Installing VOCPweb is not overly complex but does require some configuration
of your web server.
Note: VOCPweb is being rearchitectured and the new version will be
included in an upcomming release of VOCP.
Installation and setup of the vocpweb cgi
To ensure maximum privacy, messages have been left to users with 600 permissions for the owner (only readable by him/her). The web server usually runs as some other user (often 'nobody') and cannot normally read or manipulate these files. Therefore, either we need to make the files readable by the webserver or get the vocpweb cgi to run "set uid" (as another user - starts as root, becomes 'nobody' and then may become a given user to read that users files). This involves some security considerations. The setup presented here is most likely to be efficient and safe, while keeping users' messages private. For more detailed security considerations and alternative configurations, see the included SECURITY file.
The recommended installation method is to NOT run the program setuid. If your webserver is protected (say only accessible on an internal LAN) and your main, top and highest concern is protecting messages from internal threats, then you may choose to run the program suid - be sure to read the security information on the website or in the SECURITY file.
Steps common for all installations
- Choose a location (that is or will be) accessible by the web server and create the directory. We will assume you've selected /usr/local/apache2/htdocs/vocpweb/.
# mkdir /usr/local/apache/htdocs/vocpweb
- Copy all the contents of /usr/local/vocp/vocpweb to that location
# cp -R /usr/local/vocp/vocpweb/* /usr/local/apache2/htdocs/vocpweb
- Edit /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi and change the line
my $CryptKey = "$DefaultCryptKey";
line by replacing $DefaultCryptKey with some random string. You may also change the $CipherAlgo for another Crypt::CBC-compatible algorithm if you so desire and the given module is installed.
- If VOCP is installed somewhere other than /etc/vocp on your system, edit the line in vocpweb.cgi (near the top)
my $VOCP_home = '/etc/vocp';
so that the /etc/vocp is replaced by the actual location.
Steps for NORMAL (non-setuid and recommended) installation
- Uncomment the group option in vocp.conf and set it to the vocp group you created during the install,
something like:
group vocp
Also uncomment the cachedir option that should be nearby, and put
cachedir cache
This will make new messages readable by the vocp group. If you are upgrading VOCP, make sure any old messages that
already exist are also readable by the group by doing
# cd /var/spool/voice/incoming
# chgrp -R vocp ./*
# chmod -R g+r ./*
- Make sure /var/spool/voice/incoming/cache and /usr/local/apache/htdocs/vocpweb/sounds
are writeable by the by the vocp group
# chgrp vocp /var/spool/voice/incoming/cache
# chgrp vocp /usr/local/apache/htdocs/vocpweb/sounds
# chmod 775 /var/spool/voice/incoming/cache
# chmod 775 /usr/local/apache/htdocs/vocpweb/sounds
- Add the webserver user to the vocp group
# usermod -G vocp nobody
(replacing nobody by the actual webserver user, which may be apache, www or something else)
and restart the webserver (/usr/local/apache2/bin/apachectl restart will usually work for Apache).
- You are now done with the vocpweb setup, proceed to webserver setup below.
Steps for SUID installation
- If your web server runs as a user other than nobody (do a ps -ef | grep httpd to find out),
change the line
my $Web_serv_user = 'nobody';
in /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi to the web server username on your system.
- Make sure /var/spool/voice/incoming/cache and /usr/local/apache/htdocs/vocpweb/sounds
are writeable by anyone (and that the "sticky bit" is set)
# chmod 1777 /var/spool/voice/incoming/cache
# chmod 1777 /usr/local/apache/htdocs/vocpweb/sounds
- The message deletion button is disabled by default (this avoids mistakes by users but is also
more secure). Since you are running suid you may enable it. If you wish to enable it change the
line in /usr/local/apache2/htdocs/vocpweb/vocpweb.cgi
# $Allow_deletes -> must set equal to '1' for users to be
# able to delete messages from the VOCPweb
my $Allow_deletes = '0';
to my $Allow_deletes = '1';
- Set the permissions on vocpweb.cgi so that it runs setuid
# chown root /usr/local/apache/htdocs/vocpweb/vocpweb.cgi
# chmod 4755 /usr/local/apache/htdocs/vocpweb/vocpweb.cgi