We try to set up common services in a consistent manner. Generally, a shared service should live in /afs/hcoop.net/common/app/$app, and be configured to track a release branch in the upstream version control to make updates easy. Review all hosted applications at least quarterly.
Make sure system:anyuser has as little access as needed and restrict the things service keytabs can modify.
todo: explains acls etc. more consistent formatting.
1. roundcube mail
Root = /afs/hcoop.net/common/app/roundcube/app. Logs are written to $root/logs, temp files in $root/temp. Main source is in $root/roundcubemail, tracking the release-1.2 branch.
Runs as pts user roundcube.
The configuration is stored in $root/config/config.inc.php. It is regrettably not synchronized with the upstream defaults, so on every update make sure to git diff -p config/config.inc.php.dist and scan for any relevant changes to the default config we should adopt.
Additional libraries are managed by composer and not under git control, run php composer.phar update --no-dev each upgrade.
You will also beend to run $root/app/bin/update.sh after each update to ensure that database tables are updated. It's a bit complicated due to our use of ident for postgres auth, and must be run from the webserver:
YOU$ sudo -u roundcube bash # all commands are in the roundcube bash roundcube$ unset KRB5CCNAME roundcube$ kinit YOU && aklog # must be member of system:administrators to write roundcube$ ./bin/update.sh
This should advise if any changes to the config/environment are needed, and upgrade the postgres schema.
Root = /afs/hcoop.net/common/app/phpmyadmin/. Git source in $root/phpmyadmin, tracking the STABLE branch.
Runs as pts user phpmyadmin.
3. Other Services
Some services have more detailed maintenance documentation: