[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LedgerSMB rpm spec

On 10/18/06, Mads Kiilerich <..hidden..> wrote:
Chris Travers wrote, On 10/19/2006 01:18 AM:
> Would it be easier just to include by default a .htaccess file that
> would deny access to the admin.pl with instructions on how to remove
> it?  Once you go to the admin.pl screen, if it has a blank password,
> you will get prompted to enter another one.

So the .htaccess should be included in the rpm? In that case an upgrade
would introduce it again...

No. I was thinking of generating it the same way you generate the
members file.  I am assuming that what you put in that part of the
script won't get regenerated on each upgrade...  Otherwise your user
account info would be wiped out...

> With the .htaccess solution, we can provide a nice description of what
> needs to be done to allow access, etc.
> What I want to avoid is people having to spend too much time looking
> for documentation when RPM's ideally should be plug and play.

Yeah. The package info is the first place I would look. I wouldn't know
which url to look at or which of the many docs in the RPM to read.

IF you think the url to admin.pl is intuitive, then I would rather suggest:
admin.pl currently detects a blank password and asks for one.
Similarly, if the "crypted" string is "DEFAULT" then admin.pl could tell
the user to remove the line or whole file. The RPM could then contain a
config file with the password set to DEFAULT...

Is there any reason why we couldn't have the instructions be
duplicated in the following areas:

package info
(which of course is served out if the .htaccess file exists)

> BTW, I will probably add dependencies for DBI and PostgreSQL (since we
> don't support other db's at the moment).  Hope this helps.

The spec already has that. Installing the rpm with yum will install all
dependencies too.

Great :-)  I must have missed it.

Best Wishes,
Chris Travers