VOCP System - VOCPweb - Install

 

Installing VOCPweb is not overly complex but does require some configuration of your web server.
Note: VOCPweb is being rearchitectured and the new version will be included in an upcomming release of VOCP.


Requirements:

  • A complete VOCP installation
  • Apache or another web server
  • The Perl CGI module (installed by default with Perl)
  • The Crypt::CBC module and an accompanying block cipher (eg Crypt::Blowfish, can both be installed during VOCP installation)
  • Some kind of setup to reach your internet connected machine, if you wish to access your messages from Tokyo or some other place outside the LAN.


Installation

Installation of vocpweb is done in two parts: the installation and setup of the vocpweb cgi and the webserver configuration.

Installation and setup of the vocpweb cgi
To ensure maximum privacy, messages have been left to users with 600 permissions for the owner (only readable by him/her). The web server usually runs as some other user (often 'nobody') and cannot normally read or manipulate these files. Therefore, either we need to make the files readable by the webserver or get the vocpweb cgi to run "set uid" (as another user - starts as root, becomes 'nobody' and then may become a given user to read that users files). This involves some security considerations. The setup presented here is most likely to be efficient and safe, while keeping users' messages private. For more detailed security considerations and alternative configurations, see the included SECURITY file.

The recommended installation method is to NOT run the program setuid. If your webserver is protected (say only accessible on an internal LAN) and your main, top and highest concern is protecting messages from internal threats, then you may choose to run the program suid - be sure to read the security information on the website or in the SECURITY file.


Steps common for all installations

  1. Choose a location (that is or will be) accessible by the web server and create the directory. We will assume you've selected /usr/local/apache2/htdocs/vocpweb/.
    # mkdir /usr/local/apache/htdocs/vocpweb
    
  2. Copy all the contents of /usr/local/vocp/vocpweb to that location
    # cp -R /usr/local/vocp/vocpweb/* /usr/local/apache2/htdocs/vocpweb
    
  3. Edit /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi and change the line
    my $CryptKey = "$DefaultCryptKey";
    
    line by replacing $DefaultCryptKey with some random string. You may also change the $CipherAlgo for another Crypt::CBC-compatible algorithm if you so desire and the given module is installed.
  4. If VOCP is installed somewhere other than /etc/vocp on your system, edit the line in vocpweb.cgi (near the top)
    my $VOCP_home = '/etc/vocp';
    
    so that the /etc/vocp is replaced by the actual location.

Steps for NORMAL (non-setuid and recommended) installation

  1. Uncomment the group option in vocp.conf and set it to the vocp group you created during the install, something like:
    group vocp 
    
    Also uncomment the cachedir option that should be nearby, and put
    cachedir cache
    
    This will make new messages readable by the vocp group. If you are upgrading VOCP, make sure any old messages that already exist are also readable by the group by doing
    # cd /var/spool/voice/incoming
    # chgrp -R vocp ./*
    # chmod -R g+r ./*
    
  2. Make sure /var/spool/voice/incoming/cache and /usr/local/apache/htdocs/vocpweb/sounds are writeable by the by the vocp group
    # chgrp vocp /var/spool/voice/incoming/cache
    # chgrp vocp /usr/local/apache/htdocs/vocpweb/sounds
    # chmod 775 /var/spool/voice/incoming/cache
    # chmod 775 /usr/local/apache/htdocs/vocpweb/sounds
    
  3. Add the webserver user to the vocp group
    # usermod -G vocp nobody
    
    (replacing nobody by the actual webserver user, which may be apache, www or something else) and restart the webserver (/usr/local/apache2/bin/apachectl restart will usually work for Apache).
  4. You are now done with the vocpweb setup, proceed to webserver setup below.

Steps for SUID installation

  1. If your web server runs as a user other than nobody (do a ps -ef | grep httpd to find out), change the line
    my $Web_serv_user = 'nobody';
    
    in /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi to the web server username on your system.
  2. Make sure /var/spool/voice/incoming/cache and /usr/local/apache/htdocs/vocpweb/sounds are writeable by anyone (and that the "sticky bit" is set)
    # chmod 1777 /var/spool/voice/incoming/cache
    # chmod 1777 /usr/local/apache/htdocs/vocpweb/sounds
    
  3. The message deletion button is disabled by default (this avoids mistakes by users but is also more secure). Since you are running suid you may enable it. If you wish to enable it change the line in /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi
    # $Allow_deletes -> must set equal to '1' for users to be
    # able to delete messages from the VOCPweb
    my $Allow_deletes = '0'; 
    
    to my $Allow_deletes = '1';
  4. Set the permissions on vocpweb.cgi so that it runs setuid
    # chown root /usr/local/apache/htdocs/vocpweb/vocpweb.cgi
    # chmod 4755 /usr/local/apache/htdocs/vocpweb/vocpweb.cgi
    

That's all for installing vocpweb.cgi. Now proceed to the web server configuration.

Go Back


© 2000-2003 Psychogenic inc. All rights reserved.