We try to set up common services in a consistent manner. Generally, a shared service should live in /afs/hcoop.net/common/app/$app, and be configured to track a release branch in the upstream version control to make updates easy. Review all hosted applications at least quarterly.
Make sure system:anyuser has as little access as needed and restrict the things service keytabs can modify.
todo: explains acls etc. more consistent formatting.
1. roundcube mail
Root = /afs/hcoop.net/common/app/roundcube/app. Logs are written to $root/logs, temp files in $root/temp. Main source is in $root/roundcubemail, tracking the release-1.2 branch.
Runs as pts user roundcube.
The configuration is stored in $root/config/config.inc.php. It is regrettably not synchronized with the upstream defaults, so on every update make sure to git diff -p config/config.inc.php.dist and scan for any relevant changes to the default config we should adopt.
1.1. Upgrading
Additional libraries are managed by composer and not under git control, run php composer.phar update --no-dev each upgrade.
You will also beend to run $root/app/bin/update.sh after each update to ensure that database tables are updated. It's a bit complicated due to our use of ident for postgres auth, and must be run from the webserver:
YOU$ sudo -u roundcube bash # all comments are in this shell roundcube$ unset KRB5CCNAME roundcube$ kinit YOU && aklog # must be member of system:administrators to write roundcube$ ./bin/update.sh
This should advise if any changes to the config/environment are needed, and upgrade the postgres schema.
2. phpmyadmin
Root = /afs/hcoop.net/common/app/phpmyadmin/. Git source in $root/phpmyadmin, tracking the STABLE branch.
Runs as pts user phpmyadmin.
3. Other Services
Some services have more detailed maintenance documentation: