Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

1775 lines (1228 sloc) 61.304 kB

NAME

INSTALL - Slash Installation

SYNOPSIS

This document describes how to install Slash, versions 2.2 and pre-releases of 2.3 and 2.5. For instructions on installation or upgrade of previous versions of Slash, see the INSTALL document included with those distributions.

These instructions have only been tested on Linux. Installation under BSD and other Unix OSes is doable, with minor glitches (see "BSD Systems" below). Windows is not supported.

Slash can always be downloaded from SourceForge.net, from the FTP site, and via CVS.

        http://sf.net/projects/slashcode/
        ftp://ftp.slashcode.com//pub/slashcode/
        http://cvs.slashcode.com/

See the SourceForge.net page for patches and bug reports.

Which version should I use?

First of all: if you are using Slash 2.2.5 or before, including all 2.1.x, 2.0.x, and 1.x versions, you should upgrade to the latest version in the 2.2 tree, 2.2.6, as soon as possible. There are security issues with previous versions. You should not install previous versions.

As of this writing (August 2006), our last official release (2.2.6) was long ago, and many features have been added since. All development has been in CVS. If you are installing a new Slash site, you don't want to use 2.2.6. And while you probably don't want to use the very latest CVS, you almost certainly do want to use the latest "R_" tag available in CVS. See "VERSIONS", "CVS tags", below, for advice on choosing and maintaining a CVS installation.

Read, then install

We know you want to get right into the installation, but you must first read, carefully, these sections of this INSTALL file:

  • REQUIREMENTS, to make sure you have the right hardware and software
  • "CVS tags," in VERSIONS, to make sure you have the right version of this code
  • SECURITY NOTES, to keep your system safe
  • INSTALLATION (the longest section), to make sure you will be able to finish what you start

And it's a good idea to at least skim:

  • INSTALLATION OPTIONS
  • TROUBLESHOOTING

Read those sections before you begin actually performing the steps in "INSTALLATION".

This document also contains information on upgrading a Slash site (which can be tricky), and uninstalling (which is easy).

Updates to this file

This INSTALL file you are currently reading may not be the latest. Again, you probably don't want to upgrade your whole Slash checkout to the very latest CVS. But if you encounter problems, it might not be a bad idea to look over the very latest version of this INSTALL file, which you can find at:

http://slashcode.cvs.sourceforge.net/*checkout*/slashcode/slash/INSTALL

The version of this file that you are currently reading is:

$Id$

If there are more recent versions of this file, you can find a list of those changes at:

http://slashcode.cvs.sourceforge.net/slashcode/slash/INSTALL

INSTALLATION

Installation Note

All of the installation steps below should be executed as root. If this is a problem, then Slash is probably not for you (see "Non-Root" below, under "INSTALLATION OPTIONS"). Type carefully. Now's a good time to back up anything important.

Installation Procedure

There are eight steps to installation. Anything already done can be skipped -- but only if you have the correct version and configuration, particularly with Apache/mod_perl.

  1. Install MySQL.

    If it is already installed, doublecheck that its version is at least the minimum required (see "REQUIREMENTS"). If you have questions about the installation process, please refer to MySQL documentation.

    Slash requires that your MySQL server run in the GMT timezome. Find your global my.cnf file (probably /etc/my.cnf or /etc/mysql/my.cnf), locate the [mysqld_safe] (or [safe_mysqld]) group, and add this line to it:

            timezone = GMT

    Start MySQL (it must be running for the installation of Slash and some perl modules). Or, if it is already running, restart MySQL (if you have other services using MySQL, you should probably stop and start them -- make sure they are timezone-agnostic!).

    Create a database to be used by Slash. Our default name is 'slash':

            CREATE DATABASE slash;

    Create a username/password that can access that database, and ensure that user has at least privileges to select, insert, update, delete, lock, create, drop, index and alter. For example, if your whole site (slashd daemon and apache) will run on the same machine as your mysql server, and you wanted to use the mysql username 'slash', you might:

            GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, CREATE, DROP,
            INDEX, ALTER ON slash.* TO 'slash'@'localhost'
            IDENTIFIED BY (quoted password);
    
            GRANT PROCESS ON *.* TO 'slash'@'localhost' IDENTIFIED BY
            (quoted password);

    In this case, 'slash' would also be the name of your MySQL user as described in "Types of Users" below. You'll have to give your MySQL user to DBIx::Password when you install and configure it, so don't forget it.

  2. Install perl.

    Perl is likely already installed on your machine; doublecheck that its version is at least the minimum required (see "REQUIREMENTS").

    Also, check the "Libraries" (or "Debian libraries") section under "REQUIREMENTS", below. You may need to install dev packages for not only perl but mysql and expat as well and now's a good time to take care of that.

  3. Install Apache and mod_perl.

    You MUST install mod_perl and Apache as directed here. OK, that is not strictly true, but unless you really know what you're doing, just assume it's true. If you already have mod_perl installed, it is probably not configured properly to work with Slash and you will have to rebuild it.

    If you are using the provided httpd.conf file from the slash distribution, and find that Apache is giving you errors, chances are mod_perl is not installed correctly, and you need to build it from scratch. Not following this direction is one of the most common reasons we see for a Slash install not working.

    Of course, if you have your own Apache modules or build options, you will need to modify the instructions here appropriately.

    First, untar apache and mod_perl. Then, go to the mod_perl directory, and have mod_perl build and install apache for you:

            perl Makefile.PL APACHE_SRC=../where_you_have_apache/src \
                    DO_HTTPD=1 USE_APACI=1 PERL_MARK_WHERE=1 EVERYTHING=1 \
                    APACHE_PREFIX=/where_apache_will_be_installed
            make
            make test
            make install

    NOTE: You may be unsuccessful with make test if the perl modules are not yet installed. However, some perl modules will not install without Apache and mod_perl installed. If you wish, skip make test, run make install, install the perl modules in step 4, and then come back and run make test here again to make sure everything is OK.

    NOTE: If you know what you're doing, Slash will work with a DSO Apache. Be sure you're on the latest versions of Apache and mod_perl and remember PERL_MARK_WHERE=1 and EVERYTHING=1.

    NOTE: See also "Other requirements" under "REQUIREMENTS".

    Ubuntu NOTE: In mid-2006 Ubuntu 6.x switched sh to point to dash instead of bash, which apparently breaks the above step (because dash's 'echo -E' isn't compliant enough for apache's 'configure'). We're looking into it, but for now apparently (temporarily) linking /bin/sh to /bin/bash during this step is a workaround. "dash-as-bin-sh" in https://launchpad.net/ubuntu/+spec (Update: this appears to no longer be a problem, but if you encounter problems on Ubuntu, check where your /bin/sh points.)

  4. Install the perl modules.

    Slash is powerful and complex, and, rather than reinvent the wheel, it often relies on CPAN modules. Open-source code reuse has many advantages. One disadvantage is that installing all those modules can be tricky, as you may be about to find out.

    You could install each module in Bundle/Slash.pm by hand, but this would be time-consuming. Instead, you'll want to install the bundle Bundle::Slash using CPAN.

    IMPORTANT NOTES (read through these first! really!):

    Overall comment about CPAN module failure

    It is possible that upon typing "install Bundle::Slash", you will have one or more modules fail to install on the first try. The rest of the modules will be successfully installed but some won't. In that case you will want to fix the problems and retype "install Bundle::Slash" to make sure everything proceeds smoothly. Once that command gives you just a long list of "Foo::Bar is up to date," you are done. Until that point, you are not done; you must resolve the errors.

    Old Version of Bundle::Slash

    If you have previously installed Bundle::Slash, you will want to install it again, but you will need to delete the existing version. Go to your .cpan/Bundle directory (usually ~/.cpan/Bundle/) and remove Slash.pm.

    Overactive CPAN

    With some versions of the CPAN module, the module will try to download and install the latest version of perl. Watch what the module is doing; if it begins to download an entire perl distribution, interrupt it (hit ctrl-C) until it stops, then try again with the CPAN module. This should not be an issue in the latest version of Bundle::Slash.

    Uninstalling Old Modules

    Sometimes, you will be installing a newer version of a module that exists elsewhere on the system. You probably want to tell the CPAN module to automatically remove older files. To do that from the CPAN shell, type:

            cpan> o conf make_install_arg UNINST=1

    And if you want that to be CPAN's default from now on, add:

            cpan> o conf commit
    Automatically Installing Dependencies

    Some of the modules in Bundle::Slash require other modules. We have not put some of those other modules in Bundle::Slash because, if those requirements change in the future, we don't want to make future Slash sites install more than they have to.

    If you see this:

            ---- Unsatisfied dependencies detected during [FOO/Bar-1.23.tar.gz] -----
                Foobar::Baz
            Shall I follow them and prepend them to the queue
            of modules we are processing right now? [yes] 

    That's normal; just hit return.

    If it annoys you to have to do this, edit the prerequisites_policy field of your CPAN/Config.pm file. Or, just do this to change it to automatically follow dependencies and commit the change:

            cpan> o conf prerequisites_policy follow
            cpan> o conf commit
    Data::JavaScript::Anon

    There are bugs in versions earlier than 1.00 that break our JS. Unfortunately, CPAN seems to prefer version 0.9 even though 1.00 is available. You may have to install a better version in CPAN by hand:

      cpan> install A/AD/ADAMK/Data-JavaScript-Anon-1.00.tar.gz
    Additional Libraries

    You must have certain libraries existing on your system before building, for Compress::Zlib, XML::Parser, DBI and DBD::mysql. See "Libraries" under "REQUIREMENTS", below.

    BSD Systems

    If running BSD, also install the BSD::Resource module. We have heard reports of minor problems running Slash on BSD, but you are welcome to try. See SLASH_PREFIX below, and after the install, doublecheck the init scripts. If you have to make changes to get it to work, send us patches or detailed bug reports please: we want to support the BSDs.

    DBIx::Password

    When installing DBIx::Password, you will be asked for various information, the same information used to create the database and database user in Step 1. First, you'll be asked for a virtual user name, which will be the identifier for all of this data. You can just use the name of your site, or any other alphanumeric string. This string will be your "DBIx::Password virtual user" as described in "Types of Users" below -- you will use this in other places, so don't forget it.

    Then you'll be asked for your DBI driver (mysql), the name of the database you CREATEd in Step 1, its machine (maybe 'localhost' or an IP number) and port, and then the MySQL user name you GRANTed privileges to in Step 1 and its password.

    Some perl modules you can hit return for defaults and they'll work. This isn't one of them. If you don't understand what you're doing here, don't fake it -- that's a common reason for Slash installations failing.

    Documentation

    To read the README for any module, before or after installing:

            cpan> readme MODULE

    To read the documentation of any of the modules, once they have been installed, type perldoc MODULE at the command line.

    See perlmodinstall for more information on installing perl modules.

    Now that you have read the above notes, you're ready to install the perl modules.

    To use the CPAN module, invoke the CPAN shell:

            perl -MCPAN -e shell

    (Or, you may have the program "cpan" already available, which does the same thing.)

    If this is the first time you've invoked CPAN, you will be asked to configure it. Note that CPAN works best if most or all of these helper programs are installed: bzip2 gzip tar unzip make curl lynx wget ncftpget ncftp ftp gpg. If your OS installation is very anemic and you lack most of them, you might ^C its questions, install the missing programs, and then re-invoke the CPAN shell to restart configuration.

    It's probably a good idea here to install the latest version of the CPAN module itself, along with all the helper modules it requires. This is an optional step but may make the rest of module installation easier:

            cpan> install Bundle::CPAN

    If you chose to do that, then afterwards, exit the CPAN and reinvoke it. (The plain shell command "cpan" will probably now work.)

    Next, install some important networking modules. This is also optional but, if there are problems with these modules, you'll want to resolve them before moving on to the rest of the installation:

            cpan> install Bundle::LWP

    Make sure all those modules are installed and up to date before proceeding. Note that Net::Cmd has a history of being a little broken in its tests; if it fails on tests 8 and 9 of t/require, then it's OK; just do force install Net::Cmd and repeat install Bundle::LWP. On Mac OS X and possibly other operating systems, if LWP's live/https tests fail, install Net::SSL manually and retry.

    Assuming you chose to install the LWP, then after it's been configured successfully, again, exit the CPAN and reinvoke it.

    Finally, you must install Bundle::Slash:

            cpan> install Bundle::Slash

    This will be a long process. Several modules will ask to be configured during this process. Here are some tips:

    DBI

    Don't worry about the threading warning. Slash doesn't use threads.

    DBIx::Password

    See "DBIx::Password" under IMPORTANT NOTES above.

    Apache::Test and Apache::Cookie

    You will need httpd and apxs in your $PATH, and even if they are there, you will probably see the lengthy error that starts "Apache cannot spawn child processes as 'root'". This is because, ironically, Apache::Test's self-tests are a colossal pain to actually run (I take the option to skip them). And personally I just force install Apache::Cookie which is lame but solves the problem.

    Template

    The Template Toolkit is a complex install. Try accepting all the defaults and see if it works. It has 90 test scripts with over 2000 tests, and installation will be halted if just 1 of these tests fails. Do a look Template and try your best to resolve the issues. The README includes a URL to the mailing list archives, where you may find help. If you're getting 100 errors, you need to fix them, but if you're down to 1 or 2 you can't fix, you might just make a note of what the failures were and just force install Template.

    Other failures

    We can't predict whether bugs will appear in CPAN modules in future. Often the bugs are not in the software proper, but in its too-strictly coded test suites, which don't allow for changed but still-legitimate output. When this happens, the module itself is fine but it will not install unless forced. As of October 2006, we've noticed the following module throw spurious errors, requiring a force install:

            HTML::CalendarMonth 1.18

    If you have problems, feel free to re-run install Bundle::Slash. It will safely skip anything already installed.

    Again: once you are able to do install Bundle::Slash and see nothing but a long list of modules that are "up to date," you are done. Until you see that, you are not done with this step!

    If you wish to take full advantage of Slash, there are some plugins not installed and vars not turned on by default, which provide additional features, improve performance, or help in testing, which require additional perl modules and sometimes non-perl libraries. See the listing at the bottom of Bundle/Slash.pm, and see also the tips in plugins/Admin/README, plugins/HumanConf/INSTALL-NOTES, and plugins/Stats/README.

  5. Install Slash.

    Unpack the distribution, go to the new directory that creates, and type:

            make
            make install

    Note: you will want the GNU versions of fileutils and make. Older versions of install, and make and cp from other systems, might not work.

    There are a few options to make and make install you may want to change.

            option          default                 purpose
            ==========================================================
            SLASH_PREFIX    /usr/local/slash        Location for
                                                    installed files
            INIT            /etc or /etc/rc.d       Location for init
                                                    scripts
            USER            nobody                  User to own files
            GROUP           nobody                  Group to own files
            CP              cp                      Name of or path to
                                                    alternate 'cp'
            INSTALL         install                 Name of or path to
                                                    alternate 'install'

    (USER and GROUP can also be changed later on a per-site basis, in step 6, while running install-slashsite.)

    So, for example, you might type (although the default SLASH_PREFIX is strongly recommended):

            make SLASH_PREFIX=/home/slash
            make install SLASH_PREFIX=/home/slash

    When done, a configuration file for Apache will be created at $SLASH_PREFIX/httpd/slash.conf. You can put its contents into your httpd.conf, or you can just Include it in your httpd.conf. You must do one or the other!

    WARNING!

    Please be aware that if you include $SLASH_PREFIX/slash.conf or $SLASH_PREFIX/sites/sitename/sitename.conf more than once, or if this file shares contents with directives in httpd.conf, that your Slash site WILL break. The directives in $SLASH_PREFIX/slash.conf should be run only ONCE in any any site context. Read through $SLASH_PREFIX/slash.conf to make sure it all looks proper.

  6. Install your Slash site.

    At this point, you may want to (re)read "DBIx::Password" in "SECURITY NOTES" at the end of this section, and consider the option of installing your site with a custom unix system user and group for added security. You will be prompted for user and group shortly.

    Go to your installation directory (by default, /usr/local/slash) and execute (where VIRTUAL_USER is the name of the virtual user given in the DBIx::Password distribution):

            bin/install-slashsite -u VIRTUAL_USER

    The program will prompt for answers to several configuration questions. Then it will install your site.

    Another configuration file will be created at $SLASH_PREFIX/$SITENAME/$SITENAME.conf, which will be Include'd in $SLASH_PREFIX/httpd/slash.conf. You'll want to add an Include for the latter in your Apache's httpd.conf if you haven't done so on a previous site install.

    If you are using virtual hosting by hostname, you may also need to add a NameVirtualHost.

    If you don't have your Slash site in the root of the web server (e.g., http://www.example.com/mysite/ instead of the more usual http://www.example.com/), you will need to adjust the rootdir, rdfimage, imagedir, absolutedir, and cookiepath variables, and you also need to change your Apache config appropriately. If you're planning on having sections with more than two dots in the hostname (e.g. your mainpage will be at http://division.company.com/ with a section at http://newprojects.division.company.com/) you will also want to set the cookiedomain var (e.g. to .division.company.com). These are all in the vars table of your database.

    NOTE: Read the message printed at the end of running install_slashsite. Failure to pay attention here is another common reason we see for Slash installations not working.

    Ubuntu NOTE: Reported after installing on Kubuntu 7.10, a Slash install's idea of run-levels was not sufficient to start slashd at boot. The following makes sure that all the right run-levels are covered, and that rebuilding Slash won't mistakenly double-start the daemon:

      sudo update-rc.d -f slash remove
      sudo update-rc.d slash defaults
      sudo mv /etc/rc3.d/S*slash /etc/rc3.d/S99slash
      sudo mv /etc/rc6.d/K*slash /etc/rc6.d/K99slash
  7. Start it up.

    After installation of the site is done, you'll need to start Apache. Stop it if necessary, then start it:

            apachectl stop
            apachectl start

    Use the apachectl script under the APACHE_PREFIX you specified in step 3. Don't try its "restart" or "graceful" options, you'll need to do a full stop and start.

    Then run slashd. This should be done via the init script:

            /etc/init.d/slash start

    slashd is the daemon that runs routine maintenance on Slash sites, including sending out daily mailings, cleaning up the database, and updating stories. The init script above will start up an individual slashd daemon process for each installed site (and while running, they will spawn child processes, some of which may run for a long time or until you stop slashd with "slash stop").

    Now's a good time to (re)read the "SECURITY NOTES" section at the end of this file.

  8. Stay in touch.

    For as long as you are running a Slash site, you should stay on our "slashcode-announce" mailing list, to receive notification of security issues (and, rarely, other major news of interest to Slash admins). You can sign up at:

            https://lists.sourceforge.net/lists/listinfo/slashcode-announce

    You may wish to subscribe to "slashcode-general", for discussion of running Slash sites. This list probably averages 1-2 emails a day, mostly on administration issues, and bugs and features in Slash.

            https://lists.sourceforge.net/lists/listinfo/slashcode-general

    You may also wish to create a user on slashcode.com and subscribe to its daily newsletter. If/when news is posted to that site, you'll be in the loop.

    If you want to register your new site, feel free to do so at http://slashcode.com/sites.pl.

INSTALLATION OPTIONS

Multiple Servers

You can, of course, have a separate database server from your Slash server. Further, you can have multiple web servers for one Slash site, and a good thing too because web server RAM/CPU will probably be your first bottleneck as your site grows.

Slashdot has one primary server with all of the code (Apache, perl, etc.) in /usr/local. That server runs slashd and NFS. Our slashd writes directly to its /usr/local/slash. Each web server mounts /usr/local read-only over NFS. (Yes, NFS has a reputation for being flaky, but we've never had a problem with it, which we attribute both to good sysadmins and to only exporting our filesystem read-only.)

Some notes:

  • Make sure the MySQL server allows the user to log in from each web server, and the slashd server.
  • Make sure, if you use the same httpd tree on all machines, that the httpd.conf is listening to the proper IP addresses. This can be done by putting all of the IP addresses in the conf file, or by having a separate Listen file on each machine. Similarly, make sure that each web server's logfiles are unique to each machine, not written to the NFS volume.

Virtual Hosts

Slash has support for virtual hosts, so you can have multiple Slash sites on one machine. Simply execute step 6 in the install process for each Slash site (after adding a new virtual user to DBIx::Password for each).

SSL

In Slash, there are two variables for the root URL of the site. absolutedir is the full URL, including protocol, while rootdir is the URL without protocol:

        absolutedir     http://slashcode.com
        rootdir         //slashcode.com

absolutedir is used only for creating external links to the site (such as in RSS files). rootdir is used for internal links; that way, you can use the same HTML pages for SSL and non-SSL. You don't have to do anything special to the code or preferences to allow it to work with SSL by itself, SSL and non-SSL together, or non-SSL by itself.

Non-Root

It is theoretically possible to install and run everything here without root.

It is not easy. If you don't know your flavor of unix intimately, we don't recommend trying this.

Describing the process for a non-root install would take up significant space and time, having to account for differences in various systems, and all the workarounds necessary for it to work. We don't support it, and we're not going to document it.

If you must have a non-root install, consult the various documentation for Apache, MySQL, and perl about running and installing without root access. Then, for Slash, you need to set the make variables PREFIX, SLASH_PREFIX, and INIT appropriately for your needs.

Note: Slash sites (or, more accurately, Apache + mod_perl and MySQL) take up a lot of system resources. It is not advisable for anyone to run Slash on any system, without the permission of the administrator of that system.

Memcached

Memcached is not required, but Slash includes optimizations that move load from your (expensive) MySQL server to a (very cheap) memcached server or servers. If you are concerned about performance, this is one of the first options to install. You can probably install it using your operating system's package management, and/or see http://www.danga.com/memcached/.

A 64 or 128 MB memcached instance should be plenty for moderate-sized Slash sites. Just set the vars 'memcached', 'memcached_keyprefix', and 'memcached_servers', and restart apache and slashd. That's it.

(As of August 2006, Slashdot uses a total of 2 GB of memcached, but that's in small allocations spread across many servers because we like redundancy. Last I checked the 2 GB wasn't even half full.)

Separate Image Server

Those of you with infinite RAM will have no problems hosting as many Slash sites as you want on a single box running just Apache. Those whose RAM is limited may be able to keep your MaxClients down to a reasonable level to avoid going into swap, and still not lock clients out of your website, by using a separate webserver process to deliver your images.

This is possible with any website, of course, not just a Slash site, but because Slash's httpd clients all have mod_perl, a lot of perl modules, and a lot of templates all compiled into RAM, they are especially heavy. While serving an image may take only a few milliseconds, which would you rather have tied up on your computer for those milliseconds, 25 MB of RAM or 5 MB?

Slashdot, and some other Slash sites we're hosting, are currently using boa 0.94.14rc17 (http://www.boa.org/) for images. Boa is fast and has a small footprint. It's easy to build (./configure && make) but you have to install it yourself by copying the binary and mkdir'ing a little tree wherever you want it. We did roughly this. Your mileage may vary. This sets up an alternate server just for images on port 8080, and sets Slash's imagedir var to point to it. Your apache will still serve images at the old URLs if anyone requests them, but nobody will, because your site's pages will all point to boa:

        # Install boa and set up its files.
        cd /usr/local/src/boa-0.94.14rc17
        ./configure && make
        mkdir /usr/local/boa
        mkdir /usr/local/boa/bin
        mkdir /usr/local/boa/htdocs
        cp -a src/{boa,boa_indexer,webindex.pl} /usr/local/boa/bin/
        ln -s /usr/local/slash/site/mysite/htdocs/images /usr/local/boa/htdocs/images.mysite.com
        touch /usr/local/boa/htdocs/favicon.ico

        # Set up and edit boa conf file.
        cp examples/boa.conf /usr/local/boa/
        # At this point we patched /usr/local/boa/boa.conf, changing
        # Port to 8080, ServerName to www.mysite.com, DocumentRoot to
        # /usr/local/boa/htdocs, and commenting out the DirectoryIndex,
        # DirectoryMaker, Alias and ScriptAlias directives.

        # Start boa.
        /usr/local/boa/bin/boa

        # In mysql client:
        # UPDATE vars SET value='//www.mysite.com:8080/images.mysite.com' WHERE name='imagedir';
        # INSERT IGNORE INTO story_dirty SELECT stoid FROM stories WHERE in_trash='no';

        # Restart apache, slashd;  let slashd rewrite .shtml files both
        # recent and archived.

You'll probably also want to create a script in your init.d and rcN.d directories so boa runs at startup along with apache.

UPGRADING

Some of these upgrade procedures are still in testing. Please read them entirely before beginning. We are not responsible for any loss of data or functionality.

Slash 1.0 -> Slash 2.2

You've got a site running Slash 1.0, from 2001? We're so sorry to hear that.

Please read the complete documentation of utils/slash1toslash2.2. We believe it will convert your database from Slash 1.0 to a new Slash 2.2 database, but it hasn't been tested in some time. The program documentation (which can be read with perldoc) details exactly what process it follows to do the conversion, so you can attempt to do it by hand if you prefer.

Slash 2.0 -> Slash 2.2

Slash 2.2 is a major upgrade from Slash 2.0. It takes a little bit of work to get it going.

  1. BACK EVERYTHING UP ON THE EXISTING SITE.
  2. Install Bundle::Slash. If you have done so previously, follow the instructions for removing the existing version of Bundle::Slash before proceeding.
  3. Apply this patch to your installed Slash::Install module (probably easiest to hand-edit the file):
      --- Install.pm~ Wed May  9 15:02:34 2001
      +++ Install.pm  Fri Sep 28 12:44:41 2001
      @@ -116,7 +116,7 @@
       sub writeTemplateFile {
              my($self, $filename, $template) = @_;
              open(FILE, '>' . $filename) or die "$! unable to open file $filename to write to";
      -       for (keys %$template) {
      +       for (qw(section description title page lang name template seclev)) {
                      next if ($_ eq 'tpid');
                      print FILE "__${_}__\n";
                      $template->{$_} =~ s/\015\012/\n/g;
  4. Run template-check on your site, and make a note of every change you've made to the standard templates. You will need to make those changes again, manually, later.

    This is unfortunately unavoidable, because templates include code that changes significantly between releases. It is recommended that you compile your changes into a THEME so they may easily be updated and applied.

  5. Stop Apache and slashd on the target machine(s).
  6. Install Slash.

    If installing on a different machine ...

    1. Install slash 2.2 as normal. Do not yet run install-slashsite.
    2. Make sure that from this machine, you can access not only the database used for this installation, but the one used for the old installation. You may wish to, instead of accessing that database directly if it on another machine, dumping it and adding it to your new database server under a different name.
    3. Add a virtual user to DBIx::Password for the old installation.

    If installing on the same machine ...

    1. Create a new database for the new installation. You cannot use the same database for both installations.
    2. Add a new virtual user to DBIx::Password for the new database, and update (and flush) MySQL privileges appropriately. You cannot use the same virtual user for both installations.
    3. It is highly recommended that you move /usr/local/slash (or whatever your installation directory is) to a new location, such as /usr/local/slash-old, and install a clean slash 2.2 installation. However, this is not necessary to do; you may install slash 2.2 on top of the slash 2.0 installation.

      The reason to not move anything is that you can keep any customizations done (images, additional scripts and plugins, static files, etc.). The reason to move it is so that everything is clean. It is highly recommended that you move it, and then manually copy back the pieces you want.

    4. In any event, either move the old directory, or don't, and then install slash 2.2 as normal. Do not yet run install-slashsite.
  7. If you have plugins or themes from the old installation to install, copy them over now. Warning: some plugins and themes might need to be ported first. You may wish to deal with them later if they are not yet ported to slash 2.2.
  8. Run install-slashsite. Use the new virtual user.
  9. Copy over any files (images, FAQs, etc.) that need to be copied, if necessary.
  10. Run update script, utils/slash2toslash2.2. Read its instructions!
  11. Update templates.
  12. Doublecheck Apache configs (httpd/slash.conf, site/sitename/sitename.conf). These configs have changed from the last version. Read the comments and set them up as desired.
  13. Start Apache.
  14. Start slashd.

Slash 2.2.x -> Slash 2.2.y

Read all of this section before doing any of it.

The first thing to do is to, as per the instructions below under INSTALLATION, unpack the latest distribution and run make and make install with the proper arguments.

Overwriting Changes

This process will overwrite any customizations of your installed modules, or customizations of the installed scripts in /usr/local/slash/themes/ and /usr/local/slash/plugins/ (for themes and plugins that come with Slash). If you ran install-slashsite with the default option of using symlinks, and made customizations to the originals instead of breaking the symlink and copying the file over, then this will overwrite your changes.

If you did modify the original instead of a copy, then break the symlink, copy over the original (as modified), and then continue. The original will be copied over by the new version, and your modified copy will remain intact.

Templates

With every update, there are changes to templates. But most people will modify their templates. A relatively simple way to see what has changed is to use template-tool and template-check. This procedure should help most users deal with the integration of new templates into an existing site (it will only work with the slashcode theme, but a simple modification to the code of template-check can fix that).

Dump

Use template-tool to dump your templates into an empty directory.

        % mkdir templates
        % cd templates
        % template-tool -u VIRTUAL_USER -d

(Defaults to current directory.)

Compare

Use template-check to compare installed templates in /usr/local/slash/themes/slashcode/ and /usr/local/slash/plugins/ against the templates that have been dumped.

        % template-check -u VIRTUAL_USER

(Defaults to current directory.)

This will use diff to show you the differences. You can either go into the templates with a text editor (in another window) and change the dumped ones by hand, edit them by hand in the Template Editor via the web browser, or take a note of every template you want to copy over your existing template.

After each directory of templates is done, hit "q" to continue to the next plugin/theme.

Sync

If you made changes by hand via the web, you are done. Otherwise, take the list of templates to update, and pass the full filenames to template-tool (this will either be the templates you modified by hand in the dump directory, or the unmodified ones in the installation directories). You might need to put each filename in quotes because of the ";" character in the filenames. This will overwrite your existing template with the new template.

        % template-tool -u VIRTUAL_USER -s LIST

Slash 2.2.6 -> Slash CVS

Use the sql/mysql/upgrades file; see "VERSIONS", "CVS tags", below. This file is human-readable and very long. You can upgrade a 2.2.6 to the latest CVS by methodically applying every step in this file, but it is tedious and requires an engaged human brain reading the comments (i.e., don't "mysql slash < upgrades", that will fail miserably).

Slash CVS -> later Slash CVS

Again, use the sql/mysql/upgrades file (and the caveat just mentioned still applies). Start from the CVS tag you left off at, and proceed to the CVS tag you upgraded to (which should be the end of the file). If you're not sure which tag you left off at, you might check the var 'cvs_tag_currentcode', which will contain the right value if you last updated after September 2005.

In general, you should stop apache and slashd, do a "make install", apply the upgrades file a line at a time for each Slash site, run "template-tool -U -u virtusename" and "symlink-tool -U -u virtusername" for each Slash site, and then start slashd and apache back up.

REQUIREMENTS

Software Requirements

Below, we list the main software components needed. The recommended version is given. Usually this is the version we have done extensive testing on, typically a version we have used on Slashdot for some time. In parentheses we include (but do not recommend or support) the earliest version we believe could work.

Perl

Version 5.8.7 (5.6.1).

        http://www.cpan.org/
MySQL

Version 5.0.22 (4.0.12).

        http://www.mysql.com/

MySQL 3.23.x is no longer supported, as of CVS tag T_2_5_0_33 (October 18, 2004). MySQL 4.0.x is not being actively updated by MySQL AB except for security issues (though as far as we know it still works fine), so we would recommend that you upgrade to at least 4.1.x. At some point in the future we will switch over to some syntaxes which have been recommended for some time which will break on 4.0.x, so you'll have to upgrade to at least 4.1.x eventually anyway. (You probably have until 2007 before we spring this on you.)

Slashdot ran on 4.1.x for a long time with no problems, so we now recommend either that or 5.0.x. We have been testing on 5.0.x for months, and as of this writing (August 2006), Slashdot has been running on 5.0.18 and 5.0.22 for some time with no problems. For what it's worth, we have found the MySQL upgrade process, even between major versions, to be about as painless as we could have imagined.

Apache

Version 1.3.34 (1.3.33).

        http://httpd.apache.org/

Since most of Apache 1.3.x's recent releases included security fixes, we wouldn't recommend running an earlier version. Slash is not compatible with Apache 2.x and we have no plans to port to 2.x (though we aren't excluding the possibility).

mod_perl

Version 1.29.

        http://perl.apache.org/
memcached

Version 1.1.12 (1.1.11).

See "Memcached" above.

Sendmail or other mail transport agent

Refer to your OS distribution.

Perl module distributions

The latest version of each perl module is recommended. To download and install them, use CPAN -- see "INSTALLATION", item 4, "Install the perl modules."

Libraries

For Compress::Zlib, the zlib development library is required. For XML::Parser, the expat library is required. If they are not present on the system already, download and install them before installing the modules.

        http://www.gzip.org/zlib/
        http://sf.net/projects/expat/

The current list of required perl modules can be found in the Bundle/Slash.pm file. At its end we also list optional modules, which may be required depending on your setup.

Debian libraries

On Debian Linux, or Debian-based distributions like Ubuntu, the above libraries can be installed with:

        apt-get install zlib1g zlib1g-dev libexpat1 libexpat1-dev

Also on Debian, as of the current writing (July 2006), you will want libperl-dev. DBD::mysql requires mysql_config and mysql.h; on Debian stable, try libmysqlclient12 (and -dev) for 4.0.x and/or libmysqlclient14 (and -dev) for 4.1.x. On testing or unstable, try libmysqlclient15off and libmysqlclient15-dev.

Hardware Requirements

There are no specific hardware requirements.

Slash is designed to work well on multi-machine setups, with one or more webheads that are separate from one or more MySQL DB machines. But for low-load sites (1-5 pages/sec or slower), it can probably be run OK on a single machine.

Apache (with mod_perl) and MySQL both take up a lot of RAM. Running a complete system with 128MB might be possible, if you do some tuning of the configuration, but a practical minimum of 256MB is recommended, and you will be much happier with at least 1GB of RAM. See "INSTALLATION OPTIONS", "Separate Image Server" for tips on saving some RAM.

Disk space depends on how busy you expect the site to be. Slash keeps a small database -- even Slashdot's DB compresses down to a few GB. The disk files as installed are under 0.5 GB, and grow predictably as stories and comments are added (keep an eye on the site/foo/logs/ directory, too). A minimum of 1 GB of disk is recommended.

Necessary processor speed is also dependent on how busy the site is. A Pentium II/400 equivalent is recommended, but obviously, the faster the better.

For the curious, Slashdot (as of September 2001) runs on nine machines: nine webservers (each is Pentium III/600, 1GB RAM, 9GB hard drive), one NFS server (600MHz PIII, 1GB RAM), and three database servers (quad 600MHz PIII, 4GB RAM). One database server is live, one is a replicated backup, and a third is for doing live searches and performance-intensive SELECTs by daemons etc.

However, this is certainly overkill for most sites (and possibly even overkill for Slashdot). slashcode.com runs on two web servers and one NFS/database server. Many sites can run fine on just one machine for everything (we use a minimum of two web server machines on every site for load balancing and redundancy).

If you're concerned about performance, the bin/mechmonkey script may help provide load vaguely similar to real user patterns, though it doesn't try simulating logged-in users. One more data point: my personal machine is a 2.4 GHz Athlon with 1.5 GB RAM and an IDE disk, and it easily handled the load when its Slash site got a mild Slashdotting (a link in a non-major story, about 10 pages/sec).

VERSIONS

Each version of slash has a code name, and the files on CVS for that version are tagged with that name. The current release is always MAIN. The versioning scheme is as Linux and perl are, revision.version.subversion. version is even for releases, and odd for development. The codename applies to the development version and subsequent release.

For example, 1.0.11 is a normal release, while 1.1.0 is the first development release for what will be the next release (either 1.2 or 2.0).

The CVS repository is tagged with version numbers, so to get release 1.0.3, use tag "v1_0_3_0". The last number (in this case a zero) will be incremented during development ("v1_0_3_1", "v1_0_3_2", etc.) until the next release. Non-release versions are tagged with a T_ or R_ prefix. We are currently developing 2.5.x, so our CVS tags are T_2_5_0_x and R_2_5_0_x (though there was no 2.4.0 release and to date has been no 2.5.0).

Codenames

v1.0

beast

v2.0

bender

v2.2

fry

v2.3

(never released)

v2.4

(never released)

v2.5

leela

Security note

We are no longer releasing bugfixes, even for security, for the 1.0 or 2.0 versions, and do not recommend their use. If we become aware of security issues in the 2.2 tree, we will release another version. For this reason, if you are using any version of Slash in 2.2.x or earlier, we recommend you upgrade at the very least to the latest version of 2.2, which as of this writing (August 2006) is 2.2.6.

CVS tags

Our development of 2.3/2.5 has gone on exceptionally long without a tarball release of either 2.3.0 or 2.5.0. Most Slash hosting sites are choosing to follow CVS instead of waiting, and we encourage this.

Installation of the latest CVS (as of August 2006) is almost identical to the installation of 2.2.

You probably do not want to use the very latest CVS, as the Slash developers are constantly updating it. If you wish to live on the edge, try a T_2_5_0_x tag ("Testing in 2.5.0 branch" -- one or two of these are added every week, Slashdot uses them, but they may have bugs). If you are content with recent code that the developers believe is likely to be free of major bugs, look for a recent R_2_5_0_x cvs tag ("Release candidates for 2.5.0").

To upgrade from 2.2.x to the CVS tree, you will need to follow the instructions in the sql/mysql/upgrades file. At the moment, these are just SQL commands you will need to issue, but read carefully because you may have to use judgement and issue command-line commands and so on. (We are working on a tool to automate this process.) Once you are upgraded to, or have installed, a given CVS tag, upgrading to later CVS tags is simply a matter of following along in that file -- we append as we go, and each T_* tag is clearly marked.

TROUBLESHOOTING COMMON INSTALLATION PROBLEMS

Here are some common errors reported by other site administrators.

  • Webpages show the error: "The server encountered an internal error or misconfiguration..."

    Check your Apache error logs for a more specific error.

  • "Can't locate Slash.pm in @INC..."

    One possibility is that you didn't actually make install Slash in step 5, which would be a pretty serious omission.

    It's also possible that the apache or slashd process issuing this error doesn't have permissions to read Slash.pm, or is using a different version of perl than you expect with a different set of @INC directories than you expect. Try, at the command line:

            which perl
            head -1 /usr/local/slash/sbin/slashd
            perl -MSlash -le 'print $INC{"Slash.pm"}'

    and see if it emits the perl binaries you expect and the location of Slash.pm that you expect. Check file permissions and see "Multiple perls installed" below.

  • I installed Slash twice and it didn't work.

    Did you uninstall before reinstalling? See "UNINSTALLING" below. If you intend to reinstall with the same database and site name, steps 4 and 7 are not optional.

  • "Can't locate MIME/Types.pm in @INC..."

    This used to be required only for plugins/Blob and you probably didn't follow its README after you installed it. Now it's in Bundle::Slash; try reinstalling Bundle::Slash (and see "Old Version of Bundle::Slash" above).

  • DBD::mysql will not install.

    As of October 2006, its tests by default assume you have a running mysqld on localhost, with a database named 'test', accessible to the user 'root' with no password. If you don't have a database named 'test', create one with CREATE DATABASE test;. If you don't run mysqld on the same machine as you're installing the module, or if you have a password for its 'root' user (good idea), almost all its tests will fail. You can either override the failures with

            cpan> force install DBD::mysql

    or (better) run proper tests by telling it the actual mysqld host, user, and password to connect to, with

            cpan> look DBD::mysql
            # perl Makefile.PL --usage
            # perl Makefile.PL --testmycustomargs=foobar
            # make && make test && make install
  • "Can't call method '(whatever)' on an undefined value at..."

    Slash can't connect to your database server. (This manifests as the variable $slashdb being undef. Which method happens to emit this error depends on which code path first tries to use $slashdb.)

    To start troubleshooting this, see "Database authentication issues" below.

  • I created a new author but s/he doesn't show up in authors.pl and can't post stories.

    For performance reasons, Slash aggressively caches the list of which users are authors. After you mark a user as an author and boost their seclev (maybe to 100) in users.pl, go back to the command line and run the refresh_authors.pl task by hand:

            # /usr/local/slash/bin/runtask -u yourvirtuser refresh_authors

    Then restart apache and slashd. That user will now be able to post stories. The authors.pl listing will update some time after the first story is actually posted.

  • Freshly-posted stories aren't showing up on the homepage.

    Are you sure slashd is running? If a story appears on /index.pl but not /index.shtml, and it's more than a few minutes old, check the output of 'ps' for slashd, and check slashd.log for errors.

  • "Use of uninitialized value in..."

    Just a harmless warning, ignore it. It helps us find errors, but you don't need to worry about it.

Here are some other common reasons why Slash installations fail.

  • Failure to build mod_perl with PERL_MARK_WHERE=1 EVERYTHING=1.

    We emphasize this in the instructions for a reason. Go back and reread the Installation Procedure, step 3.

  • Perl module installation troubles.

    If you have a unix-like system with CPAN properly installed and no serious firewall issues, perl module installation will usually go pretty smoothly. Some modules will have overactive testing code; for example, if your system lacks nslookup, some of the net-related modules may complain and refuse to install themselves even though it isn't strictly speaking necessary. If you're pretty sure you're a victim of overactive testing, force install Foo::Bar for the offending module and then try install Bundle::Slash again.

    If you're having CPAN installation troubles, upgrading to the latest version will make life easier. Note that you'll want to recompile mod_perl/Apache after upgrading perl.

  • Multiple perls installed.

    If you have more than one binary file named perl, trouble awaits. It's OK to have a /usr/bin/perl5.00503 even after installing 5.6.1, say. But if your /usr/bin/perl is a different version from /usr/local/bin/perl, you may be in for a world of hurt.

  • httpd.conf errors.

    After you install-slashsite, you're told that you probably want to add Include /usr/local/slash/httpd/slash.conf to its httpd.conf. Note that that file Include's your site-specific conf file at /usr/local/slash/site/sitename/sitename.conf. One way or another those site-specific directives have to be processed by Apache.

    Are you doing virtual hosting? Make sure you've set it up correctly.

  • Database authentication issues.

    For each dynamic page your Slash site delivers, an Apache httpd child needs to connect to your MySQL server. There's a chain of access to get from Apache to MySQL and a number of places where it can break:

    • The Apache child httpd process needs to have read access to your DBIx/Password.pm module file. That process is probably running as "nobody:nobody" (or similar). If you don't know where DBIx/Password.pm was installed, try:

      # perl -MDBIx::Password -le 'print $INC{"DBIx/Password.pm"}'

      If that fails, it's probably not installed; check also

      # locate DBIx/Password.pm | grep perl

      Make sure the module is installed and that "nobody:nobody" can read its .pm file. If you've sharing that file over the network, did you set up ownership correctly?

    • The DBIx/Password.pm file needs to be correctly configured. Open it up with a text editor and make sure $virtual1 contains an entry for your Slash virtual user that is correct in every respect: driver, (MySQL) username, database, password, host, and connect string. These are the values you typed in when you installed the module but maybe you made a typo.

      If you have only one machine for your whole setup, host can be "localhost". Otherwise use an IP number.

    • Network connectivity.

      Can the Apache machine connect to the MySQL machine?

    • MySQL permissions.

      The username field in your DBIx/Password.pm file refers to a MySQL user which you set up in step 1 of the Installation Procedure. Make sure this user has permission to connect to the Slash site's database you also set up in step 1 (and check it from the Apache machine over the network too). If you don't fully understand MySQL permissions, don't guess; start your reading here:

      http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Administration.html#Privilege_system

    • mod_gzip

      Are you finding that POST operations fail? Have you compiled in mod_gzip? mod_gzip 1.3.19.1a doesn't handle incoming POST very well, with the result that our User.pm handler() gets called twice, and the second time through, there's no more data on STDIN, so your form is empty. We use this patch to make it ignore POSTs:

              --- mod_gzip_BROKEN_FOR_POST.c  2003-09-26 14:26:36.000000000 -0700
              +++ mod_gzip.c                  2003-10-06 11:39:45.000000000 -0700
              @@ -2155,12 +2155,15 @@
                   ap_table_setn( r->notes,"mod_gzip_result",ap_pstrdup(r->pool,"DECLINED:UNHANDLED_REDIR"));
                  }
                else
                  {
                   ap_table_setn( r->notes,"mod_gzip_result",ap_pstrdup(r->pool,"DECLINED:INIT1"));
                  }
              +   if ( r->method_number == M_POST ) {
              +       return DECLINED;
              +   }
      
                ap_table_setn( r->notes,"mod_gzip_input_size", ap_pstrdup(r->pool,"0"));
                ap_table_setn( r->notes,"mod_gzip_output_size",ap_pstrdup(r->pool,"0"));
                ap_table_setn( r->notes,"mod_gzip_compression_ratio",ap_pstrdup(r->pool,"0"));
      
                #endif

      Or just use mod_gzip 1.3.26.1a and omit POST from the list of methods it handles, in your httpd.conf:

              mod_gzip_handle_methods GET
  • Types of Users

    Make sure you don't confuse the different types of "users":

    • unix system user account -- given in httpd.conf User directive and in the second field of slash.sites, defaults to 'nobody' unless you changed it in Step 5;
    • DBIx::Password virtual user -- given in httpd.conf SlashVirtualUser directive and in the first field of slash.sites, you picked this in Step 4 when you installed DBIx::Password;
    • MySQL user -- given as the DBIx::Password virtual user's 'username' hash value, points to the database user you picked in Step 1.

    If slashd doesn't seem to be working, check its log and make sure it has permission to write its files. It is probably running as your Apache user "nobody", and if that user doesn't have write permission to your web directories and/or .shtml and .rss files and so on, slashd's current behavior is to log an error and die. (If you want to make slashd run as a different unix system user, edit the second field in /usr/local/slash/slash.sites.)

If you've doublechecked all this, you're sure you followed the directions, and it still doesn't work, stop in IRC #slash on irc.slashcode.com and ask your question. Someone there may know the answer. Also, Shane, aka tf23, maintains an unofficial Slash FAQ which you may find helpful:

http://slash.lottadot.com/faqster.pl?op=view&fid=1#c_Troubleshooting

If you are trying to install Slash from someone else's package, maybe a BSD package, or an RPM that someone built, or by a Debian apt-get command -- good luck to you, we hope it goes well, we love packages, they're great when they work. But if installation fails, complain to the package maintainers, not us. For those who download our tarball and follow our instructions carefully, installation should go smoothly.

UNINSTALLING

If you want to uninstall a site, there are two steps you must follow:

  1. Stop slashd with /etc/init.d/slash stop (/etc/rc.d/init.d/slash stop for Red Hat systems). Then edit /usr/local/slash/slash.sites to remove the line referencing the site you wish to uninstall. Then if any lines remain, restart slashd with /etc/init.d/slash start.
  2. Edit your Apache httpd.conf file so that the directives for the site's VirtualHost are not included. If you did the standard install, that file probably Includes /usr/local/slash/httpd/slash.conf, which Includes /usr/local/slash/yoursitename/yoursitename.conf, so you'll want to delete or comment out the Include line in the file /usr/local/slash/httpd/slash.conf. Restart Apache with /usr/local/apache/bin/apachectl stop ; sleep 10 ; /usr/local/apache/bin/apachectl start.

There are also five optional steps you may follow:

3.

Back up your site's database, if it has anything you care about: mysqldump -umysqlusername -p sitedatabasename > /some/dir/sitedb.sql.

4.

Drop your site's database: echo DROP DATABASE sitedatabasename | mysql -umysqlusername -p.

5.

Remove the virtual user for your site's database from the DBIx::Password file, whose location you can probably find with:

# perl -MDBIx::Password -le 'print $INC{"DBIx/Password.pm"}'

6.

Back up your site's html documents, if you care about any of them: cp -pvR /usr/local/slash/site/yoursitename/htdocs /some/dir/htdocs.

7.

Delete your site's directory tree: rm -rf /usr/local/slash/site/yoursitename.

SECURITY NOTES

Older Slash versions

Slash prior to versions 2.2.6 must be upgraded to 2.2.6. See the section "UPGRADING", above.

DBIx::Password

DBIx::Password is essentially a keychain to give access to one or more databases. The "key" that gives access to your Slash site(s) is simply the ability to read its file, DBIx/Password.pm. By default, this file is owned by root, and set world-readable (444), so any process running on any of your web server or slashd machines will have full read/write access to your Slash database.

In general, don't allow people you don't trust onto your systems. Local exploits are far more common than remotes, and the properly paranoid system administrator should probably assume that a determined attacker who can log into an ordinary account can gain root (which is of course a superset of gaining read/write access to your Slash database).

But it doesn't hurt to try to prevent local attacks. We recommend you chmod DBIx/Password.pm 440, assign it a group other than the standard "nobody" or "nogroup", and configure your apache and slashd to run as users which have that group. That way, users not in the group will not be able to read your MySQL passwords in that file.

For example, on my personal sites, I create the unix group "dbixpass", assign the users "apnobody" and "slnobody" to it, and set Apache and the slashd daemon to use those users. On my Linux system:

        groupadd dbixpass
        useradd -G dbixpass -s /bin/false apnobody
        useradd -G dbixpass -s /bin/false slnobody
        locate DBIx/Password.pm
        perl -MDBIx::Password -le 'print $INC{"DBIx/Password.pm"}'
        chgrp dbixpass /all/files/found/for/DBIx/Password.pm
        chmod 440 /all/files/found/for/DBIx/Password.pm
        vi /usr/local/apache/conf/httpd.conf
                (edit "User nobody" to "User apnobody")
                (then install-slashsite specifying "slnobody" as
                 the user, or, if install-slashsite was already run
                 with the default user...)
        chown -R slnobody /usr/local/slash/site/mysite
        vi /usr/local/slash/slash.sites
                (edit second field to "slnobody")
Memcached

Memcached grants full read/write access to any client able to connect. If you enable memcached for Slash, you must configure your network to reject any unauthorized connections. Any process running on any of your web server or slashd machines can read, among other things, all user data, including passwords, of any of your users, including admins, who have logged in recently.

If your Slash site is running entirely on one machine, make sure memcached is listening only on 127.0.0.1.

Of course, that doesn't help you against attackers on that one machine. Again, don't allow people you don't trust on your systems. If you can't follow this rule, your only option is to not enable memcached (do not set the var "memcached").

Slashcode-announce

Please subscribe to our "slashcode-announce" mailing list, and stay subscribed as long as you run a Slash site. Any security notifications that affect Slash sites will be sent to this mailing list. If you don't subscribe, you may miss a notice, which may have serious implications for the security of your website and its users.

This is a very low traffic list: in the past 4 years, we haven't had to send out any notices. You can subscribe here:

        https://lists.sourceforge.net/lists/listinfo/slashcode-announce

VERSION

$Id$

Jump to Line
Something went wrong with that request. Please try again.