From 4472e9238f0116468871dc40a6c5c1148f6d2271 Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Sat, 7 Mar 2020 09:40:50 +0000 Subject: [PATCH] Finish formatting the "server" chapter git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22813 af4574ff-66df-0310-9fd7-8a98e5e911e0 --- server/databases/lmdb.xml | 6 +- server/databases/mariadb.xml | 11 +- server/databases/postgresql.xml | 444 +++++++++++++++++++------------- server/mail/exim.xml | 2 +- server/mail/postfix.xml | 2 +- server/mail/sendmail.xml | 2 +- server/major/apache.xml | 10 +- server/major/bind.xml | 378 +++++++++++++++++---------- server/major/major.xml | 6 +- server/major/proftpd.xml | 178 ++++++++----- server/major/vsftpd.xml | 196 ++++++++------ server/other/unbound.xml | 2 +- 12 files changed, 776 insertions(+), 461 deletions(-) diff --git a/server/databases/lmdb.xml b/server/databases/lmdb.xml index a98943e9cc..ba2bc6df00 100644 --- a/server/databases/lmdb.xml +++ b/server/databases/lmdb.xml @@ -81,7 +81,11 @@ Installation of lmdb - This package extracts to lmdb-LMDB_&lmdb-version;. + + + This package extracts to lmdb-LMDB_&lmdb-version;. + + Install lmdb by running the following diff --git a/server/databases/mariadb.xml b/server/databases/mariadb.xml index 2438778925..3e63ff3a0d 100644 --- a/server/databases/mariadb.xml +++ b/server/databases/mariadb.xml @@ -72,9 +72,14 @@ - The installed size of MariaDB is 473 MB, but this can be - reduced by about 200 MB, if desired, by removing the /usr/share/mysql/test - directory after installation. + + + The installed size of MariaDB is 473 MB, but this can be + reduced by about 200 MB, if desired, by removing the /usr/share/mysql/test + directory after installation. + + MariaDB Dependencies diff --git a/server/databases/postgresql.xml b/server/databases/postgresql.xml index 6a6e185a87..4ced76b498 100644 --- a/server/databases/postgresql.xml +++ b/server/databases/postgresql.xml @@ -30,31 +30,45 @@ Introduction to PostgreSQL - PostgreSQL is an advanced - object-relational database management system (ORDBMS), derived - from the Berkeley Postgres database management system. + + PostgreSQL is an advanced + object-relational database management system (ORDBMS), derived + from the Berkeley Postgres database management system. + &lfs91_checked; Package Information - Download (HTTP): + + Download (HTTP): + - Download (FTP): + + Download (FTP): + - Download MD5 sum: &postgresql-md5sum; + + Download MD5 sum: &postgresql-md5sum; + - Download size: &postgresql-size; + + Download size: &postgresql-size; + - Estimated disk space required: &postgresql-buildsize; + + Estimated disk space required: &postgresql-buildsize; + - Estimated build time: &postgresql-time; + + Estimated build time: &postgresql-time; + @@ -100,13 +114,19 @@ useradd -c "PostgreSQL Server" -g postgres -d /srv/pgsql/data \ -u 41 postgres - There are several configuration items that add additional - functionality with optional packages to - PostgreSQL. Use ./configure - --help to see a list. + + + There are several configuration items that add additional + functionality with optional packages to + PostgreSQL. Use ./configure + --help to see a list. + + - Install PostgreSQL with the - following commands: + + Install PostgreSQL with the + following commands: + sed -i '/DEFAULT_PGSOCKET_DIR/s@/tmp@/run/postgresql@' src/include/pg_config_manual.h && @@ -115,55 +135,61 @@ useradd -c "PostgreSQL Server" -g postgres -d /srv/pgsql/data \ --docdir=/usr/share/doc/postgresql-&postgresql-version; && make - There are a number of programs in the - contrib/ directory. If you are going - to run this installation as a server and wish to build some of them, enter - make -C contrib or - make -C contrib/<SUBDIR-NAME> for each subdirectory. + + There are a number of programs in the + contrib/ directory. If you are + going to run this installation as a server and wish to build some of + them, enter make -C contrib or make -C + contrib/<SUBDIR-NAME> for + each subdirectory. - Tests must be run as an unprivileged user because they need to start a - temporary server and this is prevented as the root user. For the same reason, - you need to stop all PostgreSQL servers if any are running. If a previous - version of PostgreSQL is installed, it may be necessary to use - --disable-rpath with configure to - avoid failures, but installing the binaries created using this - switch is not recommended. To test the results, issue: - make check. + + Tests must be run as an unprivileged user because they need to start a + temporary server and this is prevented as the root user. For the same + reason, you need to stop all PostgreSQL servers if any are running. If a + previous version of PostgreSQL is installed, it may be necessary to use + --disable-rpath with configure to + avoid failures, but installing the binaries created using this + switch is not recommended. To test the results, issue: + make check. + - Now, as the root user: + + Now, as the root user: + make install && make install-docs - If you made any of the contrib/ - programs, as the root user: + + If you made any of the contrib/ + programs, as the root user: + make -C contrib/<SUBDIR-NAME> install - If you only intend to use - PostgreSQL as a client to connect to a server on - another machine, your installation is complete and you should not run the - remaining commands. + + + If you only intend to use PostgreSQL as a + client to connect to a server on another machine, your installation is + complete and you should not run the remaining commands. + + - - - - Initialize a database cluster with the following commands issued by the - root user: + + Initialize a database cluster with the following commands issued by the + root user: + install -v -dm700 /srv/pgsql/data && install -v -dm755 /run/postgresql && chown -Rv postgres:postgres /srv/pgsql /run/postgresql - Now, initialize the database as the root user: + + Now, initialize the database as the root user: + su - postgres -c '/usr/bin/initdb -D /srv/pgsql/data' @@ -180,25 +206,31 @@ chown -Rv postgres:postgres /srv/pgsql /run/postgresql that they can work reliably-->. - --docdir=/usr/share/doc/postgresql-&postgresql-version;: - This switch puts the documentation in a versioned directory. - - --enable-thread-safety: This switch makes the - client libraries thread-safe by allowing concurrent threads in - libpq and ECPG programs to safely - control their private connection handles. - - : builds the package with support for - OpenSSL encrypted connections. - - : builds the PL/Perl server-side language. + + --enable-thread-safety: This switch makes the + client libraries thread-safe by allowing concurrent threads in + libpq and ECPG programs to + safely control their private connection handles. - : builds the PL/Python server-side - language. Add PYTHON=/usr/bin/python2 for Python2 support, otherwise - Python3 is used by default. + + : builds the package with support for + OpenSSL encrypted connections. + - : builds the PL/Tcl server-side language. + + : builds the PL/Perl server-side language. + + + + : builds the PL/Python server-side + language. Add PYTHON=/usr/bin/python2 for Python2 support, otherwise + Python3 is used by default. + + + + : builds the PL/Tcl server-side language. + @@ -208,9 +240,11 @@ chown -Rv postgres:postgres /srv/pgsql /run/postgresql Config Files - $PGDATA/pg_ident.con, - $PGDATA/pg_hba.conf and - $PGDATA/postgresql.conf + + $PGDATA/pg_ident.con, + $PGDATA/pg_hba.conf, and + $PGDATA/postgresql.conf + $PGDATA/pg_indent.con @@ -224,14 +258,16 @@ chown -Rv postgres:postgres /srv/pgsql /run/postgresql $PGDATA/postgresql.conf - The PGDATA environment variable is used to - distinguish database clusters from one another by setting it to - the value of the directory which contains the cluster desired. - The three configuration files exist in every PGDATA/ directory. Details on the - format of the files and the options that can be set in each can - be found in . + + The PGDATA environment variable is used to + distinguish database clusters from one another by setting it to + the value of the directory which contains the cluster desired. + The three configuration files exist in every PGDATA/ directory. Details on the + format of the files and the options that can be set in each can + be found in + /usr/share/doc/postgresql-&postgresql-version;/html/index.html. + @@ -239,13 +275,15 @@ chown -Rv postgres:postgres /srv/pgsql /run/postgresql <phrase revision="sysv">Boot Script</phrase> <phrase revision="systemd">Systemd Unit</phrase> - Install the - /etc/rc.d/init.d/postgresql - init script - postgresql.service - unit included in the - - package. + + Install the + /etc/rc.d/init.d/postgresql + init script + postgresql.service + unit included in the + + package: + postgresql @@ -292,8 +330,8 @@ echo "insert into t1 values ('Jesse', 'Ontario');" \ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') - When you are done with testing, you can shut down the server, by issuing - as root: + When you are done with testing, you can shut down the server, by + issuing as root: su - postgres -c "/usr/bin/pg_ctl stop -D /srv/pgsql/data" @@ -345,8 +383,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') clusterdb - is a utility for reclustering tables in a - PostgreSQL database. + + is a utility for reclustering tables in a + PostgreSQL database. + clusterdb @@ -356,30 +396,23 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') createdb - creates a new PostgreSQL - database. + + creates a new PostgreSQL + database. + createdb - - createuser - defines a new PostgreSQL - user account. + + defines a new PostgreSQL + user account. + createuser @@ -389,29 +422,21 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') dropdb - removes a PostgreSQL database. + + removes a PostgreSQL database. + dropdb - - dropuser - removes a PostgreSQL - user account. + + removes a PostgreSQL user account. + dropuser @@ -421,7 +446,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') ecpg - is the embedded SQL preprocessor. + + is the embedded SQL preprocessor. + ecpg @@ -431,7 +458,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') initdb - creates a new database cluster. + + creates a new database cluster. + initdb @@ -441,8 +470,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') oid2name - resolves OIDs (Object IDs) and file nodes in a PostgreSQL data - directory. + + resolves OIDs (Object IDs) and file nodes in a PostgreSQL data + directory. + oid2name @@ -452,7 +483,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_archivecleanup - cleans up PostgreSQL WAL (write-ahead log) archive files. + + cleans up PostgreSQL WAL (write-ahead log) archive files. + pg_archivecleanup @@ -462,8 +495,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_basebackup - takes base backups of a running - PostgreSQL cluster. + + takes base backups of a running + PostgreSQL cluster. + pg_basebackup @@ -473,8 +508,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_config - retrieves PostgreSQL version - information. + + retrieves PostgreSQL version + information. + pg_config @@ -484,9 +521,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_controldata - returns information initialized during - initdb, such as the catalog version and server - locale. + + returns information initialized during initdb, + such as the catalog version and server locale. + pg_controldata @@ -496,7 +534,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_ctl - controls stopping and starting the database server. + + controls stopping and starting the database server. + pg_ctl @@ -506,8 +546,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_dump - dumps database data and metadata into scripts which are used - to recreate the database. + + dumps database data and metadata into scripts which are used + to recreate the database. + pg_dump @@ -517,8 +559,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_dumpall - recursively calls pg_dump for each - database in a cluster. + + recursively calls pg_dump for each + database in a cluster. + pg_dumpall @@ -528,7 +572,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_isready - check the connection status of a PostgreSQL server. + + checks the connection status of a PostgreSQL server. + pg_isready @@ -550,7 +596,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_recvlogical - controls PostgreSQL logical decoding streams. + + controls PostgreSQL logical decoding streams. + pg_recvlogical @@ -560,8 +608,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_resetwal - resets the write-ahead log and other control information - of a PostgreSQL database cluseter. + + resets the write-ahead log and other control information + of a PostgreSQL database cluster. + pg_resetwal @@ -571,8 +621,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_restore - creates databases from dump files created by - pg_dump. + + creates databases from dump files created by + pg_dump. + pg_restore @@ -582,8 +634,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_rewind - synchronizes a PostgreSQL data directory with another data - directory that was forked from the first one. + + synchronizes a PostgreSQL data directory with another data + directory that was forked from the first one. + pg_rewind @@ -593,8 +647,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_standby - supports the creation of a PostgreSQL warm standby - server. + + supports the creation of a PostgreSQL warm standby server. + pg_standby @@ -604,7 +659,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_test_fsync - determine fastest wal_sync method for PostgreSQL. + + determines fastest wal_sync method for PostgreSQL. + pg_test_fsync @@ -614,7 +671,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_test_timing - measure timing overhead. + + measures timing overhead. + pg_test_timing @@ -624,7 +683,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_upgrade - upgrade a PostgreSQL server instance. + + upgrades a PostgreSQL server instance. + pg_upgrade @@ -634,8 +695,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pg_waldump - display a human-readable rendering of the write-ahead log of a - PostgreSQL database cluster. + + displays a human-readable rendering of the write-ahead log of a + PostgreSQL database cluster. + pg_waldump @@ -645,7 +708,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pgbench - run a benchmark test on PostgreSQL. + + runs a benchmark test on PostgreSQL. + pgbench @@ -655,11 +720,13 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pltcl_delmod - is a support script used to delete a module from a - PL/Tcl table. The command - requires the Pgtcl - package to be installed also. + + is a support script used to delete a module from a + PL/Tcl table. The command + requires the Pgtcl + package to be installed also. + pltcl_delmod @@ -669,11 +736,13 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pltcl_listmod - is a support script used to list the modules in a - PL/Tcl table. The command - requires the Pgtcl - package to be installed also. + + is a support script used to list the modules in a + PL/Tcl table. The command + requires the Pgtcl + package to be installed also. + pltcl_listmod @@ -683,11 +752,13 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') pltcl_loadmod - is a support script used to load a module into a - PL/Tcl table. The command - requires the Pgtcl - package to be installed also. + + is a support script used to load a module into a + PL/Tcl table. The command + requires the Pgtcl + package to be installed also. + pltcl_loadmod @@ -697,7 +768,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') postgres - is the PostgreSQL database server. + + is the PostgreSQL database server. + postgres @@ -707,8 +780,10 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') postmaster - (deprecated, a symlink to postgres) is a - multi-user database daemon. + + (deprecated, a symlink to postgres) is a + multi-user database daemon. + postmaster @@ -718,7 +793,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') psql - is a console based database shell. + + is a console based database shell. + psql @@ -728,7 +805,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') reindexdb - is a utility for rebuilding indexes in a database. + + is a utility for rebuilding indexes in a database. + reindexdb @@ -738,8 +817,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') vacuumdb - compacts databases and generates statistics for the query - analyzer. + + compacts databases and generates statistics for the query analyzer. + vacuumdb @@ -749,7 +829,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') vacuumlo - remove orphaned large objects from a PostgreSQL database. + + removes orphaned large objects from a PostgreSQL database. + vacuumlo @@ -759,7 +841,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') libecpg.{so,a} - contains functions to support embedded SQL in C programs. + + contains functions to support embedded SQL in C programs. + libecpg.{so,a} @@ -769,7 +853,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') libecpg_compat.{so,a} - is the ecpg compatibility library. + + is the ecpg compatibility library. + libecpg_compat.{so,a} @@ -779,7 +865,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') libgport.a - is the port-specific subsystem of the Postgres backend. + + is the port-specific subsystem of the Postgres backend. + libgport.a @@ -789,7 +877,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') libpgtypes.{so,a} - contains functions for dealing with Postgres data types. + + contains functions for dealing with Postgres data types. + libpgtypes.{so,a} @@ -799,7 +889,9 @@ echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') libpq.{so,a} - is the C programmer's API to Postgres. + + is the C programmer's API to Postgres. + libpq.{so,a} diff --git a/server/mail/exim.xml b/server/mail/exim.xml index 7a78ad8198..374884c7b1 100644 --- a/server/mail/exim.xml +++ b/server/mail/exim.xml @@ -414,7 +414,7 @@ exim -v -bi && exim.service unit included in the - package. + package: diff --git a/server/mail/postfix.xml b/server/mail/postfix.xml index 2568d02d23..e36b32a4a3 100644 --- a/server/mail/postfix.xml +++ b/server/mail/postfix.xml @@ -437,7 +437,7 @@ EOF postfix.service unit included in the - package. + package: diff --git a/server/mail/sendmail.xml b/server/mail/sendmail.xml index b94ca300f7..83e8e2671c 100644 --- a/server/mail/sendmail.xml +++ b/server/mail/sendmail.xml @@ -336,7 +336,7 @@ m4 m4/cf.m4 sendmail.mc > sendmail.cf sendmail.service unit included in the - package. + package: diff --git a/server/major/apache.xml b/server/major/apache.xml index 1e80183d2b..1df815ac9f 100644 --- a/server/major/apache.xml +++ b/server/major/apache.xml @@ -162,8 +162,12 @@ make Now, as the root user: - This package does not install properly using DESTDIR - techniques as an unpriviledged user. + + + This package does not install properly using DESTDIR + techniques as an unpriviledged user. + + make install && @@ -282,7 +286,7 @@ chown -v -R apache:apache /srv/www httpd.service unit included in the - package. + package: diff --git a/server/major/bind.xml b/server/major/bind.xml index 2b982c90f2..494109524e 100644 --- a/server/major/bind.xml +++ b/server/major/bind.xml @@ -29,40 +29,55 @@ Introduction to BIND - The BIND package provides a DNS server - and client utilities. If you are only interested in the utilities, refer - to the . + + The BIND package provides a DNS server + and client utilities. If you are only interested in the utilities, refer + to the . + &lfs91_checked; Package Information - Download (HTTP): + + Download (HTTP): + - Download (FTP): + + Download (FTP): + - Download MD5 sum: &bind-md5sum; + + Download MD5 sum: &bind-md5sum; + - Download size: &bind-size; + + Download size: &bind-size; + - Estimated disk space required: &bind-buildsize; + + Estimated disk space required: &bind-buildsize; + - Estimated build time: &bind-time; + + Estimated build time: &bind-time; + @@ -115,20 +130,26 @@ Installation of BIND - To ensure BIND will build dnssec-keymgr, - install a python module as the root user: + + To ensure BIND will build dnssec-keymgr, + install a python module as the root user: + pip3 install ply - Install BIND by running the - following commands: + + Install BIND by running the + following commands: + ./configure --prefix=/usr \ --sysconfdir=/etc \ @@ -138,32 +159,44 @@ --disable-static && make - Issue the following commands to run the complete suite of tests. - First, as the root user, set up - some test interfaces: + + Issue the following commands to run the complete suite of tests. + First, as the root user, set up + some test interfaces: + - If IPv6 is not enabled in the kernel, there will be several - error messages: "RTNETLINK answers: Operation not permitted". These - messages do not affect the tests. + + + If IPv6 is not enabled in the kernel, there will be several + error messages: "RTNETLINK answers: Operation not permitted". These + messages do not affect the tests. + + bin/tests/system/ifconfig.sh up - The test suite may indicate some skipped tests depending on - what configuration options are used. Some tests are marked UNTESTED - if is not installed. - To run the tests, as an unprivileged user, execute: + + The test suite may indicate some skipped tests depending on + what configuration options are used. Some tests are marked + UNTESTED if is not + installed. To run the tests, as an unprivileged user, execute: + make -k check - Again as root, clean up the - test interfaces: + + Again as root, clean up the + test interfaces: + bin/tests/system/ifconfig.sh down - Finally, install the package as the root user: + + Finally, install the package as the root user: + make install && @@ -180,48 +213,65 @@ install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap Command Explanations - --sysconfdir=/etc: This parameter forces - BIND to look for configuration - files in /etc instead of - /usr/etc. + + --sysconfdir=/etc: This parameter forces + BIND to look for configuration + files in /etc instead of + /usr/etc. + - --with-libtool: This parameter forces the - building of dynamic libraries and links the installed binaries to these - libraries. + + --with-libtool: This parameter forces the + building of dynamic libraries and links the installed binaries to these + libraries. + - : This parameter enables - the IDNA2008 (Internationalized Domain Names in Applications) - support. + + : This parameter enables + the IDNA2008 (Internationalized Domain Names in Applications) + support. + - : Use this option if you want - to be able to limit the rate of recursive client queries. This may be - useful on servers which receive a large number of queries. + + : Use this option if you want + to be able to limit the rate of recursive client queries. This may be + useful on servers which receive a large number of queries. + - : BIND can also be built without - capability support by using this option, at the cost of some loss of - security. + + : BIND can also be built without + capability support by using this option, at the cost of some loss of + security. + - : Use - one (or more) of those options to add Dynamically Loadable Zones support. - For more information refer to - bind-dlz.sourceforge.net. + + : Use + one (or more) of those options to add Dynamically Loadable Zones support. + For more information refer to bind-dlz.sourceforge.net. - cd doc; install ...: These commands install - additional package documentation. Omit any or all of these commands if - desired. + + cd doc; install ...: These commands install + additional package documentation. Omit any or all of these commands if + desired. + @@ -230,11 +280,13 @@ install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap Config files - named.conf, - root.hints, - 127.0.0, - rndc.conf and - resolv.conf + + named.conf, + root.hints, + 127.0.0, + rndc.conf, and + resolv.conf + /etc/named.conf @@ -262,22 +314,28 @@ install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap Configuration Information - BIND will be configured to run in a - chroot jail as an unprivileged user (named). This configuration is more secure - in that a DNS compromise can only affect a few files in the named user's HOME - directory. + + BIND will be configured to run in a + chroot jail as an unprivileged user (named). This configuration is more secure + in that a DNS compromise can only affect a few files in the named user's HOME + directory. + - Create the unprivileged user and group named: + + Create the unprivileged user and group named: + groupadd -g 20 named && useradd -c "BIND Owner" -g named -s /bin/false -u 20 named && install -d -m770 -o named -g named /srv/named - Set up some files, directories and devices needed by - BIND: + + Set up some files, directories and devices needed by + BIND: + mkdir -p /srv/named && cd /srv/named && @@ -287,16 +345,21 @@ mknod /srv/named/dev/urandom c 1 9 && chmod 666 /srv/named/dev/{null,urandom} && cp /etc/localtime etc - The rndc.conf file contains information for - controlling named operations with the - rndc utility. Generate a key for use in the named.conf and rdnc.conf with the - rndc-confgen command: + + The rndc.conf file contains information for + controlling named operations with the + rndc utility. Generate a key for use in the + named.conf and rdnc.conf + with the rndc-confgen command: + - rndc-confgen -a -b 512 -t /srv/named +rndc-confgen -a -b 512 -t /srv/named - Complete the named.conf file from which - named will read the location of zone files, root - name servers and secure DNS keys: + + Complete the named.conf file from which + named will read the location of zone files, root + name servers and secure DNS keys: + cat >> /srv/named/etc/named.conf << "EOF" options { @@ -352,7 +415,9 @@ logging { }; EOF - Create a zone file with the following contents: + + Create a zone file with the following contents: + cat > /srv/named/etc/named/pz/127.0.0 << "EOF" $TTL 3D @@ -366,12 +431,16 @@ EOF 1 PTR localhost. EOF - Create the root.hints file with the following - commands: + + Create the root.hints file with the following + commands: + - Caution must be used to ensure there are no leading spaces in - this file. + + Caution must be used to ensure there are no leading spaces in + this file. + cat > /srv/named/etc/named/root.hints << "EOF" @@ -416,22 +485,28 @@ M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35 EOF - The root.hints file is a list of root name - servers. This file must be updated periodically with the - dig utility. A current copy of root.hints can be - obtained from . - For details, consult the "BIND 9 Administrator Reference Manual", included - in every source archive of BIND 9 distributed by ISC, in HTML and PDF - formats, also available at - - BIND 9 Administrator Reference Manual. + + The root.hints file is a list of root name + servers. This file must be updated periodically with the + dig utility. A current copy of root.hints can be + obtained from . + For details, consult the "BIND 9 Administrator Reference Manual", + included in every source archive of BIND 9 distributed by ISC, in HTML + and PDF formats, also available at + BIND 9 Administrator Reference Manual. + - Create or modify resolv.conf to use the new - name server with the following commands: + + Create or modify resolv.conf to use the new + name server with the following commands: + - Replace <yourdomain.com> with - your own valid domain name. + + Replace <yourdomain.com> with + your own valid domain name. + cp /etc/resolv.conf /etc/resolv.conf.bak && @@ -440,8 +515,10 @@ cat > /etc/resolv.conf << "EOF" nameserver 127.0.0.1 EOF - Set permissions on the chroot jail with the - following command: + + Set permissions on the chroot jail with the + following command: + chown -R named:named /srv/named @@ -451,13 +528,15 @@ EOF <phrase revision="sysv">Boot Script</phrase> <phrase revision="systemd">Systemd Unit</phrase> - To start the DNS server at boot, install the - /etc/rc.d/init.d/bind init - script - named.service - unit included in the - - package. + + To start the DNS server at boot, install the + /etc/rc.d/init.d/bind init + script + named.service + unit included in the + + package: + bind @@ -466,8 +545,9 @@ EOF make install-bind make install-named - Now start BIND with - the following command: + + Now start BIND with the following command: + /etc/rc.d/init.d/bind start systemctl start named @@ -477,22 +557,28 @@ EOF Testing BIND - Test out the new BIND 9 installation. - First query the local host address with dig: + + Test out the new BIND 9 installation. + First query the local host address with dig: + dig -x 127.0.0.1 - Now try an external name lookup, taking note of the speed - difference in repeated lookups due to the caching. Run the - dig command twice on the same address: + + Now try an external name lookup, taking note of the speed + difference in repeated lookups due to the caching. Run the + dig command twice on the same address: + dig www.&lfs-domainname; && dig www.&lfs-domainname; - You can see almost instantaneous results with the named caching - lookups. Consult the BIND Administrator - Reference Manual located at doc/arm/Bv9ARM.html - in the package source tree, for further configuration options. + + You can see almost instantaneous results with the named caching + lookups. Consult the BIND Administrator + Reference Manual located at doc/arm/Bv9ARM.html + in the package source tree, for further configuration options. + @@ -582,7 +668,9 @@ dig www.&lfs-domainname; dig - interrogates DNS servers. + + interrogates DNS servers. + dig @@ -656,7 +744,9 @@ dig www.&lfs-domainname; dnssec-keygen - is a key generator for secure DNS. + + is a key generator for secure DNS. + dnssec-keygen @@ -690,7 +780,9 @@ dig www.&lfs-domainname; dnssec-signzone - generates signed versions of zone files. + + generates signed versions of zone files. + dnssec-signzone @@ -726,7 +818,9 @@ dig www.&lfs-domainname; host - is a utility for DNS lookups. + + is a utility for DNS lookups. + host @@ -760,7 +854,9 @@ dig www.&lfs-domainname; lwresd - is a caching-only name server for local process use. + + is a caching-only name server for local process use. + lwresd @@ -770,7 +866,9 @@ dig www.&lfs-domainname; named - is the name server daemon. + + is the name server daemon. + named @@ -780,8 +878,10 @@ dig www.&lfs-domainname; named-checkconf - checks the syntax of named.conf - files. + + checks the syntax of named.conf + files. + named-checkconf @@ -791,7 +891,9 @@ dig www.&lfs-domainname; named-checkzone - checks zone file validity. + + checks zone file validity. + named-checkzone @@ -851,7 +953,9 @@ dig www.&lfs-domainname; nslookup - is a program used to query Internet domain nameservers. + + is a program used to query Internet domain nameservers. + nslookup @@ -861,7 +965,9 @@ dig www.&lfs-domainname; nsupdate - is used to submit DNS update requests. + + is used to submit DNS update requests. + nsupdate @@ -871,7 +977,9 @@ dig www.&lfs-domainname; rndc - controls the operation of BIND. + + controls the operation of BIND. + rndc @@ -881,7 +989,9 @@ dig www.&lfs-domainname; rndc-confgen - generates rndc.conf files. + + generates rndc.conf files. + rndc-confgen diff --git a/server/major/major.xml b/server/major/major.xml index ec0fb71a4c..b8adc12eb3 100644 --- a/server/major/major.xml +++ b/server/major/major.xml @@ -15,8 +15,10 @@ $Date$ Major Servers - Major servers are the programs that provide content or services - to users or other programs. + + Major servers are the programs that provide content or services + to users or other programs. + diff --git a/server/major/proftpd.xml b/server/major/proftpd.xml index 7f9febce0e..7914d14a03 100644 --- a/server/major/proftpd.xml +++ b/server/major/proftpd.xml @@ -29,31 +29,45 @@ Introduction to ProFTPD - The ProFTPD package contains a secure - and highly configurable FTP daemon. This is useful for serving large - file archives over a network. + + The ProFTPD package contains a secure + and highly configurable FTP daemon. This is useful for serving large + file archives over a network. + &lfs91_checked; Package Information - Download (HTTP): + + Download (HTTP): + - Download (FTP): + + Download (FTP): + - Download MD5 sum: &proftpd-md5sum; + + Download MD5 sum: &proftpd-md5sum; + - Download size: &proftpd-size; + + Download size: &proftpd-size; + - Estimated disk space required: &proftpd-buildsize; + + Estimated disk space required: &proftpd-buildsize; + - Estimated build time: &proftpd-time; + + Estimated build time: &proftpd-time; + - Install ProFTPD as an unprivileged user by - running the following commands: + + Install ProFTPD as an unprivileged user by + running the following commands: + ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run && make - This packages does not come with a usable test suite. + + This packages does not come with a usable test suite. + - Now, as the root user: + + Now, as the root user: + make install && install -d -m755 /usr/share/doc/proftpd-&proftpd-version; && @@ -126,26 +148,35 @@ cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version; Command Explanations - install -v -d -m775 -o proftpd -g proftpd - /srv/ftp: Create the home directory for - ProFTPD. + + install -v -d -m775 -o proftpd -g proftpd /srv/ftp: + Create the home directory for ProFTPD. + - ln -v -s /bin/false /usr/bin/proftpdshell: - Set the default shell as a link to an invalid shell. + + ln -v -s /bin/false /usr/bin/proftpdshell: + Set the default shell as a link to an invalid shell. + - echo /usr/bin/proftpdshell >> - /etc/shells: Fake a valid shell for compatibility purposes. + + echo /usr/bin/proftpdshell >> /etc/shells: + Fake a valid shell for compatibility purposes. + - The above two commands can be omitted if the following directive is - placed in the configuration file: + + The above two commands can be omitted if the following directive is + placed in the configuration file: + RequireValidShell off - By default, proftpd will require that users logging in have valid - shells. The RequireValidShell directive turns off this requirement. This - is only recommended if you are setting up your FTP server exclusively - for anonymous downloads. + + By default, proftpd will require that users logging in have valid + shells. The RequireValidShell directive turns off this requirement. + This is only recommended if you are setting up your FTP server + exclusively for anonymous downloads. + @@ -165,7 +196,9 @@ cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version; Config Files - /etc/proftpd.conf + + /etc/proftpd.conf + /etc/proftpd.conf @@ -176,11 +209,13 @@ cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version; Configuration Information - This is a simple, download-only sample configuration. See the - ProFTPD documentation in - /usr/share/doc/proftpd and - consult the website at for - example configurations. + + This is a simple, download-only sample configuration. See the + ProFTPD documentation in + /usr/share/doc/proftpd and + consult the website at for + example configurations. + cat > /etc/proftpd.conf << "EOF" # This is a basic ProFTPD configuration file @@ -246,14 +281,16 @@ EOF <phrase revision="sysv">Boot Script</phrase> <phrase revision="systemd">Systemd Unit</phrase> - Install the - /etc/rc.d/init.d/proftpd - init script - proftpd.service - unit included in the - - - package. + + Install the + /etc/rc.d/init.d/proftpd + init script + proftpd.service + unit included in the + + + package: + proftpd @@ -295,7 +332,9 @@ EOF proftpd - is the FTP daemon. + + is the FTP daemon. + proftpd @@ -305,7 +344,9 @@ EOF ftpcount - shows the current number of connections. + + shows the current number of connections. + ftpcount @@ -315,7 +356,9 @@ EOF ftpdctl - is used to control the proftpd daemon while it is running. + + is used to control the proftpd daemon while it is running. + ftpdctl @@ -325,8 +368,10 @@ EOF ftpasswd - is a Perl script designed to create and manage - AuthUserFiles and AuthGroupFiles of the correct format for proftpd. + + is a Perl script designed to create and manage + AuthUserFiles and AuthGroupFiles of the correct format for proftpd. + ftpasswd @@ -336,7 +381,8 @@ EOF ftpmail - is a Perl script for sending email based on the proftpd TransferLog. + + is a Perl script for sending email based on the proftpd TransferLog. ftpmail @@ -347,9 +393,11 @@ EOF ftpquota - is a Perl script designed to create and manage limits and tally - files for the mod_quotatab + mod_quotatab_file module combination - for proftpd. + + is a Perl script designed to create and manage limits and tally + files for the mod_quotatab + mod_quotatab_file module combination + for proftpd. + ftpquota @@ -359,7 +407,9 @@ EOF ftpscrub - provides a way to scrub the scoreboard file on demand. + + provides a way to scrub the scoreboard file on demand. + ftpscrub @@ -369,8 +419,10 @@ EOF ftpshut - shuts down all proftpd servers - at a given time. + + shuts down all proftpd servers + at a given time. + ftpshut @@ -380,7 +432,9 @@ EOF ftptop - displays running status on connections. + + displays running status on connections. + ftptop @@ -390,7 +444,9 @@ EOF ftpwho - shows current process information for each session. + + shows current process information for each session. + ftpwho @@ -400,9 +456,11 @@ EOF prxs - is a Perl script designed to compile and install third-party - modules, from source code, as DSO modules for the installed - proftpd. + + is a Perl script designed to compile and install third-party + modules, from source code, as DSO modules for the installed + proftpd. + prxs diff --git a/server/major/vsftpd.xml b/server/major/vsftpd.xml index fd875c53b8..0a71c81372 100644 --- a/server/major/vsftpd.xml +++ b/server/major/vsftpd.xml @@ -30,31 +30,45 @@ Introduction to vsftpd - The vsftpd package contains a very - secure and very small FTP daemon. This is useful for serving files - over a network. + + The vsftpd package contains a very + secure and very small FTP daemon. This is useful for serving files + over a network. + &lfs91_checked; Package Information - Download (HTTP): + + Download (HTTP): + - Download (FTP): + + Download (FTP): + - Download MD5 sum: &vsftpd-md5sum; + + Download MD5 sum: &vsftpd-md5sum; + - Download size: &vsftpd-size; + + Download size: &vsftpd-size; + - Estimated disk space required: &vsftpd-buildsize; + + Estimated disk space required: &vsftpd-buildsize; + - Estimated build time: &vsftpd-time; + + Estimated build time: &vsftpd-time; + @@ -79,11 +93,13 @@ Installation of vsftpd - For security reasons, running vsftpd - as an unprivileged user and group is encouraged. Also, a user should be - created to map anonymous users. As the root user, create the needed directories, - users, and groups with the following commands: + + For security reasons, running vsftpd + as an unprivileged user and group is encouraged. Also, a user should be + created to map anonymous users. As the root user, create the needed directories, + users, and groups with the following commands: + install -v -d -m 0755 &vsftpd-empty; && install -v -d -m 0755 /home/ftp && @@ -92,22 +108,23 @@ groupadd -g 45 ftp && useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd && useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp - - - Build vsftpd as an unprivileged user - using the following command: + + Build vsftpd as an unprivileged user + using the following command: + make - This package does not come with a test suite. + + This package does not come with a test suite. + - Once again, become the root - user and install vsftpd with the following - commands: + + Once again, become the root + user and install vsftpd with the following + commands: + install -v -m 755 vsftpd /usr/sbin/vsftpd && install -v -m 644 vsftpd.8 /usr/share/man/man8 && @@ -119,30 +136,40 @@ install -v -m 644 vsftpd.conf /etc Command Explanations - install -v -d ...: This creates the - directory that anonymous users will use (/home/ftp) - and the directory the daemon will chroot into - (&vsftpd-empty;). + + install -v -d ...: This creates the + directory that anonymous users will use (/home/ftp) + and the directory the daemon will chroot into + (&vsftpd-empty;). + - /home/ftp should not be - owned by the user vsftpd, - or the user ftp. + + /home/ftp should not be + owned by the user vsftpd, + or the user ftp. + - echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: - Use this prior to make to add support for - tcpwrappers. + + echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: + Use this prior to make to add support for + tcpwrappers. + - echo "#define VSF_BUILD_SSL" >>builddefs.h: - Use this prior to make to add support for SSL. + + echo "#define VSF_BUILD_SSL" >>builddefs.h: + Use this prior to make to add support for SSL. + - install -v -m ...: - The Makefile uses non-standard installation paths. - These commands install the files in - /usr and - /etc. + + install -v -m ...: + The Makefile uses non-standard installation paths. + These commands install the files in + /usr and + /etc. + @@ -152,7 +179,9 @@ install -v -m 644 vsftpd.conf /etc Config Files - /etc/vsftpd.conf + + /etc/vsftpd.conf + /etc/vsftpd.conf @@ -163,16 +192,17 @@ install -v -m 644 vsftpd.conf /etc Configuration Information - vsftpd comes with a basic - anonymous-only configuration file that was copied to - /etc above. While still as - root, this file should be - modified because it is now recommended to run vsftpd - in standalone mode. Also, you - should specify the privilege separation user created above. Finally, - you should specify the chroot directory. - man vsftpd.conf will give you all the details. + + vsftpd comes with a basic + anonymous-only configuration file that was copied to + /etc above. While still as + root, this file should be + modified because it is now recommended to run vsftpd + in standalone mode. Also, you + should specify the privilege separation user created above. Finally, + you should specify the chroot directory. + man vsftpd.conf will give you all the details. + cat >> /etc/vsftpd.conf << "EOF" background=YES @@ -182,32 +212,38 @@ secure_chroot_dir=&vsftpd-empty; EOF - The vsftpd daemon uses seccomp to improve security by default. - But it's known to cause vsftpd unable to handle ftp - LIST command with recent kernel versions. Append - a line to /etc/vsftpd.conf (as the - root user) to disable - seccomp and workaround this issue: + + The vsftpd daemon uses seccomp to improve security by default. + But it's known to cause vsftpd unable to handle ftp + LIST command with recent kernel versions. Append + a line to /etc/vsftpd.conf (as the + root user) to disable + seccomp and workaround this issue: + cat >> /etc/vsftpd.conf << "EOF" seccomp_sandbox=NO EOF - To enable local logins, append the following to the - /etc/vsftpd.conf file (as the - root user): + + To enable local logins, append the following to the + /etc/vsftpd.conf file (as the + root user): + cat >> /etc/vsftpd.conf << "EOF" local_enable=YES EOF - In addition, if using Linux-PAM and - vsftpd with local user logins, you will need - a Linux-PAM configuration file. As the - root user, create the - /etc/pam.d/vsftpd file, and add the needed - configuration changes for Linux-PAM session - support using the following commands: + + In addition, if using Linux-PAM and + vsftpd with local user logins, you will need + a Linux-PAM configuration file. As the + root user, create the + /etc/pam.d/vsftpd file, and add the needed + configuration changes for Linux-PAM session + support using the following commands: + cat > /etc/pam.d/vsftpd << "EOF" && # Begin /etc/pam.d/vsftpd @@ -231,13 +267,15 @@ EOF <phrase revision="sysv">Boot Script</phrase> <phrase revision="systemd">Systemd Unit</phrase> - Install the - /etc/rc.d/init.d/vsftpd init - script - vsftpd.service - unit included in the - - package. + + Install the + /etc/rc.d/init.d/vsftpd + init script + vsftpd.service + unit included in the + + package: + make install-vsftpd @@ -268,7 +306,9 @@ EOF vsftpd - is the FTP daemon. + + is the FTP daemon. + vsftpd diff --git a/server/other/unbound.xml b/server/other/unbound.xml index 49cd11a583..431771271e 100644 --- a/server/other/unbound.xml +++ b/server/other/unbound.xml @@ -242,7 +242,7 @@ install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version; unbound.service unit included in the - package. + package: