add the eprints user to the apache or www-data group, (depending on the Linux OS you are running).
usermod -a -G apache eprints usermod -a -G www-data eprints
2. As the root user, add the apache or www-data user, (depending on the Linux OS you are running), to the eprints group.
usermod -a -G eprints apache usermod -a -G eprints www-data
3. Ensure that all the files and directories have the same permissions for the group as for the user. If you are just starting your EPrints installation this can be achieved by running one of the following commands as the root user. (The former command is already in the main installation instructions. Use the latter command if you do not want users other to be able to read EPrints code, configuration or uploaded files).
chmod 2775 /opt/eprints3 chmod 2770 /opt/eprints3
If you already have an EPrints repository, changing permissions is slightly more difficult. In theory, it should suffice to just run (as the root user) the following command to add group write permissions to all files and directories. (This may take some time if you have a lot of items in your archive).
chmod -R g+w /opt/eprints3
However, depending on how your permissions are currently set, this may not be sufficient and therefore is not recommended to follow the instructions on this page unless you have a good understanding of Linux filesystem permissions and how to use Apache's error logs to debug any issues that may result of following these instructions.
4. If you previously configured to use eprints as the Apache User and Group, change these back to their original values (e.g. apache in /etc/httpd/conf/httpd.conf for Red Hat based Linux and www-data in /etc/apache2/envvars for Debian based Linux).
5. As the root user, check your Apache configuration is still valid and then restart Apache. (Use apache2ctl rather than apachectl for Debian based Linux).
apachectl configtest apachectl restart
6. Particularly if you are changing an pre-existing EPrints repository, thoroughly test all your repository's functionality. In particular, any functionality that interacts with other applications or services. E.g.
- Logging into your repository, particularly if you don't generally use local authentication (e.g. you use LDAP, Shibboleth, etc.)
- Creating new eprint records.
- Uploading and downloading documents.
- Check that abstract pages update after changing eprint records.
- Check browse view menus update after running epadmin refresh_views
- Searching for items. Particularly those newly added since following these instructions.
- Adding/editing phrases in the phrase editor.
- Starting and stopping the EPrints Indexer.
- Sending a test email.
- Any Bazaar plugins or bespoke functionality you have added to your EPrints repository.
If everything is working as expected, then you are done. If you encounter any problems, try using Apache's error logs to debug and update the files with incorrect permissions. If some functionality is still broken, then you may want to revert. It should be sufficient to just change the Apache User and Group back to eprints and restart Apache.
