<HTML
><HEAD
><TITLE
>Step-by-step Install</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="The Bugzilla Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="Installation"
HREF="installation.html"><LINK
REL="PREVIOUS"
TITLE="Installation"
HREF="installation.html"><LINK
REL="NEXT"
TITLE="Optional Additional Configuration"
HREF="extraconfig.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="installation.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 4. Installation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="extraconfig.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="stepbystep"
></A
>4.1. Step-by-step Install</H1
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="intstall-into"
></A
>4.1.1. Introduction</H2
><P
>Bugzilla has been successfully installed under Solaris, Linux,
and Win32. Win32 is not yet officially supported, but many people
have got it working fine.
Please see
<A
HREF="os-specific.html#os-win32"
>Section 4.3.1</A
>
for further advice on getting Bugzilla to work on Microsoft
Windows.</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="install-package-list"
></A
>4.1.2. Package List</H2
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> If you are running the very most recent
version of Perl and MySQL (both the executables and development
libraries) on your system, you can skip these manual installation
steps for the Perl modules by using Bundle::Bugzilla; see
<A
HREF="stepbystep.html#bundlebugzilla"
>Using Bundle::Bugzilla instead of manually installing Perl modules</A
>.
</P
></TD
></TR
></TABLE
></DIV
><P
>The software packages necessary for the proper running of
Bugzilla (with download links) are:
<P
></P
><OL
TYPE="1"
><LI
><P
> <A
HREF="http://www.mysql.com/"
TARGET="_top"
>MySQL database server</A
>
(3.23.41 or greater)
</P
></LI
><LI
><P
> <A
HREF="http://www.perl.org"
TARGET="_top"
>Perl</A
>
(5.6, 5.6.1 is recommended if you wish to
use Bundle::Bugzilla)
</P
></LI
><LI
><P
>Perl Modules (minimum version):
<P
></P
><OL
TYPE="a"
><LI
><P
> <A
HREF="http://www.template-toolkit.org"
TARGET="_top"
>Template</A
>
(v2.08)
</P
></LI
><LI
><P
> <A
HREF="http://www.perldoc.com/perl5.6/lib/File/Temp.html"
TARGET="_top"
> File::Temp</A
>
(1.804) (Prerequisite for Template)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/AppConfig/"
TARGET="_top"
>AppConfig
</A
>
(1.52)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/authors/id/MUIR/modules/Text-Tabs%2BWrap-2001.0131.tar.gz"
TARGET="_top"
>Text::Wrap</A
>
(2001.0131)
</P
></LI
><LI
><P
> <A
HREF="http://search.cpan.org/search?dist=File-Spec"
TARGET="_top"
>File::Spec
</A
>
(0.82)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/Data/"
TARGET="_top"
>Data::Dumper
</A
>
(any)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/Mysql/"
TARGET="_top"
>DBD::mysql
</A
>
(2.1010)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/DBI/"
TARGET="_top"
>DBI</A
>
(1.32)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/Date/"
TARGET="_top"
>Date::Parse
</A
>
(any)
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/CGI/"
TARGET="_top"
>CGI
</A
>
(2.88)
</P
></LI
></OL
>
and, optionally:
<P
></P
><OL
TYPE="a"
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/GD/"
TARGET="_top"
>GD</A
>
(1.20) for bug charting
</P
></LI
><LI
><P
> GD::Graph
(any) for bug charting
</P
></LI
><LI
><P
> GD::Text::Align
(any) for bug charting
</P
></LI
><LI
><P
> <A
HREF="http://www.cpan.org/modules/by-module/Chart/"
TARGET="_top"
>Chart::Base
</A
>
(0.99c) for bug charting
</P
></LI
><LI
><P
> XML::Parser
(any) for the XML interface
</P
></LI
><LI
><P
> MIME::Parser
(any) for the email interface
</P
></LI
></OL
>
</P
></LI
><LI
><P
> The web server of your choice.
<A
HREF="http://www.apache.org/"
TARGET="_top"
>Apache</A
>
is highly recommended.
</P
></LI
></OL
>
<DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>It is a good idea, while installing Bugzilla, to ensure that there
is some kind of firewall between you and the rest of the Internet,
because your machine may be insecure for periods during the install.
Many
installation steps require an active Internet connection to complete,
but you must take care to ensure that at no point is your machine
vulnerable to an attack.</P
></TD
></TR
></TABLE
></DIV
>
<DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Linux-Mandrake 8.0 includes every
required and optional library for Bugzilla. The easiest way to
install them is by using the
<TT
CLASS="filename"
>urpmi</TT
>
utility. If you follow these commands, you should have everything you
need for Bugzilla, and
<TT
CLASS="filename"
>checksetup.pl</TT
>
should not complain about any missing libraries. You may already have
some of these installed.</P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>urpmi perl-mysql</B
>
</TD
></TR
><TR
><TD
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>urpmi perl-chart</B
>
</TD
></TR
><TR
><TD
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>urpmi perl-gd</B
>
</TD
></TR
><TR
><TD
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>urpmi perl-MailTools</B
>
(for Bugzilla email integration)</TD
></TR
><TR
><TD
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>urpmi apache-modules</B
>
</TD
></TR
></TBODY
></TABLE
><P
></P
></TD
></TR
></TABLE
></DIV
>
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="install-mysql"
></A
>4.1.3. MySQL</H2
><P
>Visit the MySQL homepage at
<A
HREF="http://www.mysql.com"
TARGET="_top"
>www.mysql.com</A
>
to grab and install the latest stable release of the server.
</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Many of the binary
versions of MySQL store their data files in
<TT
CLASS="filename"
>/var</TT
>.
On some Unix systems, this is part of a smaller root partition,
and may not have room for your bug database. You can set the data
directory as an option to <TT
CLASS="filename"
>configure</TT
>
if you build MySQL from source yourself.</P
></TD
></TR
></TABLE
></DIV
><P
>If you install from something other than an RPM or Debian
package, you will need to add <TT
CLASS="filename"
>mysqld</TT
>
to your init scripts so the server daemon will come back up whenever
your machine reboots. Further discussion of UNIX init sequences are
beyond the scope of this guide.
</P
><P
>Change your init script to start
<TT
CLASS="filename"
>mysqld</TT
>
with the ability to accept large packets. By default,
<TT
CLASS="filename"
>mysqld</TT
>
only accepts packets up to 64K long. This limits the size of
attachments you may put on bugs. If you add
<TT
CLASS="option"
>-O max_allowed_packet=1M</TT
>
to the command that starts
<TT
CLASS="filename"
>mysqld</TT
>
(or <TT
CLASS="filename"
>safe_mysqld</TT
>),
then you will be able to have attachments up to about 1 megabyte.
There is a Bugzilla parameter for maximum attachment size;
you should configure it to match the value you choose here.</P
><P
>If you plan on running Bugzilla and MySQL on the same machine,
consider using the
<TT
CLASS="option"
>--skip-networking</TT
>
option in the init script. This enhances security by preventing
network access to MySQL.</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="install-perl"
></A
>4.1.4. Perl</H2
><P
>Any machine that doesn't have Perl on it is a sad machine indeed.
Perl can be got in source form from
<A
HREF="http://www.perl.com"
TARGET="_top"
>perl.com</A
> for the rare
*nix systems which don't have it.
Although Bugzilla runs with perl 5.6,
it's a good idea to be up to the very latest version
if you can when running Bugzilla. As of this writing, that is Perl
version 5.8.</P
><DIV
CLASS="tip"
><A
NAME="bundlebugzilla"
></A
><P
></P
><TABLE
CLASS="tip"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/tip.gif"
HSPACE="5"
ALT="Tip"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>You can skip the following Perl module installation steps by
installing
<SPAN
CLASS="productname"
>Bundle::Bugzilla</SPAN
>
from
<A
HREF="glossary.html#gloss-cpan"
><I
CLASS="glossterm"
>CPAN</I
></A
>,
which installs all required modules for you.</P
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>perl -MCPAN -e 'install "Bundle::Bugzilla"'</B
>
</TT
>
</P
><P
>Bundle::Bugzilla doesn't include GD, Chart::Base, or
MIME::Parser, which are not essential to a basic Bugzilla install. If
installing this bundle fails, you should install each module
individually to isolate the problem.</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="perl-modules"
></A
>4.1.5. Perl Modules</H2
><P
>
All Perl modules can be found on the
<A
HREF="http://www.cpan.org"
TARGET="_top"
>Comprehensive Perl
Archive Network</A
> (CPAN). The
CPAN servers have a real tendency to bog down, so please use mirrors.
</P
><P
>Quality, general Perl module installation instructions can be
found on the CPAN website, but the easy thing to do is to just use the
CPAN shell which does all the hard work for you.
To use the CPAN shell to install a module:
</P
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>perl -MCPAN -e 'install "<modulename>"'</B
>
</TT
>
</P
><P
> To do it the hard way:
</P
><P
>Untar the module tarball -- it should create its own
directory</P
><P
>CD to the directory just created, and enter the following
commands:
<P
></P
><OL
TYPE="1"
><LI
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>perl Makefile.PL</B
>
</TT
>
</P
></LI
><LI
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>make</B
>
</TT
>
</P
></LI
><LI
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>make test</B
>
</TT
>
</P
></LI
><LI
><P
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>make install</B
>
</TT
>
</P
></LI
></OL
>
</P
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Many people complain that Perl modules will not install for
them. Most times, the error messages complain that they are missing a
file in
<SPAN
CLASS="QUOTE"
>"@INC"</SPAN
>.
Virtually every time, this error is due to permissions being set too
restrictively for you to compile Perl modules or not having the
necessary Perl development libraries installed on your system.
Consult your local UNIX systems administrator for help solving these
permissions issues; if you
<EM
>are</EM
>
the local UNIX sysadmin, please consult the newsgroup/mailing list
for further assistance or hire someone to help you out.</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN556"
></A
>4.1.5.1. DBI</H3
><P
>The DBI module is a generic Perl module used the
MySQL-related modules. As long as your Perl installation was done
correctly the DBI module should be a breeze. It's a mixed Perl/C
module, but Perl's MakeMaker system simplifies the C compilation
greatly.</P
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN559"
></A
>4.1.5.2. Data::Dumper</H3
><P
>The Data::Dumper module provides data structure persistence for
Perl (similar to Java's serialization). It comes with later
sub-releases of Perl 5.004, but a re-installation just to be sure it's
available won't hurt anything.</P
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN562"
></A
>4.1.5.3. MySQL-related modules</H3
><P
>The Perl/MySQL interface requires a few mutually-dependent Perl
modules. These modules are grouped together into the the
Msql-Mysql-modules package.</P
><P
>The MakeMaker process will ask you a few questions about the
desired compilation target and your MySQL installation. For most of the
questions the provided default will be adequate, but when asked if your
desired target is the MySQL or mSQL packages, you should
select the MySQL related ones. Later you will be asked if you wish to
provide backwards compatibility with the older MySQL packages; you
should answer YES to this question. The default is NO.</P
><P
>A host of 'localhost' should be fine and a testing user of 'test'
with a null password should find itself with sufficient access to run
tests on the 'test' database which MySQL created upon installation.
</P
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN567"
></A
>4.1.5.4. TimeDate modules</H3
><P
>Many of the more common date/time/calendar related Perl modules
have been grouped into a bundle similar to the MySQL modules bundle.
This bundle is stored on the CPAN under the name TimeDate.
The component module we're most interested in is the Date::Format
module, but installing all of them is probably a good idea anyway.
</P
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN570"
></A
>4.1.5.5. GD (optional)</H3
><P
>The GD library was written by Thomas Boutell a long while ago to
programatically generate images in C. Since then it's become the
defacto standard for programmatic image construction. The Perl bindings
to it found in the GD library are used on millions of web pages to
generate graphs on the fly. That's what Bugzilla will be using it for
so you must install it if you want any of the graphing to work.</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>The Perl GD library requires some other libraries that may or
may not be installed on your system, including
<TT
CLASS="classname"
>libpng</TT
>
and
<TT
CLASS="classname"
>libgd</TT
>.
The full requirements are listed in the Perl GD library README.
If compiling GD fails, it's probably because you're
missing a required library.</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN577"
></A
>4.1.5.6. Chart::Base (optional)</H3
><P
>The Chart module provides Bugzilla with on-the-fly charting
abilities. It can be installed in the usual fashion after it has been
fetched from CPAN.
Note that earlier versions that 0.99c used GIFs, which are no longer
supported by the latest versions of GD.</P
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN580"
></A
>4.1.5.7. Template Toolkit</H3
><P
>When you install Template Toolkit, you'll get asked various
questions about features to enable. The defaults are fine, except
that it is recommended you use the high speed XS Stash of the Template
Toolkit, in order to achieve best performance.
</P
></DIV
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="sbs-http"
></A
>4.1.6. HTTP Server</H2
><P
>You have freedom of choice here, pretty much any web server that
is capable of running <A
HREF="glossary.html#gloss-cgi"
><I
CLASS="glossterm"
>CGI</I
></A
>
scripts will work. <A
HREF="http.html"
>Section 4.4</A
> has more information about
configuring web servers to work with Bugzilla.
</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>We strongly recommend Apache as the web server to use. The
Bugzilla Guide installation instructions, in general, assume you are
using Apache. If you have got Bugzilla working using another webserver,
please share your experiences with us.</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN590"
></A
>4.1.7. Bugzilla</H2
><P
>You should untar the Bugzilla files into a directory that you're
willing to make writable by the default web server user (probably
<SPAN
CLASS="QUOTE"
>"nobody"</SPAN
>).
You may decide to put the files in the main web space for your
web server or perhaps in
<TT
CLASS="filename"
>/usr/local</TT
>
with a symbolic link in the web space that points to the Bugzilla
directory.</P
><DIV
CLASS="tip"
><P
></P
><TABLE
CLASS="tip"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/tip.gif"
HSPACE="5"
ALT="Tip"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If you symlink the bugzilla directory into your Apache's HTML
hierarchy, you may receive
<SPAN
CLASS="errorname"
>Forbidden</SPAN
>
errors unless you add the
<SPAN
CLASS="QUOTE"
>"FollowSymLinks"</SPAN
>
directive to the <Directory> entry for the HTML root
in httpd.conf.</P
></TD
></TR
></TABLE
></DIV
><P
>Once all the files are in a web accessible directory, make that
directory writable by your webserver's user. This is a temporary step
until you run the post-install
<TT
CLASS="filename"
>checksetup.pl</TT
>
script, which locks down your installation.</P
><P
>Lastly, you'll need to set up a symbolic link to
<TT
CLASS="filename"
>/usr/bonsaitools/bin/perl</TT
>
for the correct location of your Perl executable (probably
<TT
CLASS="filename"
>/usr/bin/perl</TT
>).
Otherwise you must hack all the .cgi files to change where they look
for Perl. This can be done using the following Perl one-liner, but
I suggest using the symlink approach to avoid upgrade hassles.
</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><SPAN
CLASS="QUOTE"
>"Bonsaitools"</SPAN
> is the name Terry Weissman, the
original author of Bugzilla, created
for his suite of webtools at the time he created Bugzilla and several
other tools in use at mozilla.org. He created a directory,
<TT
CLASS="filename"
>/usr/bonsaitools</TT
> to house his specific versions
of perl and other utilities. This usage is still current at
<A
HREF="http://bugzilla.mozilla.org/"
TARGET="_top"
>bugzilla.mozilla.org</A
>,
but in general most other places do not use it. You can either edit
the paths at the start of each perl file to the correct location of
perl on your system, or simply bow to history and create a
<TT
CLASS="filename"
>/usr/bonsaitools</TT
> and <TT
CLASS="filename"
>/usr/bonsaitools/bin
</TT
> directory, placing a symlink to perl on your system
inside <TT
CLASS="filename"
>/usr/bonsaitools/bin</TT
>
</P
></TD
></TR
></TABLE
></DIV
><P
>
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
> perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm processmail syncshadowdb
</PRE
></FONT
></TD
></TR
></TABLE
>
Change <TT
CLASS="filename"
>/usr/bin/perl</TT
> to match the location
of Perl on your machine.
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN615"
></A
>4.1.8. Setting Up the MySQL Database</H2
><P
>After you've gotten all the software installed and working you're
ready to start preparing the database for its life as the back end to
a high quality bug tracker.</P
><P
>First, you'll want to fix MySQL permissions to allow access from
Bugzilla. For the purpose of this Installation section, the Bugzilla
username will be
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>, and will have minimal permissions.
</P
><P
>Begin by giving the MySQL root user a password. MySQL passwords are limited
to 16 characters.
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>mysql -u root mysql</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>UPDATE user SET Password=PASSWORD('<new_password'>)
WHERE user='root';</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>FLUSH PRIVILEGES;</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
From this point on, if you need to access MySQL as the MySQL root user,
you will need to use
<B
CLASS="command"
>mysql -u root -p</B
>
and enter <new_password>. Remember that MySQL user names have
nothing to do with Unix user names (login names).</P
><P
>Next, we use an SQL <B
CLASS="command"
>GRANT</B
> command to create a
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>
user, and grant sufficient permissions for checksetup.pl, which we'll
use later, to work its magic. This also restricts the
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>
user to operations within a database called
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>, and only allows the account to connect from
<SPAN
CLASS="QUOTE"
>"localhost"</SPAN
>.
Modify it to reflect your setup if you will be connecting from
another machine or as a different user.</P
><P
>Remember to set <bugs_password> to some unique password.
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,
ALTER,CREATE,DROP,REFERENCES ON bugs.* TO bugs@localhost
IDENTIFIED BY '<bugs_password>';</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>FLUSH PRIVILEGES;</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN651"
></A
>4.1.9. <TT
CLASS="filename"
>checksetup.pl</TT
></H2
><P
>Next, run the magic checksetup.pl script. (Many thanks to
<A
HREF="mailto:holgerschurig@nikocity.de"
TARGET="_top"
>Holger Schurig </A
>
for writing this script!)
This script is designed to make sure your MySQL database and other
configuration options are consistent with the Bugzilla CGI files.
It will make sure Bugzilla files and directories have reasonable
permissions, set up the
<TT
CLASS="filename"
>data</TT
>
directory, and create all the MySQL tables.
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>./checksetup.pl</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
The first time you run it, it will create a file called
<TT
CLASS="filename"
>localconfig</TT
>.</P
><P
>This file contains a variety of settings you may need to tweak
including how Bugzilla should connect to the MySQL database.</P
><P
>The connection settings include:
<P
></P
><OL
TYPE="1"
><LI
><P
>server's host: just use
<SPAN
CLASS="QUOTE"
>"localhost"</SPAN
>
if the MySQL server is local</P
></LI
><LI
><P
>database name:
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>
if you're following these directions</P
></LI
><LI
><P
>MySQL username:
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>
if you're following these directions</P
></LI
><LI
><P
>Password for the
<SPAN
CLASS="QUOTE"
>"bugs"</SPAN
>
MySQL account; (<bugs_password>) above</P
></LI
></OL
>
</P
><P
>Once you are happy with the settings,
<TT
CLASS="filename"
>su</TT
> to the user
your web server runs as, and re-run
<TT
CLASS="filename"
>checksetup.pl</TT
>. (Note: on some security-conscious
systems, you may need to change the login shell for the webserver
account before you can do this.)
On this second run, it will create the database and an administrator
account for which you will be prompted to provide information.</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>The checksetup.pl script is designed so that you can run it at
any time without causing harm. You should run it after any upgrade to
Bugzilla.</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN683"
></A
>4.1.10. Securing MySQL</H2
><P
>If you followed the installation instructions for setting up your
"bugs" and "root" user in MySQL, much of this should not apply to you.
If you are upgrading an existing installation of Bugzilla, you should
pay close attention to this section.</P
><P
>Most MySQL installs have "interesting" default security
parameters:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>mysqld defaults to running as root</TD
></TR
><TR
><TD
>it defaults to allowing external network connections</TD
></TR
><TR
><TD
>it has a known port number, and is easy to detect</TD
></TR
><TR
><TD
>it defaults to no passwords whatsoever</TD
></TR
><TR
><TD
>it defaults to allowing "File_Priv"</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>This means anyone from anywhere on the Internet can not only drop
the database with one SQL command, and they can write as root to the
system.</P
><P
>To see your permissions do:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>mysql -u root -p</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>use mysql;</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>show tables;</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>select * from user;</B
>
</TT
>
</TD
></TR
><TR
><TD
> <TT
CLASS="computeroutput"
> <TT
CLASS="prompt"
>mysql></TT
>
<B
CLASS="command"
>select * from db;</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>To fix the gaping holes:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>DELETE FROM user WHERE User='';</TD
></TR
><TR
><TD
>UPDATE user SET Password=PASSWORD('new_password') WHERE
user='root';</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>If you're not running "mit-pthreads" you can use:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@localhost;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@localhost;</TD
></TR
><TR
><TD
>REVOKE DROP ON bugs.* FROM bugs@localhost;</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>With "mit-pthreads" you'll need to modify the "globals.pl"
Mysql->Connect line to specify a specific host name instead of
"localhost", and accept external connections:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>Consider also:
<P
></P
><OL
TYPE="1"
><LI
><P
>Turning off external networking with "--skip-networking",
unless you have "mit-pthreads", in which case you can't. Without
networking, MySQL connects with a Unix domain socket.</P
></LI
><LI
><P
>using the --user= option to mysqld to run it as an
unprivileged user.</P
></LI
><LI
><P
>running MySQL in a chroot jail</P
></LI
><LI
><P
>running the httpd in a chroot jail</P
></LI
><LI
><P
>making sure the MySQL passwords are different from the OS
passwords (MySQL "root" has nothing to do with system
"root").</P
></LI
><LI
><P
>running MySQL on a separate untrusted machine</P
></LI
><LI
><P
>making backups ;-)</P
></LI
></OL
>
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN749"
></A
>4.1.11. Configuring Bugzilla</H2
><P
> You should run through the parameters on the Edit Parameters page
(link in the footer) and set them all to appropriate values.
They key parameters are documented in <A
HREF="parameters.html"
>Section 5.1</A
>.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="installation.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="extraconfig.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Installation</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="installation.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Optional Additional Configuration</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>