We try to set up common services in a consistent manner. Generally, a shared service should live in `/afs/hcoop.net/common/app/$app`, and be configured to track a release branch in the upstream version control to make updates easy. Review all hosted applications at least quarterly.

Make sure `system:anyuser` has as little access as needed and restrict the things service keytabs can modify.

'''todo: explains acls etc. more consistent formatting.'''

== roundcube mail ==

https://webmail.hcoop.net

Root = `/afs/hcoop.net/common/app/roundcube/app`. Logs are written to `$root/logs`, temp files in `$root/temp`. Main source is in `$root/roundcubemail`, tracking the `release-1.2` branch.

Runs as pts user `roundcube`.

The configuration is stored in `$root/config/config.inc.php`. It is regrettably not synchronized with the upstream defaults, so on every update make sure to `git diff -p config/config.inc.php.dist` and scan for any relevant changes to the default config we should adopt.

=== Upgrading ===

Additional libraries are managed by composer and not under git control, run `php composer.phar update --no-dev` each upgrade.

You will also beend to run `$root/app/bin/update.sh` after each update to ensure that database tables are updated. It's a bit complicated due to our use of ident for postgres auth, and must be run from the webserver:

{{{
YOU$ sudo -u roundcube bash
# all commands are in the roundcube bash
roundcube$ unset KRB5CCNAME
roundcube$ kinit YOU && aklog # must be member of system:administrators to write
roundcube$ ./bin/update.sh
}}}

This should advise if any changes to the config/environment are needed, and upgrade the postgres schema.

== phpmyadmin ==

Root = `/afs/hcoop.net/common/app/phpmyadmin/`. Git source in `$root/phpmyadmin`, tracking the `STABLE` branch.

Runs as pts user `phpmyadmin`.

== Other Services ==

Some services have more detailed maintenance documentation:

 * /BugZilla
 * /MoinMoin

----
CategorySystemAdministration