Skip to content

bugzilla
bugzilla
Commit cf24e428 authored by jake%bugzilla.org's avatar jake%bugzilla.org
Browse files
Options

Recompiling the docs for the 2.17.4 development release.

parent b4286a83
Show whitespace changes
Inline Side-by-side
Showing with 2761 additions and 2690 deletions
docs/html/Bugzilla-Guide.html
View file @ cf24e428
<HTML <HTML
><HEAD ><HEAD
><TITLE ><TITLE
>The Bugzilla Guide</TITLE >The Bugzilla Guide - 2.17.4 Development Release</TITLE
><META ><META
NAME="GENERATOR" NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
...@@ -43,7 +43,7 @@ CLASS="title" ...@@ -43,7 +43,7 @@ CLASS="title"
><A ><A
NAME="AEN2" NAME="AEN2"
></A ></A
>The Bugzilla Guide</H1 >The Bugzilla Guide - 2.17.4 Development Release</H1
><H3 ><H3
CLASS="author" CLASS="author"
><A ><A
...@@ -55,18 +55,18 @@ CLASS="author" ...@@ -55,18 +55,18 @@ CLASS="author"
><A ><A
NAME="AEN9" NAME="AEN9"
></A ></A
>Jacob Steenhagen</H3
><H3
CLASS="corpauthor"
>The Bugzilla Team</H3 >The Bugzilla Team</H3
><P ><P
CLASS="edition"
>2.17.3 Development Release&nbsp;Edition </P
><P
CLASS="pubdate" CLASS="pubdate"
>2003-01-02<BR></P >2003-02-16<BR></P
><DIV ><DIV
><DIV ><DIV
CLASS="abstract" CLASS="abstract"
><A ><A
NAME="AEN15" NAME="AEN14"
></A ></A
><P ><P
></P ></P
...@@ -332,7 +332,7 @@ HREF="#variants" ...@@ -332,7 +332,7 @@ HREF="#variants"
><DL ><DL
><DT ><DT
>D.1. <A >D.1. <A
HREF="#rhbugzilla" HREF="#variant-redhat"
>Red Hat Bugzilla</A >Red Hat Bugzilla</A
></DT ></DT
><DT ><DT
...@@ -487,7 +487,7 @@ NAME="copyright" ...@@ -487,7 +487,7 @@ NAME="copyright"
></A ></A
>1.1. Copyright Information</H1 >1.1. Copyright Information</H1
><A ><A
NAME="AEN34" NAME="AEN33"
></A ></A
><TABLE ><TABLE
BORDER="0" BORDER="0"
...@@ -599,7 +599,7 @@ NAME="newversions" ...@@ -599,7 +599,7 @@ NAME="newversions"
></A ></A
>1.3. New Versions</H1 >1.3. New Versions</H1
><P ><P
>&#13; This is the 2.17.3 version of The Bugzilla Guide. It is so named >&#13; This is the 2.17.4 version of The Bugzilla Guide. It is so named
to match the current version of Bugzilla. to match the current version of Bugzilla.
This version of the guide, like its associated Bugzilla version is a This version of the guide, like its associated Bugzilla version is a
...@@ -667,66 +667,115 @@ NAME="credits" ...@@ -667,66 +667,115 @@ NAME="credits"
contribution to the Bugzilla community: contribution to the Bugzilla community:
</P </P
><P ><P
>&#13; <A ></P
HREF="mailto://mbarnson@sisna.com" ><DIV
TARGET="_top" CLASS="variablelist"
>Matthew P. Barnson</A ><DL
> ><DT
for the Herculaean task of pulling together the Bugzilla Guide and >Matthew P. Barnson <TT
shepherding it to 2.14. CLASS="email"
>&#60;<A
HREF="mailto:mbarnson@sisna.com"
>mbarnson@sisna.com</A
>&#62;</TT
></DT
><DD
><P
>for the Herculaean task of pulling together the Bugzilla Guide
and shepherding it to 2.14.
</P </P
></DD
><DT
>Terry Weissman <TT
CLASS="email"
>&#60;<A
HREF="mailto:terry@mozilla.org"
>terry@mozilla.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for initially writing Bugzilla and creating the README upon
HREF="mailto://terry@mozilla.org" which the UNIX installation documentation is largely based.
TARGET="_top"
>Terry Weissman</A
>
for initially writing Bugzilla and creating the
README upon which the UNIX installation documentation is largely based.
</P </P
></DD
><DT
>Tara Hernandez <TT
CLASS="email"
>&#60;<A
HREF="mailto:tara@tequilarists.org"
>tara@tequilarists.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for keeping Bugzilla development going strong after Terry left
HREF="mailto://tara@tequilarista.org" mozilla.org and for running landfill.
TARGET="_top"
>Tara Hernandez</A
>
for keeping Bugzilla development going
strong after Terry left mozilla.org
</P </P
></DD
><DT
>Dave Lawrence <TT
CLASS="email"
>&#60;<A
HREF="mailto:dkl@redhat.com"
>dkl@redhat.com</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for providing insight into the key differences between Red
HREF="mailto://dkl@redhat.com" Hat's customized Bugzilla, and being largely responsible for
TARGET="_top" <A
>Dave Lawrence</A HREF="#variant-redhat"
> >Section D.1</A
for providing insight into the key differences between Red Hat's >.
customized Bugzilla, and being largely responsible for the "Red </P
Hat Bugzilla" appendix ></DD
><DT
>Dawn Endico <TT
CLASS="email"
>&#60;<A
HREF="mailto:endico@mozilla.org"
>endico@mozilla.org</A
>&#62;</TT
></DT
><DD
><P
>for being a hacker extraordinaire and putting up with Matthew's
incessant questions and arguments on irc.mozilla.org in #mozwebtools
</P </P
></DD
><DT
>Jacob Steenhagen <TT
CLASS="email"
>&#60;<A
HREF="mailto:jake@bugzilla.org"
>jake@bugzilla.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for taking over documentation during the 2.17 development
HREF="mailto://endico@mozilla.org" period.
TARGET="_top"
>Dawn Endico</A
> for
being a hacker extraordinaire and putting up with my incessant
questions and arguments on irc.mozilla.org in #mozwebtools
</P </P
></DD
></DL
></DIV
><P ><P
>&#13; Last but not least, all the members of the >&#13; Last but not least, all the members of the
<A <A
HREF="news://news.mozilla.org/netscape/public/mozilla/webtools" HREF="news://news.mozilla.org/netscape/public/mozilla/webtools"
TARGET="_top" TARGET="_top"
> netscape.public.mozilla.webtools</A >news://news.mozilla.org/netscape/public/mozilla/webtools</A
> newsgroup. Without your discussions, insight, suggestions, and patches, this could never have happened. >
newsgroup. Without your discussions, insight, suggestions, and patches,
this could never have happened.
</P </P
><P ><P
>&#13; Thanks also go to the following people for significant contributions >&#13; Thanks also go to the following people for significant contributions
to this documentation (in no particular order): to this documentation (in alphabetical order):
</P Andrew Pearson, Ben FrantzDale, Eric Hanson, Gervase Markham, Joe Robins, Kevin Brannen, Ron Teitelbaum, Spencer Smith, Zach Liption
><P .
>&#13; Zach Liption, Andrew Pearson, Spencer Smith, Eric Hanson, Kevin Brannen,
Ron Teitelbaum, Jacob Steenhagen, Joe Robins, Gervase Markham.
</P </P
></DIV ></DIV
><DIV ><DIV
...@@ -742,7 +791,7 @@ NAME="conventions" ...@@ -742,7 +791,7 @@ NAME="conventions"
><DIV ><DIV
CLASS="informaltable" CLASS="informaltable"
><A ><A
NAME="AEN80" NAME="AEN110"
></A ></A
><P ><P
></P ></P
...@@ -1809,7 +1858,7 @@ CLASS="section" ...@@ -1809,7 +1858,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN340" NAME="AEN370"
></A ></A
>3.2.1. Autolinkification</H2 >3.2.1. Autolinkification</H2
><P ><P
...@@ -1957,7 +2006,7 @@ CLASS="section" ...@@ -1957,7 +2006,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN369" NAME="AEN399"
></A ></A
>3.2.5. Filing Bugs</H2 >3.2.5. Filing Bugs</H2
><P ><P
...@@ -2896,7 +2945,7 @@ CLASS="section" ...@@ -2896,7 +2945,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN556" NAME="AEN586"
></A ></A
>4.1.5.1. DBI</H3 >4.1.5.1. DBI</H3
><P ><P
...@@ -2911,7 +2960,7 @@ CLASS="section" ...@@ -2911,7 +2960,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN559" NAME="AEN589"
></A ></A
>4.1.5.2. Data::Dumper</H3 >4.1.5.2. Data::Dumper</H3
><P ><P
...@@ -2925,7 +2974,7 @@ CLASS="section" ...@@ -2925,7 +2974,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN562" NAME="AEN592"
></A ></A
>4.1.5.3. MySQL-related modules</H3 >4.1.5.3. MySQL-related modules</H3
><P ><P
...@@ -2951,7 +3000,7 @@ CLASS="section" ...@@ -2951,7 +3000,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN567" NAME="AEN597"
></A ></A
>4.1.5.4. TimeDate modules</H3 >4.1.5.4. TimeDate modules</H3
><P ><P
...@@ -2967,7 +3016,7 @@ CLASS="section" ...@@ -2967,7 +3016,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN570" NAME="AEN600"
></A ></A
>4.1.5.5. GD (optional)</H3 >4.1.5.5. GD (optional)</H3
><P ><P
...@@ -3022,7 +3071,7 @@ CLASS="section" ...@@ -3022,7 +3071,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN577" NAME="AEN607"
></A ></A
>4.1.5.6. Chart::Base (optional)</H3 >4.1.5.6. Chart::Base (optional)</H3
><P ><P
...@@ -3037,7 +3086,7 @@ CLASS="section" ...@@ -3037,7 +3086,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN580" NAME="AEN610"
></A ></A
>4.1.5.7. Template Toolkit</H3 >4.1.5.7. Template Toolkit</H3
><P ><P
...@@ -3106,7 +3155,7 @@ CLASS="section" ...@@ -3106,7 +3155,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN590" NAME="AEN620"
></A ></A
>4.1.7. Bugzilla</H2 >4.1.7. Bugzilla</H2
><P ><P
...@@ -3256,7 +3305,7 @@ WIDTH="100%" ...@@ -3256,7 +3305,7 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm processmail syncshadowdb >&#13;perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm syncshadowdb
</PRE </PRE
></FONT ></FONT
></TD ></TD
...@@ -3276,7 +3325,7 @@ CLASS="section" ...@@ -3276,7 +3325,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN615" NAME="AEN645"
></A ></A
>4.1.8. Setting Up the MySQL Database</H2 >4.1.8. Setting Up the MySQL Database</H2
><P ><P
...@@ -3449,7 +3498,7 @@ CLASS="section" ...@@ -3449,7 +3498,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN651" NAME="AEN681"
></A ></A
>4.1.9. <TT >4.1.9. <TT
CLASS="filename" CLASS="filename"
...@@ -3602,54 +3651,109 @@ CLASS="section" ...@@ -3602,54 +3651,109 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN683" NAME="AEN713"
></A
>4.1.10. Configuring Bugzilla</H2
><P
>&#13; You should run through the parameters on the Edit Parameters page
(link in the footer) and set them all to appropriate values.
They key parameters are documented in <A
HREF="#parameters"
>Section 5.1</A
>.
</P
></DIV
></DIV
><DIV
CLASS="section"
><HR><H1
CLASS="section"
><A
NAME="extraconfig"
></A
>4.2. Optional Additional Configuration</H1
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN719"
></A ></A
>4.1.10. Securing MySQL</H2 >4.2.1. Dependency Charts</H2
><P ><P
>If you followed the installation instructions for setting up your >As well as the text-based dependency graphs, Bugzilla also
"bugs" and "root" user in MySQL, much of this should not apply to you. supports dependency graphing, using a package called 'dot'.
If you are upgrading an existing installation of Bugzilla, you should Exactly how this works is controlled by the 'webdotbase' parameter,
pay close attention to this section.</P which can have one of three values:
</P
><P ><P
>Most MySQL installs have "interesting" default security >&#13; <P
parameters:
<P
></P ></P
><TABLE ><OL
BORDER="0" TYPE="1"
><TBODY ><LI
><TR
><TD
>mysqld defaults to running as root</TD
></TR
><TR
><TD
>it defaults to allowing external network connections</TD
></TR
><TR
><TD
>it has a known port number, and is easy to detect</TD
></TR
><TR
><TD
>it defaults to no passwords whatsoever</TD
></TR
><TR
><TD
>it defaults to allowing "File_Priv"</TD
></TR
></TBODY
></TABLE
><P ><P
></P >&#13; A complete file path to the command 'dot' (part of
<A
HREF="http://www.graphviz.org/"
TARGET="_top"
>GraphViz</A
>)
will generate the graphs locally
</P
></LI
><LI
><P
>&#13; A URL prefix pointing to an installation of the webdot package will
generate the graphs remotely
</P
></LI
><LI
><P
>&#13; A blank value will disable dependency graphing.
</P
></LI
></OL
> >
</P </P
><P ><P
>This means anyone from anywhere on the Internet can not only drop >So, to get this working, install
the database with one SQL command, and they can write as root to the <A
system.</P HREF="http://www.graphviz.org/"
TARGET="_top"
>GraphViz</A
>. If you
do that, you need to
<A
HREF="http://httpd.apache.org/docs/mod/mod_imap.html"
TARGET="_top"
>enable
server-side image maps</A
> in Apache.
Alternatively, you could set up a webdot server, or use the AT&#38;T
public webdot server (the
default for the webdotbase param). Note that AT&#38;T's server won't work
if Bugzilla is only accessible using HARTS.
</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN734"
></A
>4.2.2. Bug Graphs</H2
><P
>As long as you installed the GD and Graph::Base Perl modules you
might as well turn on the nifty Bugzilla bug reporting graphs.</P
><P ><P
>To see your permissions do: >Add a cron entry like this to run
<TT
CLASS="filename"
>collectstats.pl</TT
>
daily at 5 after midnight:
<P <P
></P ></P
><TABLE ><TABLE
...@@ -3666,24 +3770,7 @@ CLASS="prompt" ...@@ -3666,24 +3770,7 @@ CLASS="prompt"
<B <B
CLASS="command" CLASS="command"
>mysql -u root -p</B >crontab -e</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>use mysql;</B
> >
</TT </TT
> >
...@@ -3693,48 +3780,52 @@ CLASS="command" ...@@ -3693,48 +3780,52 @@ CLASS="command"
><TD ><TD
>&#13; <TT >&#13; <TT
CLASS="computeroutput" CLASS="computeroutput"
>&#13; <TT >5 0 * * * cd &#60;your-bugzilla-directory&#62; ;
CLASS="prompt" ./collectstats.pl</TT
>mysql&#62;</TT
>
<B
CLASS="command"
>show tables;</B
>
</TT
> >
</TD </TD
></TR ></TR
><TR ></TBODY
><TD ></TABLE
>&#13; <TT ><P
CLASS="computeroutput" ></P
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>select * from user;</B
>
</TT
> >
</TD </P
></TR ><P
>After two days have passed you'll be able to view bug graphs from
the Bug Reports page.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN747"
></A
>4.2.3. The Whining Cron</H2
><P
>By now you have a fully functional Bugzilla, but what good are
bugs if they're not annoying? To help make those bugs more annoying you
can set up Bugzilla's automatic whining system to complain at engineers
which leave their bugs in the NEW state without triaging them.
</P
><P
>&#13; This can be done by
adding the following command as a daily crontab entry (for help on that
see that crontab man page):
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR ><TR
><TD ><TD
>&#13; <TT >&#13; <TT
CLASS="computeroutput" CLASS="computeroutput"
>&#13; <TT >&#13; <B
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command" CLASS="command"
>select * from db;</B >cd &#60;your-bugzilla-directory&#62; ;
./whineatnews.pl</B
> >
</TT </TT
> >
...@@ -3746,133 +3837,196 @@ CLASS="command" ...@@ -3746,133 +3837,196 @@ CLASS="command"
></P ></P
> >
</P </P
><DIV
CLASS="tip"
><P ><P
>To fix the gaping holes:
<P
></P ></P
><TABLE ><TABLE
CLASS="tip"
WIDTH="100%"
BORDER="0" BORDER="0"
><TBODY
><TR ><TR
><TD ><TD
>DELETE FROM user WHERE User='';</TD WIDTH="25"
></TR ALIGN="CENTER"
><TR VALIGN="TOP"
><IMG
SRC="../images/tip.gif"
HSPACE="5"
ALT="Tip"></TD
><TD ><TD
>UPDATE user SET Password=PASSWORD('new_password') WHERE ALIGN="LEFT"
user='root';</TD VALIGN="TOP"
></TR ><P
>Depending on your system, crontab may have several manpages.
The following command should lead you to the most useful page for
this purpose:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR ><TR
><TD ><TD
>FLUSH PRIVILEGES;</TD ><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;man 5 crontab
</PRE
></FONT
></TD
></TR ></TR
></TBODY
></TABLE ></TABLE
><P
></P
> >
</P </P
><P ></TD
>If you're not running "mit-pthreads" you can use:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@localhost;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@localhost;</TD
></TR
><TR
><TD
>REVOKE DROP ON bugs.* FROM bugs@localhost;</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR ></TR
></TBODY
></TABLE ></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="bzldap"
></A
>4.2.4. LDAP Authentication</H2
><P ><P
></P >&#13; <DIV
> CLASS="warning"
</P
><P ><P
>With "mit-pthreads" you'll need to modify the "globals.pl"
Mysql-&#62;Connect line to specify a specific host name instead of
"localhost", and accept external connections:
<P
></P ></P
><TABLE ><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0" BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@bounce.hop.com;</TD
></TR
><TR ><TR
><TD ><TD
>REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;</TD WIDTH="25"
></TR ALIGN="CENTER"
><TR VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD ><TD
>FLUSH PRIVILEGES;</TD ALIGN="LEFT"
VALIGN="TOP"
><P
>This information on using the LDAP
authentication options with Bugzilla is old, and the authors do
not know of anyone who has tested it. Approach with caution.
</P
></TD
></TR ></TR
></TBODY
></TABLE ></TABLE
><P ></DIV
></P
> >
</P </P
><P ><P
>Consider also: >&#13; The existing authentication
scheme for Bugzilla uses email addresses as the primary user ID, and a
password to authenticate that user. All places within Bugzilla where
you need to deal with user ID (e.g assigning a bug) use the email
address. The LDAP authentication builds on top of this scheme, rather
than replacing it. The initial log in is done with a username and
password for the LDAP directory. This then fetches the email address
from LDAP and authenticates seamlessly in the standard Bugzilla
authentication scheme using this email address. If an account for this
address already exists in your Bugzilla system, it will log in to that
account. If no account for that email address exists, one is created at
the time of login. (In this case, Bugzilla will attempt to use the
"displayName" or "cn" attribute to determine the user's full name.)
After authentication, all other user-related tasks are still handled by
email address, not LDAP username. You still assign bugs by email
address, query on users by email address, etc.
</P
><P
>Using LDAP for Bugzilla authentication requires the
Mozilla::LDAP (aka PerLDAP) Perl module. The
Mozilla::LDAP module in turn requires Netscape's Directory SDK for C.
After you have installed the SDK, then install the PerLDAP module.
Mozilla::LDAP and the Directory SDK for C are both
<A
HREF="http://www.mozilla.org/directory/"
TARGET="_top"
>available for
download</A
> from mozilla.org.
</P
><P
>&#13; Set the Param 'useLDAP' to "On" **only** if you will be using an LDAP
directory for
authentication. Be very careful when setting up this parameter; if you
set LDAP authentication, but do not have a valid LDAP directory set up,
you will not be able to log back in to Bugzilla once you log out. (If
this happens, you can get back in by manually editing the data/params
file, and setting useLDAP back to 0.)
</P
><P
>If using LDAP, you must set the
three additional parameters: Set LDAPserver to the name (and optionally
port) of your LDAP server. If no port is specified, it defaults to the
default port of 389. (e.g "ldap.mycompany.com" or
"ldap.mycompany.com:1234") Set LDAPBaseDN to the base DN for searching
for users in your LDAP directory. (e.g. "ou=People,o=MyCompany") uids
must be unique under the DN specified here. Set LDAPmailattribute to
the name of the attribute in your LDAP directory which contains the
primary email address. On most directory servers available, this is
"mail", but you may need to change this.
</P
><P
>You can also try using <A
HREF="http://www.openldap.org/"
TARGET="_top"
>&#13; OpenLDAP</A
> with Bugzilla, using any of a number of administration
tools. You should apply the patch attached this bug:
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=158630"
TARGET="_top"
>&#13; http://bugzilla.mozilla.org/show_bug.cgi?id=158630</A
>, then set
the following object classes for your users:
<P <P
></P ></P
><OL ><OL
TYPE="1" TYPE="1"
><LI ><LI
><P ><P
>Turning off external networking with "--skip-networking", >objectClass: person</P
unless you have "mit-pthreads", in which case you can't. Without
networking, MySQL connects with a Unix domain socket.</P
></LI
><LI
><P
>using the --user= option to mysqld to run it as an
unprivileged user.</P
></LI ></LI
><LI ><LI
><P ><P
>running MySQL in a chroot jail</P >objectClass: organizationalPerson</P
></LI ></LI
><LI ><LI
><P ><P
>running the httpd in a chroot jail</P >objectClass: inetOrgPerson</P
></LI ></LI
><LI ><LI
><P ><P
>making sure the MySQL passwords are different from the OS >objectClass: top</P
passwords (MySQL "root" has nothing to do with system
"root").</P
></LI ></LI
><LI ><LI
><P ><P
>running MySQL on a separate untrusted machine</P >objectClass: posixAccount</P
></LI ></LI
><LI ><LI
><P ><P
>making backups ;-)</P >objectClass: shadowAccount</P
></LI ></LI
></OL ></OL
> >
Please note that this patch <EM
>has not</EM
> yet been
accepted by the Bugzilla team, and so you may need to do some
manual tweaking. That said, it looks like Net::LDAP is probably
the way to go in the future.
</P </P
></DIV ></DIV
><DIV ><DIV
...@@ -3880,426 +4034,43 @@ CLASS="section" ...@@ -3880,426 +4034,43 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN749" NAME="content-type"
></A
>4.1.11. Configuring Bugzilla</H2
><P
>&#13; You should run through the parameters on the Edit Parameters page
(link in the footer) and set them all to appropriate values.
They key parameters are documented in <A
HREF="#parameters"
>Section 5.1</A
>.
</P
></DIV
></DIV
><DIV
CLASS="section"
><HR><H1
CLASS="section"
><A
NAME="extraconfig"
></A
>4.2. Optional Additional Configuration</H1
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN755"
></A ></A
>4.2.1. Dependency Charts</H2 >4.2.5. Preventing untrusted Bugzilla content from executing malicious
><P Javascript code</H2
>As well as the text-based dependency graphs, Bugzilla also
supports dependency graphing, using a package called 'dot'.
Exactly how this works is controlled by the 'webdotbase' parameter,
which can have one of three values:
</P
><P
>&#13; <P
></P
><OL
TYPE="1"
><LI
><P ><P
>&#13; A complete file path to the command 'dot' (part of >It is possible for a Bugzilla to execute malicious Javascript
code. Due to internationalization concerns, we are unable to
incorporate the code changes necessary to fulfill the CERT advisory
requirements mentioned in
<A <A
HREF="http://www.graphviz.org/" HREF="http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3"
TARGET="_top" TARGET="_top"
>GraphViz</A >&#13; http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3</A
>) >.
will generate the graphs locally Executing the following code snippet from a UNIX command shell will
</P rectify the problem if your Bugzilla installation is intended for an
></LI English-speaking audience. As always, be sure your Bugzilla
><LI installation has a good backup before making changes, and I recommend
><P you understand what the script is doing before executing it.</P
>&#13; A URL prefix pointing to an installation of the webdot package will ><P
generate the graphs remotely >&#13; <TABLE
</P BORDER="0"
></LI BGCOLOR="#E0E0E0"
><LI WIDTH="100%"
><P ><TR
>&#13; A blank value will disable dependency graphing. ><TD
</P ><FONT
></LI COLOR="#000000"
></OL ><PRE
> CLASS="programlisting"
</P >&#13;bash# perl -pi -e "s/Content-Type\: text\/html/Content-Type\: text\/html\; charset=ISO-8859-1/i" *.cgi *.pl
><P </PRE
>So, to get this working, install ></FONT
<A ></TD
HREF="http://www.graphviz.org/" ></TR
TARGET="_top" ></TABLE
>GraphViz</A >
>. If you
do that, you need to
<A
HREF="http://httpd.apache.org/docs/mod/mod_imap.html"
TARGET="_top"
>enable
server-side image maps</A
> in Apache.
Alternatively, you could set up a webdot server, or use the AT&#38;T
public webdot server (the
default for the webdotbase param). Note that AT&#38;T's server won't work
if Bugzilla is only accessible using HARTS.
</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN770"
></A
>4.2.2. Bug Graphs</H2
><P
>As long as you installed the GD and Graph::Base Perl modules you
might as well turn on the nifty Bugzilla bug reporting graphs.</P
><P
>Add a cron entry like this to run
<TT
CLASS="filename"
>collectstats.pl</TT
>
daily at 5 after midnight:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>crontab -e</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>5 0 * * * cd &#60;your-bugzilla-directory&#62; ;
./collectstats.pl</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>After two days have passed you'll be able to view bug graphs from
the Bug Reports page.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN783"
></A
>4.2.3. The Whining Cron</H2
><P
>By now you have a fully functional Bugzilla, but what good are
bugs if they're not annoying? To help make those bugs more annoying you
can set up Bugzilla's automatic whining system to complain at engineers
which leave their bugs in the NEW state without triaging them.
</P
><P
>&#13; This can be done by
adding the following command as a daily crontab entry (for help on that
see that crontab man page):
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <B
CLASS="command"
>cd &#60;your-bugzilla-directory&#62; ;
./whineatnews.pl</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><DIV
CLASS="tip"
><P
></P
><TABLE
CLASS="tip"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/tip.gif"
HSPACE="5"
ALT="Tip"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Depending on your system, crontab may have several manpages.
The following command should lead you to the most useful page for
this purpose:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;man 5 crontab
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="bzldap"
></A
>4.2.4. LDAP Authentication</H2
><P
>&#13; <DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>This information on using the LDAP
authentication options with Bugzilla is old, and the authors do
not know of anyone who has tested it. Approach with caution.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
>&#13; The existing authentication
scheme for Bugzilla uses email addresses as the primary user ID, and a
password to authenticate that user. All places within Bugzilla where
you need to deal with user ID (e.g assigning a bug) use the email
address. The LDAP authentication builds on top of this scheme, rather
than replacing it. The initial log in is done with a username and
password for the LDAP directory. This then fetches the email address
from LDAP and authenticates seamlessly in the standard Bugzilla
authentication scheme using this email address. If an account for this
address already exists in your Bugzilla system, it will log in to that
account. If no account for that email address exists, one is created at
the time of login. (In this case, Bugzilla will attempt to use the
"displayName" or "cn" attribute to determine the user's full name.)
After authentication, all other user-related tasks are still handled by
email address, not LDAP username. You still assign bugs by email
address, query on users by email address, etc.
</P
><P
>Using LDAP for Bugzilla authentication requires the
Mozilla::LDAP (aka PerLDAP) Perl module. The
Mozilla::LDAP module in turn requires Netscape's Directory SDK for C.
After you have installed the SDK, then install the PerLDAP module.
Mozilla::LDAP and the Directory SDK for C are both
<A
HREF="http://www.mozilla.org/directory/"
TARGET="_top"
>available for
download</A
> from mozilla.org.
</P
><P
>&#13; Set the Param 'useLDAP' to "On" **only** if you will be using an LDAP
directory for
authentication. Be very careful when setting up this parameter; if you
set LDAP authentication, but do not have a valid LDAP directory set up,
you will not be able to log back in to Bugzilla once you log out. (If
this happens, you can get back in by manually editing the data/params
file, and setting useLDAP back to 0.)
</P
><P
>If using LDAP, you must set the
three additional parameters: Set LDAPserver to the name (and optionally
port) of your LDAP server. If no port is specified, it defaults to the
default port of 389. (e.g "ldap.mycompany.com" or
"ldap.mycompany.com:1234") Set LDAPBaseDN to the base DN for searching
for users in your LDAP directory. (e.g. "ou=People,o=MyCompany") uids
must be unique under the DN specified here. Set LDAPmailattribute to
the name of the attribute in your LDAP directory which contains the
primary email address. On most directory servers available, this is
"mail", but you may need to change this.
</P
><P
>You can also try using <A
HREF="http://www.openldap.org/"
TARGET="_top"
>&#13; OpenLDAP</A
> with Bugzilla, using any of a number of administration
tools. You should apply the patch attached this bug:
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=158630"
TARGET="_top"
>&#13; http://bugzilla.mozilla.org/show_bug.cgi?id=158630</A
>, then set
the following object classes for your users:
<P
></P
><OL
TYPE="1"
><LI
><P
>objectClass: person</P
></LI
><LI
><P
>objectClass: organizationalPerson</P
></LI
><LI
><P
>objectClass: inetOrgPerson</P
></LI
><LI
><P
>objectClass: top</P
></LI
><LI
><P
>objectClass: posixAccount</P
></LI
><LI
><P
>objectClass: shadowAccount</P
></LI
></OL
>
Please note that this patch <EM
>has not</EM
> yet been
accepted by the Bugzilla team, and so you may need to do some
manual tweaking. That said, it looks like Net::LDAP is probably
the way to go in the future.
</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="content-type"
></A
>4.2.5. Preventing untrusted Bugzilla content from executing malicious
Javascript code</H2
><P
>It is possible for a Bugzilla to execute malicious Javascript
code. Due to internationalization concerns, we are unable to
incorporate the code changes necessary to fulfill the CERT advisory
requirements mentioned in
<A
HREF="http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3"
TARGET="_top"
>&#13; http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3</A
>.
Executing the following code snippet from a UNIX command shell will
rectify the problem if your Bugzilla installation is intended for an
English-speaking audience. As always, be sure your Bugzilla
installation has a good backup before making changes, and I recommend
you understand what the script is doing before executing it.</P
><P
>&#13; <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;bash# perl -pi -e "s/Content-Type\: text\/html/Content-Type\: text\/html\; charset=ISO-8859-1/i" *.cgi *.pl
</PRE
></FONT
></TD
></TR
></TABLE
>
</P </P
><P ><P
>All this one-liner command does is search for all instances of >All this one-liner command does is search for all instances of
...@@ -4367,181 +4138,9 @@ CLASS="section" ...@@ -4367,181 +4138,9 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="htaccess"
></A
>4.2.6. <TT
CLASS="filename"
>.htaccess</TT
>
files and security</H2
><P
>To enhance the security of your Bugzilla installation, Bugzilla's
<TT
CLASS="filename"
>checksetup.pl</TT
> script will generate
<I
CLASS="glossterm"
>&#13; <TT
CLASS="filename"
>.htaccess</TT
>
</I
>
files which the Apache webserver can use to restrict access to the
bugzilla data files.
These .htaccess files will not work with Apache 1.2.x - but this
has security holes, so you shouldn't be using it anyway.
<DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If you are using an alternate provider of
<SPAN
CLASS="productname"
>webdot</SPAN
>
services for graphing (as described when viewing
<TT
CLASS="filename"
>editparams.cgi</TT
>
in your web browser), you will need to change the ip address in
<TT
CLASS="filename"
>data/webdot/.htaccess</TT
>
to the ip address of the webdot server that you are using.</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
>The default .htaccess file may not provide adequate access
restrictions, depending on your web server configuration. Be sure to
check the &#60;Directory&#62; entries for your Bugzilla directory so that
the
<TT
CLASS="filename"
>.htaccess</TT
>
file is allowed to override web server defaults. For instance, let's
assume your installation of Bugzilla is installed to
<TT
CLASS="filename"
>/usr/local/bugzilla</TT
>
. You should have this &#60;Directory&#62; entry in your
<TT
CLASS="filename"
>httpd.conf</TT
>
file:</P
><P
>&#13;
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;&#60;Directory /usr/local/bugzilla/&#62;
Options +FollowSymLinks +Indexes +Includes +ExecCGI
AllowOverride All
&#60;/Directory&#62;
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
>The important part above is
<SPAN
CLASS="QUOTE"
>"AllowOverride All"</SPAN
>
. Without that, the
<TT
CLASS="filename"
>.htaccess</TT
>
file created by
<TT
CLASS="filename"
>checksetup.pl</TT
>
will not have sufficient permissions to protect your Bugzilla
installation.</P
><P
>If you are using Internet Information Server (IIS) or another
web server which does not observe
<TT
CLASS="filename"
>.htaccess</TT
>
conventions, you can disable their creation by editing
<TT
CLASS="filename"
>localconfig</TT
>
and setting the
<TT
CLASS="varname"
>$create_htaccess</TT
>
variable to
<TT
CLASS="parameter"
><I
>0</I
></TT
>.
</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="directoryindex" NAME="directoryindex"
></A ></A
>4.2.7. <TT >4.2.6. <TT
CLASS="filename" CLASS="filename"
>directoryindex</TT >directoryindex</TT
> for the Bugzilla default page.</H2 > for the Bugzilla default page.</H2
...@@ -4568,7 +4167,7 @@ CLASS="section" ...@@ -4568,7 +4167,7 @@ CLASS="section"
><A ><A
NAME="mod_perl" NAME="mod_perl"
></A ></A
>4.2.8. Bugzilla and <TT >4.2.7. Bugzilla and <TT
CLASS="filename" CLASS="filename"
>mod_perl</TT >mod_perl</TT
></H2 ></H2
...@@ -4585,7 +4184,7 @@ CLASS="section" ...@@ -4585,7 +4184,7 @@ CLASS="section"
><A ><A
NAME="mod-throttle" NAME="mod-throttle"
></A ></A
>4.2.9. <TT >4.2.8. <TT
CLASS="filename" CLASS="filename"
>mod_throttle</TT >mod_throttle</TT
> >
...@@ -4775,11 +4374,11 @@ TARGET="_top" ...@@ -4775,11 +4374,11 @@ TARGET="_top"
></TABLE ></TABLE
></DIV ></DIV
><DIV ><DIV
CLASS="note" CLASS="tip"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="tip"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -4788,9 +4387,9 @@ WIDTH="25" ...@@ -4788,9 +4387,9 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/tip.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Tip"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
...@@ -4919,30 +4518,9 @@ CLASS="section" ...@@ -4919,30 +4518,9 @@ CLASS="section"
><HR><H4 ><HR><H4
CLASS="section" CLASS="section"
><A ><A
NAME="win32-code-mail" NAME="AEN863"
></A
>4.3.1.3.2. Making mail work</H4
><P
>The easiest way to get mail working is to use the mail patches
on <A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=124174"
TARGET="_top"
>bug
124174</A
>. With any luck, this patch will receive the required
reviews and integrated into the main Bugzilla distribution very soon.
Until that happens, there's at least one report of this patch working
well on Windows.
</P
></DIV
><DIV
CLASS="section"
><HR><H4
CLASS="section"
><A
NAME="AEN930"
></A ></A
>4.3.1.3.3. System Calls</H4 >4.3.1.3.2. System Calls</H4
><P ><P
>In order to get system calls to work on win32's perl, you need >In order to get system calls to work on win32's perl, you need
to tell the windows shell what interpreter to use. This is done by to tell the windows shell what interpreter to use. This is done by
...@@ -4971,7 +4549,7 @@ WIDTH="100%" ...@@ -4971,7 +4549,7 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;system("./processmail", $id, $exporter); >&#13;system("$webdotbase","-Tpng","-o","$pngfilename","$filename");
</PRE </PRE
></FONT ></FONT
></TD ></TD
...@@ -4989,19 +4567,12 @@ WIDTH="100%" ...@@ -4989,19 +4567,12 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;system("C:\\perl\\bin\\perl", "processmail", $id, $exporter); >&#13;system("C:\\perl\\bin\\perl", "$webdotbase","-Tpng","-o","$pngfilename","$filename");
</PRE </PRE
></FONT ></FONT
></TD ></TD
></TR ></TR
></TABLE ></TABLE
><P
>Notice that the <TT
CLASS="computeroutput"
>./</TT
> is also
removed.
</P
><DIV ><DIV
CLASS="tip" CLASS="tip"
><P ><P
...@@ -5040,6 +4611,51 @@ CLASS="productname" ...@@ -5040,6 +4611,51 @@ CLASS="productname"
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>It appears that the only <TT
CLASS="function"
>system</TT
> call
remaining in the Bugzilla codebase is in
<TT
CLASS="filename"
>showdependencygraph.cgi</TT
>. Not changing this
file will only cause dependency graphs to not function if the
<TT
CLASS="option"
>webdotbase</TT
> paramater points to a local
installation of <A
HREF="http://www.graphviz.org"
TARGET="_top"
>GraphViz</A
>.
</P
></TD
></TR
></TABLE
></DIV
></DIV ></DIV
></DIV ></DIV
><DIV ><DIV
...@@ -5055,8 +4671,8 @@ NAME="win32-http" ...@@ -5055,8 +4671,8 @@ NAME="win32-http"
able to handle Bugzilla; however, the Bugzilla Team still recommends able to handle Bugzilla; however, the Bugzilla Team still recommends
Apache whenever asked. No matter what web server you choose, be sure Apache whenever asked. No matter what web server you choose, be sure
to pay attention to the security notes in <A to pay attention to the security notes in <A
HREF="#security" HREF="#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
More information on configuring specific web servers can be found in More information on configuring specific web servers can be found in
<A <A
...@@ -5256,8 +4872,8 @@ CLASS="glossterm" ...@@ -5256,8 +4872,8 @@ CLASS="glossterm"
should be able to handle Bugzilla. No matter what web server you choose, but should be able to handle Bugzilla. No matter what web server you choose, but
especially if you choose something other than Apache, you should be sure to read especially if you choose something other than Apache, you should be sure to read
<A <A
HREF="#security" HREF="#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
</P </P
><P ><P
...@@ -5430,7 +5046,7 @@ COLOR="#000000" ...@@ -5430,7 +5046,7 @@ COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;# don't allow people to retrieve non-cgi executable files or our private data >&#13;# don't allow people to retrieve non-cgi executable files or our private data
&#60;FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$&#62; &#60;FilesMatch ^(.*\.pl|.*localconfig.*|runtests.sh)$&#62;
deny from all deny from all
&#60;/FilesMatch&#62; &#60;/FilesMatch&#62;
&#60;FilesMatch ^(localconfig.js|localconfig.rdf)$&#62; &#60;FilesMatch ^(localconfig.js|localconfig.rdf)$&#62;
...@@ -5614,8 +5230,8 @@ CLASS="filename" ...@@ -5614,8 +5230,8 @@ CLASS="filename"
>data</TT >data</TT
> >
directory are secured as described in <A directory are secured as described in <A
HREF="#security" HREF="#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
</P </P
></DIV ></DIV
...@@ -5677,11 +5293,13 @@ COLOR="#000000" ...@@ -5677,11 +5293,13 @@ COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;ns_register_filter preauth GET /bugzilla/localconfig filter_deny >&#13;ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
ns_register_filter preauth GET /bugzilla/*.pl filter_deny ns_register_filter preauth GET /bugzilla/*.pl filter_deny
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/processmail filter_deny
ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
ns_register_filter preauth GET /bugzilla/data/* filter_deny
ns_register_filter preauth GET /bugzilla/template/* filter_deny
proc filter_deny { why } { proc filter_deny { why } {
ns_log Notice "filter_deny" ns_log Notice "filter_deny"
...@@ -5713,31 +5331,84 @@ ALT="Warning"></TD ...@@ -5713,31 +5331,84 @@ ALT="Warning"></TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>This doesn't appear to account for everything mentioned in >This probably doesn't account for all possible editor backup
<A files so you may wish to add some additional variations of
HREF="#security"
>Section 5.6</A
>. In particular, it doesn't block access
to the <TT
CLASS="filename"
>data</TT
> or
<TT <TT
CLASS="filename" CLASS="filename"
>template</TT >localconfig</TT
> directories. It also >. For more information, see
doesn't account for the editor backup files that were the topic of
<A <A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383" HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383"
TARGET="_top" TARGET="_top"
>bug >bug
186383</A 186383</A
>, <A > or <A
HREF="http://online.securityfocus.com/bid/6501" HREF="http://online.securityfocus.com/bid/6501"
TARGET="_top" TARGET="_top"
>Bugtraq ID 6501</A >Bugtraq ID 6501</A
>.
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If you are using webdot from research.att.com (the default
configuration for the <TT
CLASS="option"
>webdotbase</TT
> paramater), you
will need to allow access to <TT
CLASS="filename"
>data/webdot/*.dot</TT
>
for the reasearch.att.com machine.
</P
><P
>If you are using a local installation of <A
HREF="http://www.graphviz.org"
TARGET="_top"
>GraphViz</A
>, you will need to allow
everybody to access <TT
CLASS="filename"
>*.png</TT
>, >,
and a partial cause for the 2.16.2 release. <TT
CLASS="filename"
>*.gif</TT
>, <TT
CLASS="filename"
>*.jpg</TT
>, and
<TT
CLASS="filename"
>*.map</TT
> in the
<TT
CLASS="filename"
>data/webdot</TT
> directory.
</P </P
></TD ></TD
></TR ></TR
...@@ -5762,7 +5433,7 @@ CLASS="section" ...@@ -5762,7 +5433,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1063" NAME="AEN1009"
></A ></A
>4.5.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1</H2 >4.5.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1</H2
><P ><P
...@@ -5787,7 +5458,7 @@ CLASS="section" ...@@ -5787,7 +5458,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1068" NAME="AEN1014"
></A ></A
>4.5.2. DBD::Sponge::db prepare failed</H2 >4.5.2. DBD::Sponge::db prepare failed</H2
><P ><P
...@@ -7027,98 +6698,341 @@ CLASS="QUOTE" ...@@ -7027,98 +6698,341 @@ CLASS="QUOTE"
><DIV ><DIV
CLASS="warning" CLASS="warning"
><P ><P
></P ></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>The User Regexp is a perl regexp and, if not anchored, will match
any part of an address. So, if you do not want to grant access
into 'mycompany.com' to 'badperson@mycompany.com.hacker.net', use
'@mycompany\.com$' as the regexp.</P
></TD
></TR
></TABLE
></DIV
></LI
><LI
><P
>After you add your new group, edit the new group. On the
edit page, you can specify other groups that should be included
in this group and which groups should be permitted to add and delete
users from this group.</P
></LI
></OL
><P
>&#13; Note that group permissions are such that you need to be a member
of <EM
>all</EM
> the groups a bug is in, for whatever
reason, to see that bug. Similarly, you must be a member
of <EM
>all</EM
> of the entry groups for a product
to add bugs to a product and you must be a member
of <EM
>all</EM
> of the canedit groups for a product
in order to make <EM
>any</EM
> change to bugs in that
product.
</P
></DIV
><DIV
CLASS="section"
><HR><H1
CLASS="section"
><A
NAME="security"
></A
>5.6. Bugzilla Security</H1
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Poorly-configured MySQL and Bugzilla installations have
given attackers full access to systems in the past. Please take these
guidelines seriously, even for Bugzilla machines hidden away behind
your firewall. 80% of all computer trespassers are insiders, not
anonymous crackers.</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>These instructions must, of necessity, be somewhat vague since
Bugzilla runs on so many different platforms. If you have refinements
of these directions, please submit a bug to <A
HREF="http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla&component=Documentation"
TARGET="_top"
>Bugzilla Documentation</A
>.
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>This is not meant to be a comprehensive list of every possible
security issue regarding the tools mentioned in this section. There is
no subsitute for reading the information written by the authors of any
software running on your system.
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="security-networking"
></A
>5.6.1. TCP/IP Ports</H2
><P
>TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla
only needs 1... 2 if you need to use features that require e-mail such
as bug moving or the e-mail interface from contrib. You should audit
your server and make sure that you aren't listening on any ports you
don't need to be. You may also wish to use some kind of firewall
software to be sure that trafic can only be recieved on ports you
specify.
</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="security-mysql"
></A
>5.6.2. MySQL</H2
><P
>MySQL ships by default with many settings that should be changed.
By defaults it allows anybody to connect from localhost without a
password and have full administrative capabilities. It also defaults to
not have a root password (this is <EM
>not</EM
> the same as
the system root). Also, many installations default to running
<SPAN
CLASS="application"
>mysqld</SPAN
> as the system root.
</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Consult the documentation that came with your system for
information on making <SPAN
CLASS="application"
>mysqld</SPAN
> run as an
unprivleged user.
</P
></LI
><LI
><P
>You should also be sure to disable the anonymous user account
and set a password for the root user. This is accomplished using the
following commands:
</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;<TT
CLASS="prompt"
>bash$</TT
> mysql mysql
<TT
CLASS="prompt"
>mysql&#62;</TT
> DELETE FROM user WHERE user = '';
<TT
CLASS="prompt"
>mysql&#62;</TT
> UPDATE user SET password = password('<TT
CLASS="replaceable"
><I
>new_password</I
></TT
>') WHERE user = 'root';
<TT
CLASS="prompt"
>mysql&#62;</TT
> FLUSH PRIVILEGES;
</PRE
></FONT
></TD
></TR
></TABLE
><P
>From this point forward you will need to use
<B
CLASS="command"
>mysql -u root -p</B
> and enter
<TT
CLASS="replaceable"
><I
>new_password</I
></TT
> when prompted when using the
mysql client.
</P
></LI
><LI
><P
>If you run MySQL on the same machine as your httpd server, you
should consider disabling networking from within MySQL by adding
the following to your <TT
CLASS="filename"
>/etc/my.conf</TT
>:
</P
><TABLE ><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0" BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR ><TR
><TD ><TD
WIDTH="25" ><FONT
ALIGN="CENTER" COLOR="#000000"
VALIGN="TOP" ><PRE
><IMG CLASS="programlisting"
SRC="../images/warning.gif" >&#13;[myslqd]
HSPACE="5" # Prevent network access to MySQL.
ALT="Warning"></TD skip-networking
><TD </PRE
ALIGN="LEFT" ></FONT
VALIGN="TOP"
><P
>The User Regexp is a perl regexp and, if not anchored, will match
any part of an address. So, if you do not want to grant access
into 'mycompany.com' to 'badperson@mycompany.com.hacker.net', use
'@mycompany\.com$' as the regexp.</P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV
></LI ></LI
><LI ><LI
><P ><P
>After you add your new group, edit the new group. On the >You may also consider running MySQL, or even all of Bugzilla
edit page, you can specify other groups that should be included in a chroot jail; however, instructions for doing that are beyond
in this group and which groups should be permitted to add and delete the scope of this document.
users from this group.</P </P
></LI ></LI
></OL ></OL
><P
>&#13; Note that group permissions are such that you need to be a member
of <EM
>all</EM
> the groups a bug is in, for whatever
reason, to see that bug. Similarly, you must be a member
of <EM
>all</EM
> of the entry groups for a product
to add bugs to a product and you must be a member
of <EM
>all</EM
> of the canedit groups for a product
in order to make <EM
>any</EM
> change to bugs in that
product.
</P
></DIV ></DIV
><DIV ><DIV
CLASS="section" CLASS="section"
><HR><H1 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="security" NAME="security-daemon"
></A ></A
>5.6. Bugzilla Security</H1 >5.6.3. Daemon Accounts</H2
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P ><P
>Poorly-configured MySQL and Bugzilla installations have >Many daemons, such as Apache's httpd and MySQL's mysqld default to
given attackers full access to systems in the past. Please take these running as either <SPAN
guidelines seriously, even for Bugzilla machines hidden away behind CLASS="QUOTE"
your firewall. 80% of all computer trespassers are insiders, not >"root"</SPAN
anonymous crackers.</P > or <SPAN
></TD CLASS="QUOTE"
></TR >"nobody"</SPAN
></TABLE >. Running
></DIV as <SPAN
CLASS="QUOTE"
>"root"</SPAN
> introduces obvious security problems, but the
problems introduced by running everything as <SPAN
CLASS="QUOTE"
>"nobody"</SPAN
> may
not be so obvious. Basically, if you're running every daemon as
<SPAN
CLASS="QUOTE"
>"nobody"</SPAN
> and one of them gets comprimised, they all get
comprimised. For this reason it is recommended that you create a user
account for each daemon.
</P
><DIV ><DIV
CLASS="note" CLASS="note"
><P ><P
...@@ -7140,67 +7054,232 @@ ALT="Note"></TD ...@@ -7140,67 +7054,232 @@ ALT="Note"></TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>These instructions must, of necessity, be somewhat vague since >You will need to set the <TT
Bugzilla runs on so many different platforms. If you have refinements CLASS="varname"
of these directions for specific platforms, please submit them to >webservergroup</TT
<A > to
HREF="mailto://mozilla-webtools@mozilla.org" the group you created for your webserver to run as in
TARGET="_top" <TT
>&#13; mozilla-webtools@mozilla.org</A CLASS="filename"
> >localconfig</TT
>. This will allow
<B
CLASS="command"
>./checksetup.pl</B
> to better adjust the file
permissions on your Bugzilla install so as to not require making
anything world-writable.
</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="security-access"
></A
>5.6.4. Web Server Access Controls</H2
><P
>There are many files that are placed in the Bugzilla directory
area that should not be accessable from the web. Because of the way
Bugzilla is currently layed out, the list of what should and should
not be accessible is rather complicated. A new installation method
is currently in the works which should solve this by allowing files
that shouldn't be accessible from the web to be placed in directory
outside the webroot. See
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=44659"
TARGET="_top"
>bug
44659</A
> for more information.
</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>In the main Bugzilla directory, you should:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block:
<TT
CLASS="filename"
>*.pl</TT
>, <TT
CLASS="filename"
>*localconfig*</TT
>, <TT
CLASS="filename"
>runtests.sh</TT
>
</P
></LI
><LI
><P
>But allow:
<TT
CLASS="filename"
>localconfig.js</TT
>, <TT
CLASS="filename"
>localconfig.rdf</TT
>
</P
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>data</TT
>:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow:
<TT
CLASS="filename"
>duplicates.rdf</TT
>
</P
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>data/webdot</TT
>:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>If you use a remote webdot server:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow
<TT
CLASS="filename"
>*.dot</TT
>
only for the remote webdot server</P
></LI
></UL
></LI
><LI
><P
>Otherwise, if you use a local GraphViz:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow:
<TT
CLASS="filename"
>*.png</TT
>, <TT
CLASS="filename"
>*.gif</TT
>, <TT
CLASS="filename"
>*.jpg</TT
>, <TT
CLASS="filename"
>*.map</TT
>
</P
></LI
></UL
></LI
><LI
><P
>And if you don't use any dot:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
></UL
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>Bugzilla</TT
>:</P
><P ><P
>To secure your installation:
<P
></P ></P
><OL ><UL
TYPE="1" COMPACT="COMPACT"
><LI ><LI
><P ><P
>&#13; <EM >Block everything</P
>There is no substitute for understanding the tools on your ></LI
system!</EM ></UL
>
Read
<A
HREF="http://www.mysql.com/doc/P/r/Privilege_system.html"
TARGET="_top"
>&#13; The MySQL Privilege System</A
>
until you can recite it from memory!</P
></LI ></LI
><LI ><LI
><P ><P
>Lock down <TT >In <TT
CLASS="filename" CLASS="filename"
>/etc/inetd.conf</TT >template</TT
>. Heck, disable >:</P
inet entirely on this box. It should only listen to port 25 for ><P
Sendmail and port 80 for Apache.</P ></P
></LI ><UL
COMPACT="COMPACT"
><LI ><LI
><P ><P
>Do not run Apache as >Block everything</P
<SPAN ></LI
CLASS="QUOTE" ></UL
>"nobody"</SPAN ></LI
> ></UL
><DIV
. This will require very lax permissions in your Bugzilla CLASS="tip"
directories. Run it, instead, as a user with a name, set via your
httpd.conf file.
<DIV
CLASS="note"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="tip"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -7209,69 +7288,64 @@ WIDTH="25" ...@@ -7209,69 +7288,64 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/tip.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Tip"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>&#13; <SPAN >Bugzilla ships with the ability to generate
CLASS="QUOTE" <TT
>"nobody"</SPAN CLASS="filename"
> >.htaccess</TT
> files instructing
is a real user on UNIX systems. Having a process run as user id <A
<SPAN HREF="#gloss-apache"
CLASS="QUOTE" ><I
>"nobody"</SPAN CLASS="glossterm"
> >Apache</I
></A
is absolutely no protection against system crackers versus using > which files
any other user account. As a general security measure, I recommend should and should not be accessible. For more information, see
you create unique user ID's for each daemon running on your system <A
and, if possible, use "chroot" to jail that process away from the HREF="#http-apache"
rest of your system.</P >Section 4.4.1</A
>.
</P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
>
</P
></LI
><LI
><P
>Ensure you have adequate access controls for the
<TT
CLASS="filename"
>$BUGZILLA_HOME/data/</TT
> directory, as well as the
<TT
CLASS="filename"
>$BUGZILLA_HOME/localconfig</TT
> file.
The localconfig file stores your "bugs" database account password.
In addition, some
files under <TT
CLASS="filename"
>$BUGZILLA_HOME/data/</TT
> store sensitive
information.
</P
><P ><P
>Also, beware that some text editors create backup files in the >You should test to make sure that the files mentioned above are
current working directory so you need to also secure files like not accessible from the Internet, especially your
<TT <TT
CLASS="filename" CLASS="filename"
>localconfig~</TT >localconfig</TT
>. > file which contains your database
password. To test, simply point your web browser at the file; for
example, to test mozilla.org's installation, we'd try to access
<A
HREF="http://bugzilla.mozilla.org/localconfig"
TARGET="_top"
>http://bugzilla.mozilla.org/localconfig</A
>. You should
get a <SPAN
CLASS="errorcode"
>403</SPAN
> <SPAN
CLASS="errorname"
>Forbidden</SPAN
>
error.
</P </P
><DIV ><DIV
CLASS="note" CLASS="caution"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="caution"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -7280,102 +7354,27 @@ WIDTH="25" ...@@ -7280,102 +7354,27 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/caution.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Caution"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>Simply blocking <TT >Not following the instructions in this section, including
CLASS="computeroutput" testing, may result in sensitive information being globally
>.*localconfig.*</TT accessible.
>
won't work because the QuickSearch feature requires the web browser
to be able to retrieve <TT
CLASS="filename"
>localconfig.js</TT
> and
others may be introduced in the future (see
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383"
TARGET="_top"
>bug
186383</A
> for more information.
</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><P
>Bugzilla provides default <TT
CLASS="filename"
>.htaccess</TT
> files
to protect the most common Apache installations. However, you should
verify these are adequate according to the site-wide security policy
of your web server, and ensure that the <TT
CLASS="filename"
>.htaccess</TT
>
files are allowed to <SPAN
CLASS="QUOTE"
>"override"</SPAN
> default permissions set
in your Apache configuration files. Covering Apache security is beyond
the scope of this Guide; please consult the Apache documentation for
details.
</P
><P
>If you are using a web server that does not support the
<TT
CLASS="filename"
>.htaccess</TT
> control method,
<EM
>you are at risk!</EM
>
After installing, check to see if you can view the file
<TT
CLASS="filename"
>localconfig</TT
> in your web browser (e.g.:
<A
HREF="http://bugzilla.mozilla.org/localconfig"
TARGET="_top"
>&#13; http://bugzilla.mozilla.org/localconfig</A
>
). If you can read the contents of this file, your web server has
not secured your bugzilla directory properly and you must fix this
problem before deploying Bugzilla. If, however, it gives you a
"Forbidden" error, then it probably respects the .htaccess
conventions and you are good to go.</P
></LI
><LI
><P
>When you run checksetup.pl, the script will attempt to modify
various permissions on files which Bugzilla uses. If you do not have
a webservergroup set in the <TT
CLASS="filename"
>localconfig</TT
> file,
then Bugzilla will have to make certain files world readable and/or
writable.
<EM
>THIS IS INSECURE!</EM
>
. This means that anyone who can get access to your system can do
whatever they want to your Bugzilla installation.</P
><DIV ><DIV
CLASS="note" CLASS="tip"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="tip"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -7384,90 +7383,26 @@ WIDTH="25" ...@@ -7384,90 +7383,26 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/tip.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Tip"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>This also means that if your webserver runs all cgi scripts >You should check <A
as the same user/group, anyone on the system who can run cgi HREF="#http"
scripts will be able to take control of your Bugzilla >Section 4.4</A
installation.</P > to see if instructions
have been included for your web server. You should also compare those
instructions with this list to make sure everything is properly
accounted for.
</P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><P ></DIV
>On Apache, you can use <TT
CLASS="filename"
>.htaccess</TT
> files to
protect access to these directories, as outlined in Bugs
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=57161"
TARGET="_top"
>&#13; 57161</A
> and
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383"
TARGET="_top"
>&#13; 186383</A
>
for the <TT
CLASS="filename"
>localconfig</TT
> file, and
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=65572"
TARGET="_top"
>Bug
65572</A
>
for adequate protection in your <TT
CLASS="filename"
>data/</TT
> directory.
Also, don't forget about the <TT
CLASS="filename"
>template/</TT
> and
<TT
CLASS="filename"
>Bugzilla/</TT
> directories and to allow access to the
<TT
CLASS="filename"
>data/webdot</TT
> directory for the
<TT
CLASS="computeroutput"
>192.20.225.10</TT
> IP address if you are
using webdot from research.att.com. The easiest way to
accomplish this is to set <TT
CLASS="function"
>$create_htaccess</TT
> to 1
in <TT
CLASS="filename"
>localconfig</TT
>. However, the information below
is provided for those that want to know exactly what is created.
</P
><P
>FIX ME BEFORE RELEASE!!!!!
Note the instructions which follow are Apache-specific. If you
use IIS, Netscape, or other non-Apache web servers, please consult
your system documentation for how to secure these files from being
transmitted to curious users.</P
></LI
></OL
>
</P
></DIV ></DIV
><DIV ><DIV
CLASS="section" CLASS="section"
...@@ -7500,7 +7435,7 @@ CLASS="section" ...@@ -7500,7 +7435,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1413" NAME="AEN1443"
></A ></A
>5.7.1. What to Edit</H2 >5.7.1. What to Edit</H2
><P ><P
...@@ -7615,7 +7550,7 @@ CLASS="section" ...@@ -7615,7 +7550,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1432" NAME="AEN1462"
></A ></A
>5.7.2. How To Edit Templates</H2 >5.7.2. How To Edit Templates</H2
><P ><P
...@@ -7697,7 +7632,7 @@ CLASS="section" ...@@ -7697,7 +7632,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1442" NAME="AEN1472"
></A ></A
>5.7.3. Template Formats</H2 >5.7.3. Template Formats</H2
><P ><P
...@@ -7759,7 +7694,7 @@ CLASS="section" ...@@ -7759,7 +7694,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1455" NAME="AEN1485"
></A ></A
>5.7.4. Particular Templates</H2 >5.7.4. Particular Templates</H2
><P ><P
...@@ -8761,64 +8696,64 @@ HREF="#faq-general" ...@@ -8761,64 +8696,64 @@ HREF="#faq-general"
><DL ><DL
><DT ><DT
>A.1.1. <A >A.1.1. <A
HREF="#AEN1617" HREF="#faq-general-information"
>&#13; Where can I find information about Bugzilla?</A >&#13; Where can I find information about Bugzilla?</A
></DT ></DT
><DT ><DT
>A.1.2. <A >A.1.2. <A
HREF="#AEN1623" HREF="#faq-general-license"
>&#13; What license is Bugzilla distributed under? >&#13; What license is Bugzilla distributed under?
</A </A
></DT ></DT
><DT ><DT
>A.1.3. <A >A.1.3. <A
HREF="#AEN1629" HREF="#faq-general-support"
>&#13; How do I get commercial support for Bugzilla? >&#13; How do I get commercial support for Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.1.4. <A >A.1.4. <A
HREF="#AEN1638" HREF="#faq-general-companies"
>&#13; What major companies or projects are currently using Bugzilla >&#13; What major companies or projects are currently using Bugzilla
for bug-tracking? for bug-tracking?
</A </A
></DT ></DT
><DT ><DT
>A.1.5. <A >A.1.5. <A
HREF="#AEN1662" HREF="#faq-general-maintainers"
>&#13; Who maintains Bugzilla? >&#13; Who maintains Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.1.6. <A >A.1.6. <A
HREF="#AEN1668" HREF="#faq-general-compare"
>&#13; How does Bugzilla stack up against other bug-tracking databases? >&#13; How does Bugzilla stack up against other bug-tracking databases?
</A </A
></DT ></DT
><DT ><DT
>A.1.7. <A >A.1.7. <A
HREF="#AEN1674" HREF="#faq-general-bzmissing"
>&#13; Why doesn't Bugzilla offer this or that feature or compatibility >&#13; Why doesn't Bugzilla offer this or that feature or compatibility
with this other tracking software? with this other tracking software?
</A </A
></DT ></DT
><DT ><DT
>A.1.8. <A >A.1.8. <A
HREF="#AEN1681" HREF="#faq-general-mysql"
>&#13; Why MySQL? I'm interested in seeing Bugzilla run on >&#13; Why MySQL? I'm interested in seeing Bugzilla run on
Oracle/Sybase/Msql/PostgreSQL/MSSQL. Oracle/Sybase/Msql/PostgreSQL/MSSQL.
</A </A
></DT ></DT
><DT ><DT
>A.1.9. <A >A.1.9. <A
HREF="#AEN1690" HREF="#faq-general-bonsaitools"
>&#13; Why do the scripts say "/usr/bonsaitools/bin/perl" instead of >&#13; Why do the scripts say "/usr/bonsaitools/bin/perl" instead of
"/usr/bin/perl" or something else? "/usr/bin/perl" or something else?
</A </A
></DT ></DT
><DT ><DT
>A.1.10. <A >A.1.10. <A
HREF="#AEN1696" HREF="#faq-general-cookie"
>&#13; Is there an easy way to change the Bugzilla cookie name? >&#13; Is there an easy way to change the Bugzilla cookie name?
</A </A
></DT ></DT
...@@ -8833,41 +8768,41 @@ HREF="#faq-phb" ...@@ -8833,41 +8768,41 @@ HREF="#faq-phb"
><DL ><DL
><DT ><DT
>A.2.1. <A >A.2.1. <A
HREF="#AEN1706" HREF="#faq-phb-client"
>&#13; Is Bugzilla web-based, or do you have to have specific software or >&#13; Is Bugzilla web-based, or do you have to have specific software or
a specific operating system on your machine? a specific operating system on your machine?
</A </A
></DT ></DT
><DT ><DT
>A.2.2. <A >A.2.2. <A
HREF="#AEN1711" HREF="#faq-phb-integration"
>&#13; Can Bugzilla integrate with >&#13; Can Bugzilla integrate with
Perforce (SCM software)? Perforce (SCM software)?
</A </A
></DT ></DT
><DT ><DT
>A.2.3. <A >A.2.3. <A
HREF="#AEN1716" HREF="#faq-phb-projects"
>&#13; Does Bugzilla allow the user to track multiple projects? >&#13; Does Bugzilla allow the user to track multiple projects?
</A </A
></DT ></DT
><DT ><DT
>A.2.4. <A >A.2.4. <A
HREF="#AEN1721" HREF="#faq-phb-sorting"
>&#13; If I am on many projects, and search for all bugs assigned to me, will >&#13; If I am on many projects, and search for all bugs assigned to me, will
Bugzilla list them for me and allow me to sort by project, severity etc? Bugzilla list them for me and allow me to sort by project, severity etc?
</A </A
></DT ></DT
><DT ><DT
>A.2.5. <A >A.2.5. <A
HREF="#AEN1726" HREF="#faq-phb-attachments"
>&#13; Does Bugzilla allow attachments (text, screenshots, URLs etc)? If yes, >&#13; Does Bugzilla allow attachments (text, screenshots, URLs etc)? If yes,
are there any that are NOT allowed? are there any that are NOT allowed?
</A </A
></DT ></DT
><DT ><DT
>A.2.6. <A >A.2.6. <A
HREF="#AEN1731" HREF="#faq-phb-priorities"
>&#13; Does Bugzilla allow us to define our own priorities and levels? Do we >&#13; Does Bugzilla allow us to define our own priorities and levels? Do we
have complete freedom to change the labels of fields and format of them, and have complete freedom to change the labels of fields and format of them, and
the choice of acceptable values? the choice of acceptable values?
...@@ -8875,35 +8810,35 @@ HREF="#AEN1731" ...@@ -8875,35 +8810,35 @@ HREF="#AEN1731"
></DT ></DT
><DT ><DT
>A.2.7. <A >A.2.7. <A
HREF="#AEN1738" HREF="#faq-phb-reporting"
>&#13; Does Bugzilla provide any reporting features, metrics, graphs, etc? You >&#13; Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :) know, the type of stuff that management likes to see. :)
</A </A
></DT ></DT
><DT ><DT
>A.2.8. <A >A.2.8. <A
HREF="#AEN1745" HREF="#faq-phb-email"
>&#13; Is there email notification and if so, what do you see when you get an >&#13; Is there email notification and if so, what do you see when you get an
email? email?
</A </A
></DT ></DT
><DT ><DT
>A.2.9. <A >A.2.9. <A
HREF="#AEN1750" HREF="#faq-phb-cclist"
>&#13; Can email notification be set up to send to multiple >&#13; Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc? people, some on the To List, CC List, BCC List etc?
</A </A
></DT ></DT
><DT ><DT
>A.2.10. <A >A.2.10. <A
HREF="#AEN1755" HREF="#faq-phb-emailapp"
>&#13; Do users have to have any particular >&#13; Do users have to have any particular
type of email application? type of email application?
</A </A
></DT ></DT
><DT ><DT
>A.2.11. <A >A.2.11. <A
HREF="#AEN1762" HREF="#faq-phb-data"
>&#13; Does Bugzilla allow data to be imported and exported? If I had outsiders >&#13; Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query imported into "matching" fields? If I wanted to take the results of a query
...@@ -8912,28 +8847,28 @@ HREF="#AEN1762" ...@@ -8912,28 +8847,28 @@ HREF="#AEN1762"
></DT ></DT
><DT ><DT
>A.2.12. <A >A.2.12. <A
HREF="#AEN1774" HREF="#faq-phb-l10n"
>&#13; Has anyone converted Bugzilla to another language to be used in other >&#13; Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable? countries? Is it localizable?
</A </A
></DT ></DT
><DT ><DT
>A.2.13. <A >A.2.13. <A
HREF="#AEN1781" HREF="#faq-phb-reports"
>&#13; Can a user create and save reports? Can they do this in Word format? >&#13; Can a user create and save reports? Can they do this in Word format?
Excel format? Excel format?
</A </A
></DT ></DT
><DT ><DT
>A.2.14. <A >A.2.14. <A
HREF="#AEN1786" HREF="#faq-phb-searching"
>&#13; Does Bugzilla have the ability to search by word, phrase, compound >&#13; Does Bugzilla have the ability to search by word, phrase, compound
search? search?
</A </A
></DT ></DT
><DT ><DT
>A.2.15. <A >A.2.15. <A
HREF="#AEN1791" HREF="#faq-phb-midair"
>&#13; Does Bugzilla provide record locking when there is simultaneous access >&#13; Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use to the same bug? Does the second person get a notice that the bug is in use
or how are they notified? or how are they notified?
...@@ -8941,19 +8876,19 @@ HREF="#AEN1791" ...@@ -8941,19 +8876,19 @@ HREF="#AEN1791"
></DT ></DT
><DT ><DT
>A.2.16. <A >A.2.16. <A
HREF="#AEN1796" HREF="#faq-phb-backup"
>&#13; Are there any backup features provided? >&#13; Are there any backup features provided?
</A </A
></DT ></DT
><DT ><DT
>A.2.17. <A >A.2.17. <A
HREF="#AEN1802" HREF="#faq-phb-livebackup"
>&#13; Can users be on the system while a backup is in progress? >&#13; Can users be on the system while a backup is in progress?
</A </A
></DT ></DT
><DT ><DT
>A.2.18. <A >A.2.18. <A
HREF="#AEN1807" HREF="#faq-phb-maintenance"
>&#13; What type of human resources are needed to be on staff to install and >&#13; What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of have? I need to find out if we were to go with Bugzilla, what types of
...@@ -8963,7 +8898,7 @@ HREF="#AEN1807" ...@@ -8963,7 +8898,7 @@ HREF="#AEN1807"
></DT ></DT
><DT ><DT
>A.2.19. <A >A.2.19. <A
HREF="#AEN1813" HREF="#faq-phb-installtime"
>&#13; What time frame are we looking at if we decide to hire people to install >&#13; What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this install and a couple of hours per week to maintain and customize or is this
...@@ -8973,7 +8908,7 @@ HREF="#AEN1813" ...@@ -8973,7 +8908,7 @@ HREF="#AEN1813"
></DT ></DT
><DT ><DT
>A.2.20. <A >A.2.20. <A
HREF="#AEN1818" HREF="#faq-phb-cost"
>&#13; Is there any licensing fee or other fees for using Bugzilla? Any >&#13; Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above? out-of-pocket cost other than the bodies needed as identified above?
</A </A
...@@ -8989,20 +8924,20 @@ HREF="#faq-security" ...@@ -8989,20 +8924,20 @@ HREF="#faq-security"
><DL ><DL
><DT ><DT
>A.3.1. <A >A.3.1. <A
HREF="#AEN1825" HREF="#faq-security-mysql"
>&#13; How do I completely disable MySQL security if it's giving me problems >&#13; How do I completely disable MySQL security if it's giving me problems
(I've followed the instructions in the installation section of this guide)? (I've followed the instructions in the installation section of this guide)?
</A </A
></DT ></DT
><DT ><DT
>A.3.2. <A >A.3.2. <A
HREF="#AEN1831" HREF="#faq-security-knownproblems"
>&#13; Are there any security problems with Bugzilla? >&#13; Are there any security problems with Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.3.3. <A >A.3.3. <A
HREF="#AEN1836" HREF="#faq-security-mysqluser"
>&#13; I've implemented the security fixes mentioned in Chris Yeh's security >&#13; I've implemented the security fixes mentioned in Chris Yeh's security
advisory of 5/10/2000 advising not to run MySQL as root, and am running into advisory of 5/10/2000 advising not to run MySQL as root, and am running into
problems with MySQL no longer working correctly. problems with MySQL no longer working correctly.
...@@ -9019,48 +8954,48 @@ HREF="#faq-email" ...@@ -9019,48 +8954,48 @@ HREF="#faq-email"
><DL ><DL
><DT ><DT
>A.4.1. <A >A.4.1. <A
HREF="#AEN1843" HREF="#faq-email-nomail"
>&#13; I have a user who doesn't want to receive any more email from Bugzilla. >&#13; I have a user who doesn't want to receive any more email from Bugzilla.
How do I stop it entirely for this user? How do I stop it entirely for this user?
</A </A
></DT ></DT
><DT ><DT
>A.4.2. <A >A.4.2. <A
HREF="#AEN1849" HREF="#faq-email-testing"
>&#13; I'm evaluating/testing Bugzilla, and don't want it to send email to >&#13; I'm evaluating/testing Bugzilla, and don't want it to send email to
anyone but me. How do I do it? anyone but me. How do I do it?
</A </A
></DT ></DT
><DT ><DT
>A.4.3. <A >A.4.3. <A
HREF="#AEN1854" HREF="#faq-email-whine"
>&#13; I want whineatnews.pl to whine at something more, or other than, only new >&#13; I want whineatnews.pl to whine at something more, or other than, only new
bugs. How do I do it? bugs. How do I do it?
</A </A
></DT ></DT
><DT ><DT
>A.4.4. <A >A.4.4. <A
HREF="#AEN1860" HREF="#faq-email-procmail"
>&#13; I don't like/want to use Procmail to hand mail off to bug_email.pl. >&#13; I don't like/want to use Procmail to hand mail off to bug_email.pl.
What alternatives do I have? What alternatives do I have?
</A </A
></DT ></DT
><DT ><DT
>A.4.5. <A >A.4.5. <A
HREF="#AEN1867" HREF="#faq-email-mailif"
>&#13; How do I set up the email interface to submit/change bugs via email? >&#13; How do I set up the email interface to submit/change bugs via email?
</A </A
></DT ></DT
><DT ><DT
>A.4.6. <A >A.4.6. <A
HREF="#AEN1872" HREF="#faq-email-sendmailnow"
>&#13; Email takes FOREVER to reach me from Bugzilla -- it's extremely slow. >&#13; Email takes FOREVER to reach me from Bugzilla -- it's extremely slow.
What gives? What gives?
</A </A
></DT ></DT
><DT ><DT
>A.4.7. <A >A.4.7. <A
HREF="#AEN1879" HREF="#faq-email-nonreceived"
>&#13; How come email from Bugzilla changes never reaches me? >&#13; How come email from Bugzilla changes never reaches me?
</A </A
></DT ></DT
...@@ -9075,33 +9010,33 @@ HREF="#faq-db" ...@@ -9075,33 +9010,33 @@ HREF="#faq-db"
><DL ><DL
><DT ><DT
>A.5.1. <A >A.5.1. <A
HREF="#AEN1887" HREF="#faq-db-oracle"
>&#13; I've heard Bugzilla can be used with Oracle? >&#13; I've heard Bugzilla can be used with Oracle?
</A </A
></DT ></DT
><DT ><DT
>A.5.2. <A >A.5.2. <A
HREF="#AEN1892" HREF="#faq-db-corrupted"
>&#13; I think my database might be corrupted, or contain invalid entries. What >&#13; I think my database might be corrupted, or contain invalid entries. What
do I do? do I do?
</A </A
></DT ></DT
><DT ><DT
>A.5.3. <A >A.5.3. <A
HREF="#AEN1900" HREF="#faq-db-manualedit"
>&#13; I want to manually edit some entries in my database. How? >&#13; I want to manually edit some entries in my database. How?
</A </A
></DT ></DT
><DT ><DT
>A.5.4. <A >A.5.4. <A
HREF="#AEN1908" HREF="#faq-db-permissions"
>&#13; I think I've set up MySQL permissions correctly, but Bugzilla still can't >&#13; I think I've set up MySQL permissions correctly, but Bugzilla still can't
connect. connect.
</A </A
></DT ></DT
><DT ><DT
>A.5.5. <A >A.5.5. <A
HREF="#AEN1916" HREF="#faq-db-synchronize"
>&#13; How do I synchronize bug information among multiple different Bugzilla >&#13; How do I synchronize bug information among multiple different Bugzilla
databases? databases?
</A </A
...@@ -9117,26 +9052,26 @@ HREF="#faq-nt" ...@@ -9117,26 +9052,26 @@ HREF="#faq-nt"
><DL ><DL
><DT ><DT
>A.6.1. <A >A.6.1. <A
HREF="#AEN1925" HREF="#faq-nt-easiest"
>&#13; What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)? >&#13; What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)?
</A </A
></DT ></DT
><DT ><DT
>A.6.2. <A >A.6.2. <A
HREF="#AEN1930" HREF="#faq-nt-bundle"
>&#13; Is there a "Bundle::Bugzilla" equivalent for Win32? >&#13; Is there a "Bundle::Bugzilla" equivalent for Win32?
</A </A
></DT ></DT
><DT ><DT
>A.6.3. <A >A.6.3. <A
HREF="#AEN1935" HREF="#faq-nt-mappings"
>&#13; CGI's are failing with a "something.cgi is not a valid Windows NT >&#13; CGI's are failing with a "something.cgi is not a valid Windows NT
application" error. Why? application" error. Why?
</A </A
></DT ></DT
><DT ><DT
>A.6.4. <A >A.6.4. <A
HREF="#AEN1943" HREF="#faq-nt-dbi"
>&#13; I'm having trouble with the perl modules for NT not being able to talk to >&#13; I'm having trouble with the perl modules for NT not being able to talk to
to the database. to the database.
</A </A
...@@ -9152,33 +9087,33 @@ HREF="#faq-use" ...@@ -9152,33 +9087,33 @@ HREF="#faq-use"
><DL ><DL
><DT ><DT
>A.7.1. <A >A.7.1. <A
HREF="#AEN1964" HREF="#faq-use-changeaddress"
>&#13; How do I change my user name (email address) in Bugzilla? >&#13; How do I change my user name (email address) in Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.7.2. <A >A.7.2. <A
HREF="#AEN1969" HREF="#faq-use-query"
>&#13; The query page is very confusing. Isn't there a simpler way to query? >&#13; The query page is very confusing. Isn't there a simpler way to query?
</A </A
></DT ></DT
><DT ><DT
>A.7.3. <A >A.7.3. <A
HREF="#AEN1974" HREF="#faq-use-accept"
>&#13; I'm confused by the behavior of the "accept" button in the Show Bug form. >&#13; I'm confused by the behavior of the "accept" button in the Show Bug form.
Why doesn't it assign the bug to me when I accept it? Why doesn't it assign the bug to me when I accept it?
</A </A
></DT ></DT
><DT ><DT
>A.7.4. <A >A.7.4. <A
HREF="#AEN1984" HREF="#faq-use-attachment"
>&#13; I can't upload anything into the database via the "Create Attachment" >&#13; I can't upload anything into the database via the "Create Attachment"
link. What am I doing wrong? link. What am I doing wrong?
</A </A
></DT ></DT
><DT ><DT
>A.7.5. <A >A.7.5. <A
HREF="#AEN1989" HREF="#faq-use-keyword"
>&#13; How do I change a keyword in Bugzilla, once some bugs are using it? >&#13; How do I change a keyword in Bugzilla, once some bugs are using it?
</A </A
></DT ></DT
...@@ -9193,26 +9128,26 @@ HREF="#faq-hacking" ...@@ -9193,26 +9128,26 @@ HREF="#faq-hacking"
><DL ><DL
><DT ><DT
>A.8.1. <A >A.8.1. <A
HREF="#AEN1996" HREF="#faq-hacking-templatestyle"
>&#13; What kind of style should I use for templatization? >&#13; What kind of style should I use for templatization?
</A </A
></DT ></DT
><DT ><DT
>A.8.2. <A >A.8.2. <A
HREF="#AEN2004" HREF="#faq-hacking-bugzillabugs"
>&#13; What bugs are in Bugzilla right now? >&#13; What bugs are in Bugzilla right now?
</A </A
></DT ></DT
><DT ><DT
>A.8.3. <A >A.8.3. <A
HREF="#AEN2013" HREF="#faq-hacking-priority"
>&#13; How can I change the default priority to a null value? For instance, have the default >&#13; How can I change the default priority to a null value? For instance, have the default
priority be "---" instead of "P2"? priority be "---" instead of "P2"?
</A </A
></DT ></DT
><DT ><DT
>A.8.4. <A >A.8.4. <A
HREF="#AEN2019" HREF="#faq-hacking-patches"
>&#13; What's the best way to submit patches? What guidelines should I follow? >&#13; What's the best way to submit patches? What guidelines should I follow?
</A </A
></DT ></DT
...@@ -9232,7 +9167,7 @@ CLASS="qandaentry" ...@@ -9232,7 +9167,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1617" NAME="faq-general-information"
></A ></A
><B ><B
>A.1.1. </B >A.1.1. </B
...@@ -9260,7 +9195,7 @@ CLASS="qandaentry" ...@@ -9260,7 +9195,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1623" NAME="faq-general-license"
></A ></A
><B ><B
>A.1.2. </B >A.1.2. </B
...@@ -9289,7 +9224,7 @@ CLASS="qandaentry" ...@@ -9289,7 +9224,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1629" NAME="faq-general-support"
></A ></A
><B ><B
>A.1.3. </B >A.1.3. </B
...@@ -9335,7 +9270,7 @@ CLASS="qandaentry" ...@@ -9335,7 +9270,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1638" NAME="faq-general-companies"
></A ></A
><B ><B
>A.1.4. </B >A.1.4. </B
...@@ -9441,7 +9376,7 @@ CLASS="qandaentry" ...@@ -9441,7 +9376,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1662" NAME="faq-general-maintainers"
></A ></A
><B ><B
>A.1.5. </B >A.1.5. </B
...@@ -9471,7 +9406,7 @@ CLASS="qandaentry" ...@@ -9471,7 +9406,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1668" NAME="faq-general-compare"
></A ></A
><B ><B
>A.1.6. </B >A.1.6. </B
...@@ -9509,7 +9444,7 @@ CLASS="qandaentry" ...@@ -9509,7 +9444,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1674" NAME="faq-general-bzmissing"
></A ></A
><B ><B
>A.1.7. </B >A.1.7. </B
...@@ -9549,7 +9484,7 @@ CLASS="qandaentry" ...@@ -9549,7 +9484,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1681" NAME="faq-general-mysql"
></A ></A
><B ><B
>A.1.8. </B >A.1.8. </B
...@@ -9594,7 +9529,7 @@ CLASS="qandaentry" ...@@ -9594,7 +9529,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1690" NAME="faq-general-bonsaitools"
></A ></A
><B ><B
>A.1.9. </B >A.1.9. </B
...@@ -9627,7 +9562,7 @@ CLASS="qandaentry" ...@@ -9627,7 +9562,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1696" NAME="faq-general-cookie"
></A ></A
><B ><B
>A.1.10. </B >A.1.10. </B
...@@ -9689,7 +9624,7 @@ CLASS="qandaentry" ...@@ -9689,7 +9624,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1706" NAME="faq-phb-client"
></A ></A
><B ><B
>A.2.1. </B >A.2.1. </B
...@@ -9715,7 +9650,7 @@ CLASS="qandaentry" ...@@ -9715,7 +9650,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1711" NAME="faq-phb-integration"
></A ></A
><B ><B
>A.2.2. </B >A.2.2. </B
...@@ -9741,7 +9676,7 @@ CLASS="qandaentry" ...@@ -9741,7 +9676,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1716" NAME="faq-phb-projects"
></A ></A
><B ><B
>A.2.3. </B >A.2.3. </B
...@@ -9766,7 +9701,7 @@ CLASS="qandaentry" ...@@ -9766,7 +9701,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1721" NAME="faq-phb-sorting"
></A ></A
><B ><B
>A.2.4. </B >A.2.4. </B
...@@ -9791,7 +9726,7 @@ CLASS="qandaentry" ...@@ -9791,7 +9726,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1726" NAME="faq-phb-attachments"
></A ></A
><B ><B
>A.2.5. </B >A.2.5. </B
...@@ -9820,7 +9755,7 @@ CLASS="qandaentry" ...@@ -9820,7 +9755,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1731" NAME="faq-phb-priorities"
></A ></A
><B ><B
>A.2.6. </B >A.2.6. </B
...@@ -9857,7 +9792,7 @@ CLASS="qandaentry" ...@@ -9857,7 +9792,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1738" NAME="faq-phb-reporting"
></A ></A
><B ><B
>A.2.7. </B >A.2.7. </B
...@@ -9895,7 +9830,7 @@ CLASS="qandaentry" ...@@ -9895,7 +9830,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1745" NAME="faq-phb-email"
></A ></A
><B ><B
>A.2.8. </B >A.2.8. </B
...@@ -9922,7 +9857,7 @@ CLASS="qandaentry" ...@@ -9922,7 +9857,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1750" NAME="faq-phb-cclist"
></A ></A
><B ><B
>A.2.9. </B >A.2.9. </B
...@@ -9947,7 +9882,7 @@ CLASS="qandaentry" ...@@ -9947,7 +9882,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1755" NAME="faq-phb-emailapp"
></A ></A
><B ><B
>A.2.10. </B >A.2.10. </B
...@@ -10006,7 +9941,7 @@ CLASS="qandaentry" ...@@ -10006,7 +9941,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1762" NAME="faq-phb-data"
></A ></A
><B ><B
>A.2.11. </B >A.2.11. </B
...@@ -10068,7 +10003,7 @@ CLASS="qandaentry" ...@@ -10068,7 +10003,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1774" NAME="faq-phb-l10n"
></A ></A
><B ><B
>A.2.12. </B >A.2.12. </B
...@@ -10106,7 +10041,7 @@ CLASS="qandaentry" ...@@ -10106,7 +10041,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1781" NAME="faq-phb-reports"
></A ></A
><B ><B
>A.2.13. </B >A.2.13. </B
...@@ -10131,7 +10066,7 @@ CLASS="qandaentry" ...@@ -10131,7 +10066,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1786" NAME="faq-phb-searching"
></A ></A
><B ><B
>A.2.14. </B >A.2.14. </B
...@@ -10157,7 +10092,7 @@ CLASS="qandaentry" ...@@ -10157,7 +10092,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1791" NAME="faq-phb-midair"
></A ></A
><B ><B
>A.2.15. </B >A.2.15. </B
...@@ -10184,7 +10119,7 @@ CLASS="qandaentry" ...@@ -10184,7 +10119,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1796" NAME="faq-phb-backup"
></A ></A
><B ><B
>A.2.16. </B >A.2.16. </B
...@@ -10214,7 +10149,7 @@ CLASS="qandaentry" ...@@ -10214,7 +10149,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1802" NAME="faq-phb-livebackup"
></A ></A
><B ><B
>A.2.17. </B >A.2.17. </B
...@@ -10240,7 +10175,7 @@ CLASS="qandaentry" ...@@ -10240,7 +10175,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1807" NAME="faq-phb-maintenance"
></A ></A
><B ><B
>A.2.18. </B >A.2.18. </B
...@@ -10275,7 +10210,7 @@ CLASS="qandaentry" ...@@ -10275,7 +10210,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1813" NAME="faq-phb-installtime"
></A ></A
><B ><B
>A.2.19. </B >A.2.19. </B
...@@ -10308,7 +10243,7 @@ CLASS="qandaentry" ...@@ -10308,7 +10243,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1818" NAME="faq-phb-cost"
></A ></A
><B ><B
>A.2.20. </B >A.2.20. </B
...@@ -10342,7 +10277,7 @@ CLASS="qandaentry" ...@@ -10342,7 +10277,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1825" NAME="faq-security-mysql"
></A ></A
><B ><B
>A.3.1. </B >A.3.1. </B
...@@ -10371,7 +10306,7 @@ CLASS="qandaentry" ...@@ -10371,7 +10306,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1831" NAME="faq-security-knownproblems"
></A ></A
><B ><B
>A.3.2. </B >A.3.2. </B
...@@ -10399,7 +10334,7 @@ CLASS="qandaentry" ...@@ -10399,7 +10334,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1836" NAME="faq-security-mysqluser"
></A ></A
><B ><B
>A.3.3. </B >A.3.3. </B
...@@ -10435,7 +10370,7 @@ CLASS="qandaentry" ...@@ -10435,7 +10370,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1843" NAME="faq-email-nomail"
></A ></A
><B ><B
>A.4.1. </B >A.4.1. </B
...@@ -10465,7 +10400,7 @@ CLASS="qandaentry" ...@@ -10465,7 +10400,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1849" NAME="faq-email-testing"
></A ></A
><B ><B
>A.4.2. </B >A.4.2. </B
...@@ -10491,7 +10426,7 @@ CLASS="qandaentry" ...@@ -10491,7 +10426,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1854" NAME="faq-email-whine"
></A ></A
><B ><B
>A.4.3. </B >A.4.3. </B
...@@ -10523,7 +10458,7 @@ CLASS="qandaentry" ...@@ -10523,7 +10458,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1860" NAME="faq-email-procmail"
></A ></A
><B ><B
>A.4.4. </B >A.4.4. </B
...@@ -10541,7 +10476,7 @@ CLASS="answer" ...@@ -10541,7 +10476,7 @@ CLASS="answer"
You can call bug_email.pl directly from your aliases file, with You can call bug_email.pl directly from your aliases file, with
an entry like this: an entry like this:
<A <A
NAME="AEN1864" NAME="AEN1894"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -10562,7 +10497,7 @@ CLASS="qandaentry" ...@@ -10562,7 +10497,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1867" NAME="faq-email-mailif"
></A ></A
><B ><B
>A.4.5. </B >A.4.5. </B
...@@ -10587,7 +10522,7 @@ CLASS="qandaentry" ...@@ -10587,7 +10522,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1872" NAME="faq-email-sendmailnow"
></A ></A
><B ><B
>A.4.6. </B >A.4.6. </B
...@@ -10602,17 +10537,43 @@ CLASS="answer" ...@@ -10602,17 +10537,43 @@ CLASS="answer"
><B ><B
> </B > </B
> >
If you are using an alternate Mail Transport Agent (MTA other than If you are using an alternate <A
sendmail), make sure the options given in the "processmail" and other HREF="#gloss-mta"
scripts for all ><I
instances of "sendmail" are correct for your MTA. CLASS="glossterm"
>MTA</I
></A
>,
make sure the options given in <TT
CLASS="filename"
>Bugzilla/BugMail.pm</TT
>
and any other place where <SPAN
CLASS="application"
>sendmail</SPAN
> is called from
are correct for your MTA. You should also ensure that the
<TT
CLASS="option"
>sendmailnow</TT
> param is set to <TT
CLASS="literal"
>on</TT
>.
</P </P
><P ><P
>&#13; If you are using Sendmail, try enabling "sendmailnow" in editparams.cgi. >&#13; If you are using <SPAN
If you are using Postfix, you will also need to enable <SPAN CLASS="application"
CLASS="QUOTE" >sendmail</SPAN
>"sendmailnow"</SPAN >, try enabling
<TT
CLASS="option"
>sendmailnow</TT
> in <TT
CLASS="filename"
>editparams.cgi</TT
>. >.
</P </P
></DIV ></DIV
></DIV ></DIV
...@@ -10622,7 +10583,7 @@ CLASS="qandaentry" ...@@ -10622,7 +10583,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1879" NAME="faq-email-nonreceived"
></A ></A
><B ><B
>A.4.7. </B >A.4.7. </B
...@@ -10662,7 +10623,7 @@ CLASS="qandaentry" ...@@ -10662,7 +10623,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1887" NAME="faq-db-oracle"
></A ></A
><B ><B
>A.5.1. </B >A.5.1. </B
...@@ -10690,7 +10651,7 @@ CLASS="qandaentry" ...@@ -10690,7 +10651,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1892" NAME="faq-db-corrupted"
></A ></A
><B ><B
>A.5.2. </B >A.5.2. </B
...@@ -10737,7 +10698,7 @@ CLASS="qandaentry" ...@@ -10737,7 +10698,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1900" NAME="faq-db-manualedit"
></A ></A
><B ><B
>A.5.3. </B >A.5.3. </B
...@@ -10778,7 +10739,7 @@ CLASS="qandaentry" ...@@ -10778,7 +10739,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1908" NAME="faq-db-permissions"
></A ></A
><B ><B
>A.5.4. </B >A.5.4. </B
...@@ -10839,7 +10800,7 @@ CLASS="qandaentry" ...@@ -10839,7 +10800,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1916" NAME="faq-db-synchronize"
></A ></A
><B ><B
>A.5.5. </B >A.5.5. </B
...@@ -10885,7 +10846,7 @@ CLASS="qandaentry" ...@@ -10885,7 +10846,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1925" NAME="faq-nt-easiest"
></A ></A
><B ><B
>A.6.1. </B >A.6.1. </B
...@@ -10910,7 +10871,7 @@ CLASS="qandaentry" ...@@ -10910,7 +10871,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1930" NAME="faq-nt-bundle"
></A ></A
><B ><B
>A.6.2. </B >A.6.2. </B
...@@ -10936,7 +10897,7 @@ CLASS="qandaentry" ...@@ -10936,7 +10897,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1935" NAME="faq-nt-mappings"
></A ></A
><B ><B
>A.6.3. </B >A.6.3. </B
...@@ -10959,7 +10920,7 @@ CLASS="answer" ...@@ -10959,7 +10920,7 @@ CLASS="answer"
><P ><P
>&#13; Microsoft has some advice on this matter, as well: >&#13; Microsoft has some advice on this matter, as well:
<A <A
NAME="AEN1940" NAME="AEN1977"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -10984,7 +10945,7 @@ CLASS="qandaentry" ...@@ -10984,7 +10945,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1943" NAME="faq-nt-dbi"
></A ></A
><B ><B
>A.6.4. </B >A.6.4. </B
...@@ -11061,7 +11022,7 @@ CLASS="qandaentry" ...@@ -11061,7 +11022,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1964" NAME="faq-use-changeaddress"
></A ></A
><B ><B
>A.7.1. </B >A.7.1. </B
...@@ -11086,7 +11047,7 @@ CLASS="qandaentry" ...@@ -11086,7 +11047,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1969" NAME="faq-use-query"
></A ></A
><B ><B
>A.7.2. </B >A.7.2. </B
...@@ -11112,7 +11073,7 @@ CLASS="qandaentry" ...@@ -11112,7 +11073,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1974" NAME="faq-use-accept"
></A ></A
><B ><B
>A.7.3. </B >A.7.3. </B
...@@ -11167,7 +11128,7 @@ CLASS="qandaentry" ...@@ -11167,7 +11128,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1984" NAME="faq-use-attachment"
></A ></A
><B ><B
>A.7.4. </B >A.7.4. </B
...@@ -11194,7 +11155,7 @@ CLASS="qandaentry" ...@@ -11194,7 +11155,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1989" NAME="faq-use-keyword"
></A ></A
><B ><B
>A.7.5. </B >A.7.5. </B
...@@ -11228,7 +11189,7 @@ CLASS="qandaentry" ...@@ -11228,7 +11189,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1996" NAME="faq-hacking-templatestyle"
></A ></A
><B ><B
>A.8.1. </B >A.8.1. </B
...@@ -11287,7 +11248,7 @@ CLASS="qandaentry" ...@@ -11287,7 +11248,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2004" NAME="faq-hacking-bugzillabugs"
></A ></A
><B ><B
>A.8.2. </B >A.8.2. </B
...@@ -11333,7 +11294,7 @@ CLASS="qandaentry" ...@@ -11333,7 +11294,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2013" NAME="faq-hacking-priority"
></A ></A
><B ><B
>A.8.3. </B >A.8.3. </B
...@@ -11365,7 +11326,7 @@ CLASS="qandaentry" ...@@ -11365,7 +11326,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2019" NAME="faq-hacking-patches"
></A ></A
><B ><B
>A.8.4. </B >A.8.4. </B
...@@ -11589,7 +11550,7 @@ CLASS="section" ...@@ -11589,7 +11550,7 @@ CLASS="section"
><HR><H2 ><HR><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN2062" NAME="AEN2099"
></A ></A
>B.2.1. Bugzilla Database Basics</H2 >B.2.1. Bugzilla Database Basics</H2
><P ><P
...@@ -11705,7 +11666,7 @@ CLASS="section" ...@@ -11705,7 +11666,7 @@ CLASS="section"
><HR><H3 ><HR><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN2089" NAME="AEN2126"
></A ></A
>B.2.1.1. Bugzilla Database Tables</H3 >B.2.1.1. Bugzilla Database Tables</H3
><P ><P
...@@ -12125,7 +12086,7 @@ CLASS="section" ...@@ -12125,7 +12086,7 @@ CLASS="section"
><HR><H1 ><HR><H1
CLASS="section" CLASS="section"
><A ><A
NAME="rhbugzilla" NAME="variant-redhat"
></A ></A
>D.1. Red Hat Bugzilla</H1 >D.1. Red Hat Bugzilla</H1
><P ><P
...@@ -12185,7 +12146,7 @@ NAME="variant-issuezilla" ...@@ -12185,7 +12146,7 @@ NAME="variant-issuezilla"
at tigris.org is their Java-based bug-tracker, at tigris.org is their Java-based bug-tracker,
<A <A
HREF="#variant-scarab" HREF="#variant-scarab"
>Scarab</A >Section D.4</A
>.</P >.</P
><P ><P
>This section last updated 27 Jul 2002</P >This section last updated 27 Jul 2002</P
...@@ -12273,7 +12234,7 @@ NAME="gfdl" ...@@ -12273,7 +12234,7 @@ NAME="gfdl"
><P ><P
>Version 1.1, March 2000</P >Version 1.1, March 2000</P
><A ><A
NAME="AEN2177" NAME="AEN2214"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -12738,7 +12699,7 @@ NAME="gfdl-howto" ...@@ -12738,7 +12699,7 @@ NAME="gfdl-howto"
of the License in the document and put the following copyright and of the License in the document and put the following copyright and
license notices just after the title page:</P license notices just after the title page:</P
><A ><A
NAME="AEN2267" NAME="AEN2304"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -12775,7 +12736,7 @@ CLASS="glossdiv" ...@@ -12775,7 +12736,7 @@ CLASS="glossdiv"
><H1 ><H1
CLASS="glossdiv" CLASS="glossdiv"
><A ><A
NAME="AEN2272" NAME="AEN2309"
></A ></A
>0-9, high ascii</H1 >0-9, high ascii</H1
><DL ><DL
...@@ -13190,21 +13151,78 @@ NAME="gloss-m" ...@@ -13190,21 +13151,78 @@ NAME="gloss-m"
>M</H1 >M</H1
><DL ><DL
><DT ><DT
><A
NAME="gloss-mta"
></A
><B
>Message Transport Agent</B
></DT
> (MTA)<DD
><P
>A Message Transport Agent is used to control the flow of email
on a system. Many unix based systems use
<A
HREF="http://www.sendmail.org"
TARGET="_top"
>sendmail</A
> which is what
Bugzilla expects to find by default at <TT
CLASS="filename"
>/usr/sbin/sendmail</TT
>.
Many other MTA's will work, but they all require that the
<TT
CLASS="option"
>sendmailnow</TT
> param be set to <TT
CLASS="literal"
>on</TT
>.
</P
></DD
><DT
><A
NAME="gloss-mysql"
></A
><B ><B
>mysqld</B >MySQL</B
></DT ></DT
><DD ><DD
><P ><P
>mysqld is the name of the >MySQL is currently the required
<I <A
HREF="#gloss-rdbms"
><I
CLASS="glossterm" CLASS="glossterm"
>daemon</I >RDBMS</I
> ></A
> for Bugzilla. MySQL
for the MySQL database. In general, it is invoked automatically can be downloaded from <A
through the use of the System V init scripts on GNU/Linux and HREF="http://www.mysql.com"
AT&#38;T System V-based systems, such as Solaris and HP/UX, or TARGET="_top"
through the RC scripts on BSD-based systems.</P >http://www.mysql.com</A
>. While you
should familiarize yourself with all of the documentation, some high
points are:
</P
><P
></P
><UL
><LI
><P
><A
HREF="http://www.mysql.com/doc/P/r/Privilege_system.html"
TARGET="_top"
>MySQL
Privilege System</A
> - Much more detailed information about
the suggestions in <A
HREF="#security-mysql"
>Section 5.6.2</A
>.
</P
></LI
></UL
></DD ></DD
></DL ></DL
></DIV ></DIV
...@@ -13298,6 +13316,30 @@ CLASS="glossdiv" ...@@ -13298,6 +13316,30 @@ CLASS="glossdiv"
><H1 ><H1
CLASS="glossdiv" CLASS="glossdiv"
><A ><A
NAME="gloss-r"
></A
>R</H1
><DL
><DT
><A
NAME="gloss-rdbms"
></A
><B
>Relational DataBase Managment System</B
></DT
> (RDBMS)<DD
><P
>A relational database management system is a database system
that stores information in tables that are related to each other.
</P
></DD
></DL
></DIV
><DIV
CLASS="glossdiv"
><H1
CLASS="glossdiv"
><A
NAME="gloss-s" NAME="gloss-s"
></A ></A
>S</H1 >S</H1
......
docs/html/about.html
View file @ cf24e428
...@@ -7,10 +7,10 @@ NAME="GENERATOR" ...@@ -7,10 +7,10 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="NEXT" REL="NEXT"
TITLE="Copyright Information" TITLE="Copyright Information"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -151,7 +151,7 @@ ACCESSKEY="N" ...@@ -151,7 +151,7 @@ ACCESSKEY="N"
WIDTH="33%" WIDTH="33%"
ALIGN="left" ALIGN="left"
VALIGN="top" VALIGN="top"
>The Bugzilla Guide</TD >The Bugzilla Guide - 2.17.4 Development Release</TD
><TD ><TD
WIDTH="34%" WIDTH="34%"
ALIGN="center" ALIGN="center"
......
docs/html/administration.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Troubleshooting" TITLE="Troubleshooting"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -147,6 +147,30 @@ HREF="groups.html" ...@@ -147,6 +147,30 @@ HREF="groups.html"
HREF="security.html" HREF="security.html"
>Bugzilla Security</A >Bugzilla Security</A
></DT ></DT
><DD
><DL
><DT
>5.6.1. <A
HREF="security.html#security-networking"
>TCP/IP Ports</A
></DT
><DT
>5.6.2. <A
HREF="security.html#security-mysql"
>MySQL</A
></DT
><DT
>5.6.3. <A
HREF="security.html#security-daemon"
>Daemon Accounts</A
></DT
><DT
>5.6.4. <A
HREF="security.html#security-access"
>Web Server Access Controls</A
></DT
></DL
></DD
><DT ><DT
>5.7. <A >5.7. <A
HREF="cust-templates.html" HREF="cust-templates.html"
...@@ -156,22 +180,22 @@ HREF="cust-templates.html" ...@@ -156,22 +180,22 @@ HREF="cust-templates.html"
><DL ><DL
><DT ><DT
>5.7.1. <A >5.7.1. <A
HREF="cust-templates.html#AEN1413" HREF="cust-templates.html#AEN1443"
>What to Edit</A >What to Edit</A
></DT ></DT
><DT ><DT
>5.7.2. <A >5.7.2. <A
HREF="cust-templates.html#AEN1432" HREF="cust-templates.html#AEN1462"
>How To Edit Templates</A >How To Edit Templates</A
></DT ></DT
><DT ><DT
>5.7.3. <A >5.7.3. <A
HREF="cust-templates.html#AEN1442" HREF="cust-templates.html#AEN1472"
>Template Formats</A >Template Formats</A
></DT ></DT
><DT ><DT
>5.7.4. <A >5.7.4. <A
HREF="cust-templates.html#AEN1455" HREF="cust-templates.html#AEN1485"
>Particular Templates</A >Particular Templates</A
></DT ></DT
></DL ></DL
......
docs/html/cmdline.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Useful Patches and Utilities for Bugzilla" TITLE="Useful Patches and Utilities for Bugzilla"
...@@ -40,7 +40,7 @@ CELLSPACING="0" ...@@ -40,7 +40,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/conventions.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="About This Guide" TITLE="About This Guide"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -81,7 +81,7 @@ NAME="conventions" ...@@ -81,7 +81,7 @@ NAME="conventions"
><DIV ><DIV
CLASS="informaltable" CLASS="informaltable"
><A ><A
NAME="AEN80" NAME="AEN110"
></A ></A
><P ><P
></P ></P
......
docs/html/copyright.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="About This Guide" TITLE="About This Guide"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -77,7 +77,7 @@ NAME="copyright" ...@@ -77,7 +77,7 @@ NAME="copyright"
></A ></A
>1.1. Copyright Information</H1 >1.1. Copyright Information</H1
><A ><A
NAME="AEN34" NAME="AEN33"
></A ></A
><TABLE ><TABLE
BORDER="0" BORDER="0"
......
docs/html/credits.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="About This Guide" TITLE="About This Guide"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -83,66 +83,115 @@ NAME="credits" ...@@ -83,66 +83,115 @@ NAME="credits"
contribution to the Bugzilla community: contribution to the Bugzilla community:
</P </P
><P ><P
>&#13; <A ></P
HREF="mailto://mbarnson@sisna.com" ><DIV
TARGET="_top" CLASS="variablelist"
>Matthew P. Barnson</A ><DL
> ><DT
for the Herculaean task of pulling together the Bugzilla Guide and >Matthew P. Barnson <TT
shepherding it to 2.14. CLASS="email"
>&#60;<A
HREF="mailto:mbarnson@sisna.com"
>mbarnson@sisna.com</A
>&#62;</TT
></DT
><DD
><P
>for the Herculaean task of pulling together the Bugzilla Guide
and shepherding it to 2.14.
</P </P
></DD
><DT
>Terry Weissman <TT
CLASS="email"
>&#60;<A
HREF="mailto:terry@mozilla.org"
>terry@mozilla.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for initially writing Bugzilla and creating the README upon
HREF="mailto://terry@mozilla.org" which the UNIX installation documentation is largely based.
TARGET="_top"
>Terry Weissman</A
>
for initially writing Bugzilla and creating the
README upon which the UNIX installation documentation is largely based.
</P </P
></DD
><DT
>Tara Hernandez <TT
CLASS="email"
>&#60;<A
HREF="mailto:tara@tequilarists.org"
>tara@tequilarists.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for keeping Bugzilla development going strong after Terry left
HREF="mailto://tara@tequilarista.org" mozilla.org and for running landfill.
TARGET="_top"
>Tara Hernandez</A
>
for keeping Bugzilla development going
strong after Terry left mozilla.org
</P </P
></DD
><DT
>Dave Lawrence <TT
CLASS="email"
>&#60;<A
HREF="mailto:dkl@redhat.com"
>dkl@redhat.com</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for providing insight into the key differences between Red
HREF="mailto://dkl@redhat.com" Hat's customized Bugzilla, and being largely responsible for
TARGET="_top" <A
>Dave Lawrence</A HREF="variant-redhat.html"
> >Section D.1</A
for providing insight into the key differences between Red Hat's >.
customized Bugzilla, and being largely responsible for the "Red
Hat Bugzilla" appendix
</P </P
></DD
><DT
>Dawn Endico <TT
CLASS="email"
>&#60;<A
HREF="mailto:endico@mozilla.org"
>endico@mozilla.org</A
>&#62;</TT
></DT
><DD
><P ><P
>&#13; <A >for being a hacker extraordinaire and putting up with Matthew's
HREF="mailto://endico@mozilla.org" incessant questions and arguments on irc.mozilla.org in #mozwebtools
TARGET="_top"
>Dawn Endico</A
> for
being a hacker extraordinaire and putting up with my incessant
questions and arguments on irc.mozilla.org in #mozwebtools
</P </P
></DD
><DT
>Jacob Steenhagen <TT
CLASS="email"
>&#60;<A
HREF="mailto:jake@bugzilla.org"
>jake@bugzilla.org</A
>&#62;</TT
></DT
><DD
><P
>for taking over documentation during the 2.17 development
period.
</P
></DD
></DL
></DIV
><P ><P
>&#13; Last but not least, all the members of the >&#13; Last but not least, all the members of the
<A <A
HREF="news://news.mozilla.org/netscape/public/mozilla/webtools" HREF="news://news.mozilla.org/netscape/public/mozilla/webtools"
TARGET="_top" TARGET="_top"
> netscape.public.mozilla.webtools</A >news://news.mozilla.org/netscape/public/mozilla/webtools</A
> newsgroup. Without your discussions, insight, suggestions, and patches, this could never have happened. >
newsgroup. Without your discussions, insight, suggestions, and patches,
this could never have happened.
</P </P
><P ><P
>&#13; Thanks also go to the following people for significant contributions >&#13; Thanks also go to the following people for significant contributions
to this documentation (in no particular order): to this documentation (in alphabetical order):
</P Andrew Pearson, Ben FrantzDale, Eric Hanson, Gervase Markham, Joe Robins, Kevin Brannen, Ron Teitelbaum, Spencer Smith, Zach Liption
><P .
>&#13; Zach Liption, Andrew Pearson, Spencer Smith, Eric Hanson, Kevin Brannen,
Ron Teitelbaum, Jacob Steenhagen, Joe Robins, Gervase Markham.
</P </P
></DIV ></DIV
><DIV ><DIV
......
docs/html/cust-change-permissions.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/cust-templates.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -99,7 +99,7 @@ CLASS="section" ...@@ -99,7 +99,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1413" NAME="AEN1443"
></A ></A
>5.7.1. What to Edit</H2 >5.7.1. What to Edit</H2
><P ><P
...@@ -214,7 +214,7 @@ CLASS="section" ...@@ -214,7 +214,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1432" NAME="AEN1462"
></A ></A
>5.7.2. How To Edit Templates</H2 >5.7.2. How To Edit Templates</H2
><P ><P
...@@ -296,7 +296,7 @@ CLASS="section" ...@@ -296,7 +296,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1442" NAME="AEN1472"
></A ></A
>5.7.3. Template Formats</H2 >5.7.3. Template Formats</H2
><P ><P
...@@ -358,7 +358,7 @@ CLASS="section" ...@@ -358,7 +358,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1455" NAME="AEN1485"
></A ></A
>5.7.4. Particular Templates</H2 >5.7.4. Particular Templates</H2
><P ><P
......
docs/html/database.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="The Bugzilla FAQ" TITLE="The Bugzilla FAQ"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/dbdoc.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="The Bugzilla Database" TITLE="The Bugzilla Database"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -135,7 +135,7 @@ CLASS="section" ...@@ -135,7 +135,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN2062" NAME="AEN2099"
></A ></A
>B.2.1. Bugzilla Database Basics</H2 >B.2.1. Bugzilla Database Basics</H2
><P ><P
...@@ -251,7 +251,7 @@ CLASS="section" ...@@ -251,7 +251,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN2089" NAME="AEN2126"
></A ></A
>B.2.1.1. Bugzilla Database Tables</H3 >B.2.1.1. Bugzilla Database Tables</H3
><P ><P
......
docs/html/dbmodify.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="The Bugzilla Database" TITLE="The Bugzilla Database"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/disclaimer.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="About This Guide" TITLE="About This Guide"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/extraconfig.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Installation" TITLE="Installation"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -81,7 +81,7 @@ CLASS="section" ...@@ -81,7 +81,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN755" NAME="AEN719"
></A ></A
>4.2.1. Dependency Charts</H2 >4.2.1. Dependency Charts</H2
><P ><P
...@@ -145,7 +145,7 @@ CLASS="section" ...@@ -145,7 +145,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN770" NAME="AEN734"
></A ></A
>4.2.2. Bug Graphs</H2 >4.2.2. Bug Graphs</H2
><P ><P
...@@ -204,7 +204,7 @@ CLASS="section" ...@@ -204,7 +204,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN783" NAME="AEN747"
></A ></A
>4.2.3. The Whining Cron</H2 >4.2.3. The Whining Cron</H2
><P ><P
...@@ -542,181 +542,9 @@ CLASS="section" ...@@ -542,181 +542,9 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="htaccess"
></A
>4.2.6. <TT
CLASS="filename"
>.htaccess</TT
>
files and security</H2
><P
>To enhance the security of your Bugzilla installation, Bugzilla's
<TT
CLASS="filename"
>checksetup.pl</TT
> script will generate
<I
CLASS="glossterm"
>&#13; <TT
CLASS="filename"
>.htaccess</TT
>
</I
>
files which the Apache webserver can use to restrict access to the
bugzilla data files.
These .htaccess files will not work with Apache 1.2.x - but this
has security holes, so you shouldn't be using it anyway.
<DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If you are using an alternate provider of
<SPAN
CLASS="productname"
>webdot</SPAN
>
services for graphing (as described when viewing
<TT
CLASS="filename"
>editparams.cgi</TT
>
in your web browser), you will need to change the ip address in
<TT
CLASS="filename"
>data/webdot/.htaccess</TT
>
to the ip address of the webdot server that you are using.</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
>The default .htaccess file may not provide adequate access
restrictions, depending on your web server configuration. Be sure to
check the &#60;Directory&#62; entries for your Bugzilla directory so that
the
<TT
CLASS="filename"
>.htaccess</TT
>
file is allowed to override web server defaults. For instance, let's
assume your installation of Bugzilla is installed to
<TT
CLASS="filename"
>/usr/local/bugzilla</TT
>
. You should have this &#60;Directory&#62; entry in your
<TT
CLASS="filename"
>httpd.conf</TT
>
file:</P
><P
>&#13;
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;&#60;Directory /usr/local/bugzilla/&#62;
Options +FollowSymLinks +Indexes +Includes +ExecCGI
AllowOverride All
&#60;/Directory&#62;
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
>The important part above is
<SPAN
CLASS="QUOTE"
>"AllowOverride All"</SPAN
>
. Without that, the
<TT
CLASS="filename"
>.htaccess</TT
>
file created by
<TT
CLASS="filename"
>checksetup.pl</TT
>
will not have sufficient permissions to protect your Bugzilla
installation.</P
><P
>If you are using Internet Information Server (IIS) or another
web server which does not observe
<TT
CLASS="filename"
>.htaccess</TT
>
conventions, you can disable their creation by editing
<TT
CLASS="filename"
>localconfig</TT
>
and setting the
<TT
CLASS="varname"
>$create_htaccess</TT
>
variable to
<TT
CLASS="parameter"
><I
>0</I
></TT
>.
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="directoryindex" NAME="directoryindex"
></A ></A
>4.2.7. <TT >4.2.6. <TT
CLASS="filename" CLASS="filename"
>directoryindex</TT >directoryindex</TT
> for the Bugzilla default page.</H2 > for the Bugzilla default page.</H2
...@@ -743,7 +571,7 @@ CLASS="section" ...@@ -743,7 +571,7 @@ CLASS="section"
><A ><A
NAME="mod_perl" NAME="mod_perl"
></A ></A
>4.2.8. Bugzilla and <TT >4.2.7. Bugzilla and <TT
CLASS="filename" CLASS="filename"
>mod_perl</TT >mod_perl</TT
></H2 ></H2
...@@ -760,7 +588,7 @@ CLASS="section" ...@@ -760,7 +588,7 @@ CLASS="section"
><A ><A
NAME="mod-throttle" NAME="mod-throttle"
></A ></A
>4.2.9. <TT >4.2.8. <TT
CLASS="filename" CLASS="filename"
>mod_throttle</TT >mod_throttle</TT
> >
......
docs/html/faq.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Integrating Bugzilla with Third-Party Tools" TITLE="Integrating Bugzilla with Third-Party Tools"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -87,64 +87,64 @@ HREF="faq.html#faq-general" ...@@ -87,64 +87,64 @@ HREF="faq.html#faq-general"
><DL ><DL
><DT ><DT
>A.1.1. <A >A.1.1. <A
HREF="faq.html#AEN1617" HREF="faq.html#faq-general-information"
>&#13; Where can I find information about Bugzilla?</A >&#13; Where can I find information about Bugzilla?</A
></DT ></DT
><DT ><DT
>A.1.2. <A >A.1.2. <A
HREF="faq.html#AEN1623" HREF="faq.html#faq-general-license"
>&#13; What license is Bugzilla distributed under? >&#13; What license is Bugzilla distributed under?
</A </A
></DT ></DT
><DT ><DT
>A.1.3. <A >A.1.3. <A
HREF="faq.html#AEN1629" HREF="faq.html#faq-general-support"
>&#13; How do I get commercial support for Bugzilla? >&#13; How do I get commercial support for Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.1.4. <A >A.1.4. <A
HREF="faq.html#AEN1638" HREF="faq.html#faq-general-companies"
>&#13; What major companies or projects are currently using Bugzilla >&#13; What major companies or projects are currently using Bugzilla
for bug-tracking? for bug-tracking?
</A </A
></DT ></DT
><DT ><DT
>A.1.5. <A >A.1.5. <A
HREF="faq.html#AEN1662" HREF="faq.html#faq-general-maintainers"
>&#13; Who maintains Bugzilla? >&#13; Who maintains Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.1.6. <A >A.1.6. <A
HREF="faq.html#AEN1668" HREF="faq.html#faq-general-compare"
>&#13; How does Bugzilla stack up against other bug-tracking databases? >&#13; How does Bugzilla stack up against other bug-tracking databases?
</A </A
></DT ></DT
><DT ><DT
>A.1.7. <A >A.1.7. <A
HREF="faq.html#AEN1674" HREF="faq.html#faq-general-bzmissing"
>&#13; Why doesn't Bugzilla offer this or that feature or compatibility >&#13; Why doesn't Bugzilla offer this or that feature or compatibility
with this other tracking software? with this other tracking software?
</A </A
></DT ></DT
><DT ><DT
>A.1.8. <A >A.1.8. <A
HREF="faq.html#AEN1681" HREF="faq.html#faq-general-mysql"
>&#13; Why MySQL? I'm interested in seeing Bugzilla run on >&#13; Why MySQL? I'm interested in seeing Bugzilla run on
Oracle/Sybase/Msql/PostgreSQL/MSSQL. Oracle/Sybase/Msql/PostgreSQL/MSSQL.
</A </A
></DT ></DT
><DT ><DT
>A.1.9. <A >A.1.9. <A
HREF="faq.html#AEN1690" HREF="faq.html#faq-general-bonsaitools"
>&#13; Why do the scripts say "/usr/bonsaitools/bin/perl" instead of >&#13; Why do the scripts say "/usr/bonsaitools/bin/perl" instead of
"/usr/bin/perl" or something else? "/usr/bin/perl" or something else?
</A </A
></DT ></DT
><DT ><DT
>A.1.10. <A >A.1.10. <A
HREF="faq.html#AEN1696" HREF="faq.html#faq-general-cookie"
>&#13; Is there an easy way to change the Bugzilla cookie name? >&#13; Is there an easy way to change the Bugzilla cookie name?
</A </A
></DT ></DT
...@@ -159,41 +159,41 @@ HREF="faq.html#faq-phb" ...@@ -159,41 +159,41 @@ HREF="faq.html#faq-phb"
><DL ><DL
><DT ><DT
>A.2.1. <A >A.2.1. <A
HREF="faq.html#AEN1706" HREF="faq.html#faq-phb-client"
>&#13; Is Bugzilla web-based, or do you have to have specific software or >&#13; Is Bugzilla web-based, or do you have to have specific software or
a specific operating system on your machine? a specific operating system on your machine?
</A </A
></DT ></DT
><DT ><DT
>A.2.2. <A >A.2.2. <A
HREF="faq.html#AEN1711" HREF="faq.html#faq-phb-integration"
>&#13; Can Bugzilla integrate with >&#13; Can Bugzilla integrate with
Perforce (SCM software)? Perforce (SCM software)?
</A </A
></DT ></DT
><DT ><DT
>A.2.3. <A >A.2.3. <A
HREF="faq.html#AEN1716" HREF="faq.html#faq-phb-projects"
>&#13; Does Bugzilla allow the user to track multiple projects? >&#13; Does Bugzilla allow the user to track multiple projects?
</A </A
></DT ></DT
><DT ><DT
>A.2.4. <A >A.2.4. <A
HREF="faq.html#AEN1721" HREF="faq.html#faq-phb-sorting"
>&#13; If I am on many projects, and search for all bugs assigned to me, will >&#13; If I am on many projects, and search for all bugs assigned to me, will
Bugzilla list them for me and allow me to sort by project, severity etc? Bugzilla list them for me and allow me to sort by project, severity etc?
</A </A
></DT ></DT
><DT ><DT
>A.2.5. <A >A.2.5. <A
HREF="faq.html#AEN1726" HREF="faq.html#faq-phb-attachments"
>&#13; Does Bugzilla allow attachments (text, screenshots, URLs etc)? If yes, >&#13; Does Bugzilla allow attachments (text, screenshots, URLs etc)? If yes,
are there any that are NOT allowed? are there any that are NOT allowed?
</A </A
></DT ></DT
><DT ><DT
>A.2.6. <A >A.2.6. <A
HREF="faq.html#AEN1731" HREF="faq.html#faq-phb-priorities"
>&#13; Does Bugzilla allow us to define our own priorities and levels? Do we >&#13; Does Bugzilla allow us to define our own priorities and levels? Do we
have complete freedom to change the labels of fields and format of them, and have complete freedom to change the labels of fields and format of them, and
the choice of acceptable values? the choice of acceptable values?
...@@ -201,35 +201,35 @@ HREF="faq.html#AEN1731" ...@@ -201,35 +201,35 @@ HREF="faq.html#AEN1731"
></DT ></DT
><DT ><DT
>A.2.7. <A >A.2.7. <A
HREF="faq.html#AEN1738" HREF="faq.html#faq-phb-reporting"
>&#13; Does Bugzilla provide any reporting features, metrics, graphs, etc? You >&#13; Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :) know, the type of stuff that management likes to see. :)
</A </A
></DT ></DT
><DT ><DT
>A.2.8. <A >A.2.8. <A
HREF="faq.html#AEN1745" HREF="faq.html#faq-phb-email"
>&#13; Is there email notification and if so, what do you see when you get an >&#13; Is there email notification and if so, what do you see when you get an
email? email?
</A </A
></DT ></DT
><DT ><DT
>A.2.9. <A >A.2.9. <A
HREF="faq.html#AEN1750" HREF="faq.html#faq-phb-cclist"
>&#13; Can email notification be set up to send to multiple >&#13; Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc? people, some on the To List, CC List, BCC List etc?
</A </A
></DT ></DT
><DT ><DT
>A.2.10. <A >A.2.10. <A
HREF="faq.html#AEN1755" HREF="faq.html#faq-phb-emailapp"
>&#13; Do users have to have any particular >&#13; Do users have to have any particular
type of email application? type of email application?
</A </A
></DT ></DT
><DT ><DT
>A.2.11. <A >A.2.11. <A
HREF="faq.html#AEN1762" HREF="faq.html#faq-phb-data"
>&#13; Does Bugzilla allow data to be imported and exported? If I had outsiders >&#13; Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query imported into "matching" fields? If I wanted to take the results of a query
...@@ -238,28 +238,28 @@ HREF="faq.html#AEN1762" ...@@ -238,28 +238,28 @@ HREF="faq.html#AEN1762"
></DT ></DT
><DT ><DT
>A.2.12. <A >A.2.12. <A
HREF="faq.html#AEN1774" HREF="faq.html#faq-phb-l10n"
>&#13; Has anyone converted Bugzilla to another language to be used in other >&#13; Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable? countries? Is it localizable?
</A </A
></DT ></DT
><DT ><DT
>A.2.13. <A >A.2.13. <A
HREF="faq.html#AEN1781" HREF="faq.html#faq-phb-reports"
>&#13; Can a user create and save reports? Can they do this in Word format? >&#13; Can a user create and save reports? Can they do this in Word format?
Excel format? Excel format?
</A </A
></DT ></DT
><DT ><DT
>A.2.14. <A >A.2.14. <A
HREF="faq.html#AEN1786" HREF="faq.html#faq-phb-searching"
>&#13; Does Bugzilla have the ability to search by word, phrase, compound >&#13; Does Bugzilla have the ability to search by word, phrase, compound
search? search?
</A </A
></DT ></DT
><DT ><DT
>A.2.15. <A >A.2.15. <A
HREF="faq.html#AEN1791" HREF="faq.html#faq-phb-midair"
>&#13; Does Bugzilla provide record locking when there is simultaneous access >&#13; Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use to the same bug? Does the second person get a notice that the bug is in use
or how are they notified? or how are they notified?
...@@ -267,19 +267,19 @@ HREF="faq.html#AEN1791" ...@@ -267,19 +267,19 @@ HREF="faq.html#AEN1791"
></DT ></DT
><DT ><DT
>A.2.16. <A >A.2.16. <A
HREF="faq.html#AEN1796" HREF="faq.html#faq-phb-backup"
>&#13; Are there any backup features provided? >&#13; Are there any backup features provided?
</A </A
></DT ></DT
><DT ><DT
>A.2.17. <A >A.2.17. <A
HREF="faq.html#AEN1802" HREF="faq.html#faq-phb-livebackup"
>&#13; Can users be on the system while a backup is in progress? >&#13; Can users be on the system while a backup is in progress?
</A </A
></DT ></DT
><DT ><DT
>A.2.18. <A >A.2.18. <A
HREF="faq.html#AEN1807" HREF="faq.html#faq-phb-maintenance"
>&#13; What type of human resources are needed to be on staff to install and >&#13; What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of have? I need to find out if we were to go with Bugzilla, what types of
...@@ -289,7 +289,7 @@ HREF="faq.html#AEN1807" ...@@ -289,7 +289,7 @@ HREF="faq.html#AEN1807"
></DT ></DT
><DT ><DT
>A.2.19. <A >A.2.19. <A
HREF="faq.html#AEN1813" HREF="faq.html#faq-phb-installtime"
>&#13; What time frame are we looking at if we decide to hire people to install >&#13; What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this install and a couple of hours per week to maintain and customize or is this
...@@ -299,7 +299,7 @@ HREF="faq.html#AEN1813" ...@@ -299,7 +299,7 @@ HREF="faq.html#AEN1813"
></DT ></DT
><DT ><DT
>A.2.20. <A >A.2.20. <A
HREF="faq.html#AEN1818" HREF="faq.html#faq-phb-cost"
>&#13; Is there any licensing fee or other fees for using Bugzilla? Any >&#13; Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above? out-of-pocket cost other than the bodies needed as identified above?
</A </A
...@@ -315,20 +315,20 @@ HREF="faq.html#faq-security" ...@@ -315,20 +315,20 @@ HREF="faq.html#faq-security"
><DL ><DL
><DT ><DT
>A.3.1. <A >A.3.1. <A
HREF="faq.html#AEN1825" HREF="faq.html#faq-security-mysql"
>&#13; How do I completely disable MySQL security if it's giving me problems >&#13; How do I completely disable MySQL security if it's giving me problems
(I've followed the instructions in the installation section of this guide)? (I've followed the instructions in the installation section of this guide)?
</A </A
></DT ></DT
><DT ><DT
>A.3.2. <A >A.3.2. <A
HREF="faq.html#AEN1831" HREF="faq.html#faq-security-knownproblems"
>&#13; Are there any security problems with Bugzilla? >&#13; Are there any security problems with Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.3.3. <A >A.3.3. <A
HREF="faq.html#AEN1836" HREF="faq.html#faq-security-mysqluser"
>&#13; I've implemented the security fixes mentioned in Chris Yeh's security >&#13; I've implemented the security fixes mentioned in Chris Yeh's security
advisory of 5/10/2000 advising not to run MySQL as root, and am running into advisory of 5/10/2000 advising not to run MySQL as root, and am running into
problems with MySQL no longer working correctly. problems with MySQL no longer working correctly.
...@@ -345,48 +345,48 @@ HREF="faq.html#faq-email" ...@@ -345,48 +345,48 @@ HREF="faq.html#faq-email"
><DL ><DL
><DT ><DT
>A.4.1. <A >A.4.1. <A
HREF="faq.html#AEN1843" HREF="faq.html#faq-email-nomail"
>&#13; I have a user who doesn't want to receive any more email from Bugzilla. >&#13; I have a user who doesn't want to receive any more email from Bugzilla.
How do I stop it entirely for this user? How do I stop it entirely for this user?
</A </A
></DT ></DT
><DT ><DT
>A.4.2. <A >A.4.2. <A
HREF="faq.html#AEN1849" HREF="faq.html#faq-email-testing"
>&#13; I'm evaluating/testing Bugzilla, and don't want it to send email to >&#13; I'm evaluating/testing Bugzilla, and don't want it to send email to
anyone but me. How do I do it? anyone but me. How do I do it?
</A </A
></DT ></DT
><DT ><DT
>A.4.3. <A >A.4.3. <A
HREF="faq.html#AEN1854" HREF="faq.html#faq-email-whine"
>&#13; I want whineatnews.pl to whine at something more, or other than, only new >&#13; I want whineatnews.pl to whine at something more, or other than, only new
bugs. How do I do it? bugs. How do I do it?
</A </A
></DT ></DT
><DT ><DT
>A.4.4. <A >A.4.4. <A
HREF="faq.html#AEN1860" HREF="faq.html#faq-email-procmail"
>&#13; I don't like/want to use Procmail to hand mail off to bug_email.pl. >&#13; I don't like/want to use Procmail to hand mail off to bug_email.pl.
What alternatives do I have? What alternatives do I have?
</A </A
></DT ></DT
><DT ><DT
>A.4.5. <A >A.4.5. <A
HREF="faq.html#AEN1867" HREF="faq.html#faq-email-mailif"
>&#13; How do I set up the email interface to submit/change bugs via email? >&#13; How do I set up the email interface to submit/change bugs via email?
</A </A
></DT ></DT
><DT ><DT
>A.4.6. <A >A.4.6. <A
HREF="faq.html#AEN1872" HREF="faq.html#faq-email-sendmailnow"
>&#13; Email takes FOREVER to reach me from Bugzilla -- it's extremely slow. >&#13; Email takes FOREVER to reach me from Bugzilla -- it's extremely slow.
What gives? What gives?
</A </A
></DT ></DT
><DT ><DT
>A.4.7. <A >A.4.7. <A
HREF="faq.html#AEN1879" HREF="faq.html#faq-email-nonreceived"
>&#13; How come email from Bugzilla changes never reaches me? >&#13; How come email from Bugzilla changes never reaches me?
</A </A
></DT ></DT
...@@ -401,33 +401,33 @@ HREF="faq.html#faq-db" ...@@ -401,33 +401,33 @@ HREF="faq.html#faq-db"
><DL ><DL
><DT ><DT
>A.5.1. <A >A.5.1. <A
HREF="faq.html#AEN1887" HREF="faq.html#faq-db-oracle"
>&#13; I've heard Bugzilla can be used with Oracle? >&#13; I've heard Bugzilla can be used with Oracle?
</A </A
></DT ></DT
><DT ><DT
>A.5.2. <A >A.5.2. <A
HREF="faq.html#AEN1892" HREF="faq.html#faq-db-corrupted"
>&#13; I think my database might be corrupted, or contain invalid entries. What >&#13; I think my database might be corrupted, or contain invalid entries. What
do I do? do I do?
</A </A
></DT ></DT
><DT ><DT
>A.5.3. <A >A.5.3. <A
HREF="faq.html#AEN1900" HREF="faq.html#faq-db-manualedit"
>&#13; I want to manually edit some entries in my database. How? >&#13; I want to manually edit some entries in my database. How?
</A </A
></DT ></DT
><DT ><DT
>A.5.4. <A >A.5.4. <A
HREF="faq.html#AEN1908" HREF="faq.html#faq-db-permissions"
>&#13; I think I've set up MySQL permissions correctly, but Bugzilla still can't >&#13; I think I've set up MySQL permissions correctly, but Bugzilla still can't
connect. connect.
</A </A
></DT ></DT
><DT ><DT
>A.5.5. <A >A.5.5. <A
HREF="faq.html#AEN1916" HREF="faq.html#faq-db-synchronize"
>&#13; How do I synchronize bug information among multiple different Bugzilla >&#13; How do I synchronize bug information among multiple different Bugzilla
databases? databases?
</A </A
...@@ -443,26 +443,26 @@ HREF="faq.html#faq-nt" ...@@ -443,26 +443,26 @@ HREF="faq.html#faq-nt"
><DL ><DL
><DT ><DT
>A.6.1. <A >A.6.1. <A
HREF="faq.html#AEN1925" HREF="faq.html#faq-nt-easiest"
>&#13; What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)? >&#13; What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)?
</A </A
></DT ></DT
><DT ><DT
>A.6.2. <A >A.6.2. <A
HREF="faq.html#AEN1930" HREF="faq.html#faq-nt-bundle"
>&#13; Is there a "Bundle::Bugzilla" equivalent for Win32? >&#13; Is there a "Bundle::Bugzilla" equivalent for Win32?
</A </A
></DT ></DT
><DT ><DT
>A.6.3. <A >A.6.3. <A
HREF="faq.html#AEN1935" HREF="faq.html#faq-nt-mappings"
>&#13; CGI's are failing with a "something.cgi is not a valid Windows NT >&#13; CGI's are failing with a "something.cgi is not a valid Windows NT
application" error. Why? application" error. Why?
</A </A
></DT ></DT
><DT ><DT
>A.6.4. <A >A.6.4. <A
HREF="faq.html#AEN1943" HREF="faq.html#faq-nt-dbi"
>&#13; I'm having trouble with the perl modules for NT not being able to talk to >&#13; I'm having trouble with the perl modules for NT not being able to talk to
to the database. to the database.
</A </A
...@@ -478,33 +478,33 @@ HREF="faq.html#faq-use" ...@@ -478,33 +478,33 @@ HREF="faq.html#faq-use"
><DL ><DL
><DT ><DT
>A.7.1. <A >A.7.1. <A
HREF="faq.html#AEN1964" HREF="faq.html#faq-use-changeaddress"
>&#13; How do I change my user name (email address) in Bugzilla? >&#13; How do I change my user name (email address) in Bugzilla?
</A </A
></DT ></DT
><DT ><DT
>A.7.2. <A >A.7.2. <A
HREF="faq.html#AEN1969" HREF="faq.html#faq-use-query"
>&#13; The query page is very confusing. Isn't there a simpler way to query? >&#13; The query page is very confusing. Isn't there a simpler way to query?
</A </A
></DT ></DT
><DT ><DT
>A.7.3. <A >A.7.3. <A
HREF="faq.html#AEN1974" HREF="faq.html#faq-use-accept"
>&#13; I'm confused by the behavior of the "accept" button in the Show Bug form. >&#13; I'm confused by the behavior of the "accept" button in the Show Bug form.
Why doesn't it assign the bug to me when I accept it? Why doesn't it assign the bug to me when I accept it?
</A </A
></DT ></DT
><DT ><DT
>A.7.4. <A >A.7.4. <A
HREF="faq.html#AEN1984" HREF="faq.html#faq-use-attachment"
>&#13; I can't upload anything into the database via the "Create Attachment" >&#13; I can't upload anything into the database via the "Create Attachment"
link. What am I doing wrong? link. What am I doing wrong?
</A </A
></DT ></DT
><DT ><DT
>A.7.5. <A >A.7.5. <A
HREF="faq.html#AEN1989" HREF="faq.html#faq-use-keyword"
>&#13; How do I change a keyword in Bugzilla, once some bugs are using it? >&#13; How do I change a keyword in Bugzilla, once some bugs are using it?
</A </A
></DT ></DT
...@@ -519,26 +519,26 @@ HREF="faq.html#faq-hacking" ...@@ -519,26 +519,26 @@ HREF="faq.html#faq-hacking"
><DL ><DL
><DT ><DT
>A.8.1. <A >A.8.1. <A
HREF="faq.html#AEN1996" HREF="faq.html#faq-hacking-templatestyle"
>&#13; What kind of style should I use for templatization? >&#13; What kind of style should I use for templatization?
</A </A
></DT ></DT
><DT ><DT
>A.8.2. <A >A.8.2. <A
HREF="faq.html#AEN2004" HREF="faq.html#faq-hacking-bugzillabugs"
>&#13; What bugs are in Bugzilla right now? >&#13; What bugs are in Bugzilla right now?
</A </A
></DT ></DT
><DT ><DT
>A.8.3. <A >A.8.3. <A
HREF="faq.html#AEN2013" HREF="faq.html#faq-hacking-priority"
>&#13; How can I change the default priority to a null value? For instance, have the default >&#13; How can I change the default priority to a null value? For instance, have the default
priority be "---" instead of "P2"? priority be "---" instead of "P2"?
</A </A
></DT ></DT
><DT ><DT
>A.8.4. <A >A.8.4. <A
HREF="faq.html#AEN2019" HREF="faq.html#faq-hacking-patches"
>&#13; What's the best way to submit patches? What guidelines should I follow? >&#13; What's the best way to submit patches? What guidelines should I follow?
</A </A
></DT ></DT
...@@ -558,7 +558,7 @@ CLASS="qandaentry" ...@@ -558,7 +558,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1617" NAME="faq-general-information"
></A ></A
><B ><B
>A.1.1. </B >A.1.1. </B
...@@ -586,7 +586,7 @@ CLASS="qandaentry" ...@@ -586,7 +586,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1623" NAME="faq-general-license"
></A ></A
><B ><B
>A.1.2. </B >A.1.2. </B
...@@ -615,7 +615,7 @@ CLASS="qandaentry" ...@@ -615,7 +615,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1629" NAME="faq-general-support"
></A ></A
><B ><B
>A.1.3. </B >A.1.3. </B
...@@ -661,7 +661,7 @@ CLASS="qandaentry" ...@@ -661,7 +661,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1638" NAME="faq-general-companies"
></A ></A
><B ><B
>A.1.4. </B >A.1.4. </B
...@@ -767,7 +767,7 @@ CLASS="qandaentry" ...@@ -767,7 +767,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1662" NAME="faq-general-maintainers"
></A ></A
><B ><B
>A.1.5. </B >A.1.5. </B
...@@ -797,7 +797,7 @@ CLASS="qandaentry" ...@@ -797,7 +797,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1668" NAME="faq-general-compare"
></A ></A
><B ><B
>A.1.6. </B >A.1.6. </B
...@@ -835,7 +835,7 @@ CLASS="qandaentry" ...@@ -835,7 +835,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1674" NAME="faq-general-bzmissing"
></A ></A
><B ><B
>A.1.7. </B >A.1.7. </B
...@@ -875,7 +875,7 @@ CLASS="qandaentry" ...@@ -875,7 +875,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1681" NAME="faq-general-mysql"
></A ></A
><B ><B
>A.1.8. </B >A.1.8. </B
...@@ -920,7 +920,7 @@ CLASS="qandaentry" ...@@ -920,7 +920,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1690" NAME="faq-general-bonsaitools"
></A ></A
><B ><B
>A.1.9. </B >A.1.9. </B
...@@ -953,7 +953,7 @@ CLASS="qandaentry" ...@@ -953,7 +953,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1696" NAME="faq-general-cookie"
></A ></A
><B ><B
>A.1.10. </B >A.1.10. </B
...@@ -1015,7 +1015,7 @@ CLASS="qandaentry" ...@@ -1015,7 +1015,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1706" NAME="faq-phb-client"
></A ></A
><B ><B
>A.2.1. </B >A.2.1. </B
...@@ -1041,7 +1041,7 @@ CLASS="qandaentry" ...@@ -1041,7 +1041,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1711" NAME="faq-phb-integration"
></A ></A
><B ><B
>A.2.2. </B >A.2.2. </B
...@@ -1067,7 +1067,7 @@ CLASS="qandaentry" ...@@ -1067,7 +1067,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1716" NAME="faq-phb-projects"
></A ></A
><B ><B
>A.2.3. </B >A.2.3. </B
...@@ -1092,7 +1092,7 @@ CLASS="qandaentry" ...@@ -1092,7 +1092,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1721" NAME="faq-phb-sorting"
></A ></A
><B ><B
>A.2.4. </B >A.2.4. </B
...@@ -1117,7 +1117,7 @@ CLASS="qandaentry" ...@@ -1117,7 +1117,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1726" NAME="faq-phb-attachments"
></A ></A
><B ><B
>A.2.5. </B >A.2.5. </B
...@@ -1146,7 +1146,7 @@ CLASS="qandaentry" ...@@ -1146,7 +1146,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1731" NAME="faq-phb-priorities"
></A ></A
><B ><B
>A.2.6. </B >A.2.6. </B
...@@ -1183,7 +1183,7 @@ CLASS="qandaentry" ...@@ -1183,7 +1183,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1738" NAME="faq-phb-reporting"
></A ></A
><B ><B
>A.2.7. </B >A.2.7. </B
...@@ -1221,7 +1221,7 @@ CLASS="qandaentry" ...@@ -1221,7 +1221,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1745" NAME="faq-phb-email"
></A ></A
><B ><B
>A.2.8. </B >A.2.8. </B
...@@ -1248,7 +1248,7 @@ CLASS="qandaentry" ...@@ -1248,7 +1248,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1750" NAME="faq-phb-cclist"
></A ></A
><B ><B
>A.2.9. </B >A.2.9. </B
...@@ -1273,7 +1273,7 @@ CLASS="qandaentry" ...@@ -1273,7 +1273,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1755" NAME="faq-phb-emailapp"
></A ></A
><B ><B
>A.2.10. </B >A.2.10. </B
...@@ -1332,7 +1332,7 @@ CLASS="qandaentry" ...@@ -1332,7 +1332,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1762" NAME="faq-phb-data"
></A ></A
><B ><B
>A.2.11. </B >A.2.11. </B
...@@ -1394,7 +1394,7 @@ CLASS="qandaentry" ...@@ -1394,7 +1394,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1774" NAME="faq-phb-l10n"
></A ></A
><B ><B
>A.2.12. </B >A.2.12. </B
...@@ -1432,7 +1432,7 @@ CLASS="qandaentry" ...@@ -1432,7 +1432,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1781" NAME="faq-phb-reports"
></A ></A
><B ><B
>A.2.13. </B >A.2.13. </B
...@@ -1457,7 +1457,7 @@ CLASS="qandaentry" ...@@ -1457,7 +1457,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1786" NAME="faq-phb-searching"
></A ></A
><B ><B
>A.2.14. </B >A.2.14. </B
...@@ -1483,7 +1483,7 @@ CLASS="qandaentry" ...@@ -1483,7 +1483,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1791" NAME="faq-phb-midair"
></A ></A
><B ><B
>A.2.15. </B >A.2.15. </B
...@@ -1510,7 +1510,7 @@ CLASS="qandaentry" ...@@ -1510,7 +1510,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1796" NAME="faq-phb-backup"
></A ></A
><B ><B
>A.2.16. </B >A.2.16. </B
...@@ -1540,7 +1540,7 @@ CLASS="qandaentry" ...@@ -1540,7 +1540,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1802" NAME="faq-phb-livebackup"
></A ></A
><B ><B
>A.2.17. </B >A.2.17. </B
...@@ -1566,7 +1566,7 @@ CLASS="qandaentry" ...@@ -1566,7 +1566,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1807" NAME="faq-phb-maintenance"
></A ></A
><B ><B
>A.2.18. </B >A.2.18. </B
...@@ -1601,7 +1601,7 @@ CLASS="qandaentry" ...@@ -1601,7 +1601,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1813" NAME="faq-phb-installtime"
></A ></A
><B ><B
>A.2.19. </B >A.2.19. </B
...@@ -1634,7 +1634,7 @@ CLASS="qandaentry" ...@@ -1634,7 +1634,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1818" NAME="faq-phb-cost"
></A ></A
><B ><B
>A.2.20. </B >A.2.20. </B
...@@ -1668,7 +1668,7 @@ CLASS="qandaentry" ...@@ -1668,7 +1668,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1825" NAME="faq-security-mysql"
></A ></A
><B ><B
>A.3.1. </B >A.3.1. </B
...@@ -1697,7 +1697,7 @@ CLASS="qandaentry" ...@@ -1697,7 +1697,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1831" NAME="faq-security-knownproblems"
></A ></A
><B ><B
>A.3.2. </B >A.3.2. </B
...@@ -1725,7 +1725,7 @@ CLASS="qandaentry" ...@@ -1725,7 +1725,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1836" NAME="faq-security-mysqluser"
></A ></A
><B ><B
>A.3.3. </B >A.3.3. </B
...@@ -1761,7 +1761,7 @@ CLASS="qandaentry" ...@@ -1761,7 +1761,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1843" NAME="faq-email-nomail"
></A ></A
><B ><B
>A.4.1. </B >A.4.1. </B
...@@ -1791,7 +1791,7 @@ CLASS="qandaentry" ...@@ -1791,7 +1791,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1849" NAME="faq-email-testing"
></A ></A
><B ><B
>A.4.2. </B >A.4.2. </B
...@@ -1817,7 +1817,7 @@ CLASS="qandaentry" ...@@ -1817,7 +1817,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1854" NAME="faq-email-whine"
></A ></A
><B ><B
>A.4.3. </B >A.4.3. </B
...@@ -1849,7 +1849,7 @@ CLASS="qandaentry" ...@@ -1849,7 +1849,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1860" NAME="faq-email-procmail"
></A ></A
><B ><B
>A.4.4. </B >A.4.4. </B
...@@ -1867,7 +1867,7 @@ CLASS="answer" ...@@ -1867,7 +1867,7 @@ CLASS="answer"
You can call bug_email.pl directly from your aliases file, with You can call bug_email.pl directly from your aliases file, with
an entry like this: an entry like this:
<A <A
NAME="AEN1864" NAME="AEN1894"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -1888,7 +1888,7 @@ CLASS="qandaentry" ...@@ -1888,7 +1888,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1867" NAME="faq-email-mailif"
></A ></A
><B ><B
>A.4.5. </B >A.4.5. </B
...@@ -1913,7 +1913,7 @@ CLASS="qandaentry" ...@@ -1913,7 +1913,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1872" NAME="faq-email-sendmailnow"
></A ></A
><B ><B
>A.4.6. </B >A.4.6. </B
...@@ -1928,17 +1928,43 @@ CLASS="answer" ...@@ -1928,17 +1928,43 @@ CLASS="answer"
><B ><B
> </B > </B
> >
If you are using an alternate Mail Transport Agent (MTA other than If you are using an alternate <A
sendmail), make sure the options given in the "processmail" and other HREF="glossary.html#gloss-mta"
scripts for all ><I
instances of "sendmail" are correct for your MTA. CLASS="glossterm"
>MTA</I
></A
>,
make sure the options given in <TT
CLASS="filename"
>Bugzilla/BugMail.pm</TT
>
and any other place where <SPAN
CLASS="application"
>sendmail</SPAN
> is called from
are correct for your MTA. You should also ensure that the
<TT
CLASS="option"
>sendmailnow</TT
> param is set to <TT
CLASS="literal"
>on</TT
>.
</P </P
><P ><P
>&#13; If you are using Sendmail, try enabling "sendmailnow" in editparams.cgi. >&#13; If you are using <SPAN
If you are using Postfix, you will also need to enable <SPAN CLASS="application"
CLASS="QUOTE" >sendmail</SPAN
>"sendmailnow"</SPAN >, try enabling
<TT
CLASS="option"
>sendmailnow</TT
> in <TT
CLASS="filename"
>editparams.cgi</TT
>. >.
</P </P
></DIV ></DIV
></DIV ></DIV
...@@ -1948,7 +1974,7 @@ CLASS="qandaentry" ...@@ -1948,7 +1974,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1879" NAME="faq-email-nonreceived"
></A ></A
><B ><B
>A.4.7. </B >A.4.7. </B
...@@ -1988,7 +2014,7 @@ CLASS="qandaentry" ...@@ -1988,7 +2014,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1887" NAME="faq-db-oracle"
></A ></A
><B ><B
>A.5.1. </B >A.5.1. </B
...@@ -2016,7 +2042,7 @@ CLASS="qandaentry" ...@@ -2016,7 +2042,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1892" NAME="faq-db-corrupted"
></A ></A
><B ><B
>A.5.2. </B >A.5.2. </B
...@@ -2063,7 +2089,7 @@ CLASS="qandaentry" ...@@ -2063,7 +2089,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1900" NAME="faq-db-manualedit"
></A ></A
><B ><B
>A.5.3. </B >A.5.3. </B
...@@ -2104,7 +2130,7 @@ CLASS="qandaentry" ...@@ -2104,7 +2130,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1908" NAME="faq-db-permissions"
></A ></A
><B ><B
>A.5.4. </B >A.5.4. </B
...@@ -2165,7 +2191,7 @@ CLASS="qandaentry" ...@@ -2165,7 +2191,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1916" NAME="faq-db-synchronize"
></A ></A
><B ><B
>A.5.5. </B >A.5.5. </B
...@@ -2211,7 +2237,7 @@ CLASS="qandaentry" ...@@ -2211,7 +2237,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1925" NAME="faq-nt-easiest"
></A ></A
><B ><B
>A.6.1. </B >A.6.1. </B
...@@ -2236,7 +2262,7 @@ CLASS="qandaentry" ...@@ -2236,7 +2262,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1930" NAME="faq-nt-bundle"
></A ></A
><B ><B
>A.6.2. </B >A.6.2. </B
...@@ -2262,7 +2288,7 @@ CLASS="qandaentry" ...@@ -2262,7 +2288,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1935" NAME="faq-nt-mappings"
></A ></A
><B ><B
>A.6.3. </B >A.6.3. </B
...@@ -2285,7 +2311,7 @@ CLASS="answer" ...@@ -2285,7 +2311,7 @@ CLASS="answer"
><P ><P
>&#13; Microsoft has some advice on this matter, as well: >&#13; Microsoft has some advice on this matter, as well:
<A <A
NAME="AEN1940" NAME="AEN1977"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
...@@ -2310,7 +2336,7 @@ CLASS="qandaentry" ...@@ -2310,7 +2336,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1943" NAME="faq-nt-dbi"
></A ></A
><B ><B
>A.6.4. </B >A.6.4. </B
...@@ -2387,7 +2413,7 @@ CLASS="qandaentry" ...@@ -2387,7 +2413,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1964" NAME="faq-use-changeaddress"
></A ></A
><B ><B
>A.7.1. </B >A.7.1. </B
...@@ -2412,7 +2438,7 @@ CLASS="qandaentry" ...@@ -2412,7 +2438,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1969" NAME="faq-use-query"
></A ></A
><B ><B
>A.7.2. </B >A.7.2. </B
...@@ -2438,7 +2464,7 @@ CLASS="qandaentry" ...@@ -2438,7 +2464,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1974" NAME="faq-use-accept"
></A ></A
><B ><B
>A.7.3. </B >A.7.3. </B
...@@ -2493,7 +2519,7 @@ CLASS="qandaentry" ...@@ -2493,7 +2519,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1984" NAME="faq-use-attachment"
></A ></A
><B ><B
>A.7.4. </B >A.7.4. </B
...@@ -2520,7 +2546,7 @@ CLASS="qandaentry" ...@@ -2520,7 +2546,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1989" NAME="faq-use-keyword"
></A ></A
><B ><B
>A.7.5. </B >A.7.5. </B
...@@ -2554,7 +2580,7 @@ CLASS="qandaentry" ...@@ -2554,7 +2580,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN1996" NAME="faq-hacking-templatestyle"
></A ></A
><B ><B
>A.8.1. </B >A.8.1. </B
...@@ -2613,7 +2639,7 @@ CLASS="qandaentry" ...@@ -2613,7 +2639,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2004" NAME="faq-hacking-bugzillabugs"
></A ></A
><B ><B
>A.8.2. </B >A.8.2. </B
...@@ -2659,7 +2685,7 @@ CLASS="qandaentry" ...@@ -2659,7 +2685,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2013" NAME="faq-hacking-priority"
></A ></A
><B ><B
>A.8.3. </B >A.8.3. </B
...@@ -2691,7 +2717,7 @@ CLASS="qandaentry" ...@@ -2691,7 +2717,7 @@ CLASS="qandaentry"
CLASS="question" CLASS="question"
><P ><P
><A ><A
NAME="AEN2019" NAME="faq-hacking-patches"
></A ></A
><B ><B
>A.8.4. </B >A.8.4. </B
......
docs/html/gfdl-0.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-1.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-10.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-2.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-3.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-4.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-5.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-6.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-7.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-8.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-9.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/gfdl-howto.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="GNU Free Documentation License" TITLE="GNU Free Documentation License"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -81,7 +81,7 @@ NAME="gfdl-howto" ...@@ -81,7 +81,7 @@ NAME="gfdl-howto"
of the License in the document and put the following copyright and of the License in the document and put the following copyright and
license notices just after the title page:</P license notices just after the title page:</P
><A ><A
NAME="AEN2267" NAME="AEN2304"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
......
docs/html/gfdl.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="SourceForge" TITLE="SourceForge"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -144,7 +144,7 @@ HREF="gfdl-howto.html" ...@@ -144,7 +144,7 @@ HREF="gfdl-howto.html"
><P ><P
>Version 1.1, March 2000</P >Version 1.1, March 2000</P
><A ><A
NAME="AEN2177" NAME="AEN2214"
></A ></A
><BLOCKQUOTE ><BLOCKQUOTE
CLASS="BLOCKQUOTE" CLASS="BLOCKQUOTE"
......
docs/html/glossary.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="How to use this License for your documents" TITLE="How to use this License for your documents"
...@@ -31,7 +31,7 @@ CELLSPACING="0" ...@@ -31,7 +31,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -70,7 +70,7 @@ CLASS="glossdiv" ...@@ -70,7 +70,7 @@ CLASS="glossdiv"
><H1 ><H1
CLASS="glossdiv" CLASS="glossdiv"
><A ><A
NAME="AEN2272" NAME="AEN2309"
></A ></A
>0-9, high ascii</H1 >0-9, high ascii</H1
><DL ><DL
...@@ -485,21 +485,78 @@ NAME="gloss-m" ...@@ -485,21 +485,78 @@ NAME="gloss-m"
>M</H1 >M</H1
><DL ><DL
><DT ><DT
><A
NAME="gloss-mta"
></A
><B ><B
>mysqld</B >Message Transport Agent</B
></DT
> (MTA)<DD
><P
>A Message Transport Agent is used to control the flow of email
on a system. Many unix based systems use
<A
HREF="http://www.sendmail.org"
TARGET="_top"
>sendmail</A
> which is what
Bugzilla expects to find by default at <TT
CLASS="filename"
>/usr/sbin/sendmail</TT
>.
Many other MTA's will work, but they all require that the
<TT
CLASS="option"
>sendmailnow</TT
> param be set to <TT
CLASS="literal"
>on</TT
>.
</P
></DD
><DT
><A
NAME="gloss-mysql"
></A
><B
>MySQL</B
></DT ></DT
><DD ><DD
><P ><P
>mysqld is the name of the >MySQL is currently the required
<I <A
HREF="glossary.html#gloss-rdbms"
><I
CLASS="glossterm" CLASS="glossterm"
>daemon</I >RDBMS</I
> ></A
> for Bugzilla. MySQL
for the MySQL database. In general, it is invoked automatically can be downloaded from <A
through the use of the System V init scripts on GNU/Linux and HREF="http://www.mysql.com"
AT&#38;T System V-based systems, such as Solaris and HP/UX, or TARGET="_top"
through the RC scripts on BSD-based systems.</P >http://www.mysql.com</A
>. While you
should familiarize yourself with all of the documentation, some high
points are:
</P
><P
></P
><UL
><LI
><P
><A
HREF="http://www.mysql.com/doc/P/r/Privilege_system.html"
TARGET="_top"
>MySQL
Privilege System</A
> - Much more detailed information about
the suggestions in <A
HREF="security.html#security-mysql"
>Section 5.6.2</A
>.
</P
></LI
></UL
></DD ></DD
></DL ></DL
></DIV ></DIV
...@@ -593,6 +650,30 @@ CLASS="glossdiv" ...@@ -593,6 +650,30 @@ CLASS="glossdiv"
><H1 ><H1
CLASS="glossdiv" CLASS="glossdiv"
><A ><A
NAME="gloss-r"
></A
>R</H1
><DL
><DT
><A
NAME="gloss-rdbms"
></A
><B
>Relational DataBase Managment System</B
></DT
> (RDBMS)<DD
><P
>A relational database management system is a database system
that stores information in tables that are related to each other.
</P
></DD
></DL
></DIV
><DIV
CLASS="glossdiv"
><H1
CLASS="glossdiv"
><A
NAME="gloss-s" NAME="gloss-s"
></A ></A
>S</H1 >S</H1
......
docs/html/groups.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/hintsandtips.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Using Bugzilla" TITLE="Using Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -84,7 +84,7 @@ CLASS="section" ...@@ -84,7 +84,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN340" NAME="AEN370"
></A ></A
>3.2.1. Autolinkification</H2 >3.2.1. Autolinkification</H2
><P ><P
...@@ -232,7 +232,7 @@ CLASS="section" ...@@ -232,7 +232,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN369" NAME="AEN399"
></A ></A
>3.2.5. Filing Bugs</H2 >3.2.5. Filing Bugs</H2
><P ><P
......
docs/html/how.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Using Bugzilla" TITLE="Using Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/http.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Installation" TITLE="Installation"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -88,8 +88,8 @@ CLASS="glossterm" ...@@ -88,8 +88,8 @@ CLASS="glossterm"
should be able to handle Bugzilla. No matter what web server you choose, but should be able to handle Bugzilla. No matter what web server you choose, but
especially if you choose something other than Apache, you should be sure to read especially if you choose something other than Apache, you should be sure to read
<A <A
HREF="security.html" HREF="security.html#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
</P </P
><P ><P
...@@ -262,7 +262,7 @@ COLOR="#000000" ...@@ -262,7 +262,7 @@ COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;# don't allow people to retrieve non-cgi executable files or our private data >&#13;# don't allow people to retrieve non-cgi executable files or our private data
&#60;FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$&#62; &#60;FilesMatch ^(.*\.pl|.*localconfig.*|runtests.sh)$&#62;
deny from all deny from all
&#60;/FilesMatch&#62; &#60;/FilesMatch&#62;
&#60;FilesMatch ^(localconfig.js|localconfig.rdf)$&#62; &#60;FilesMatch ^(localconfig.js|localconfig.rdf)$&#62;
...@@ -446,8 +446,8 @@ CLASS="filename" ...@@ -446,8 +446,8 @@ CLASS="filename"
>data</TT >data</TT
> >
directory are secured as described in <A directory are secured as described in <A
HREF="security.html" HREF="security.html#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
</P </P
></DIV ></DIV
...@@ -509,11 +509,13 @@ COLOR="#000000" ...@@ -509,11 +509,13 @@ COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;ns_register_filter preauth GET /bugzilla/localconfig filter_deny >&#13;ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
ns_register_filter preauth GET /bugzilla/*.pl filter_deny ns_register_filter preauth GET /bugzilla/*.pl filter_deny
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/processmail filter_deny
ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
ns_register_filter preauth GET /bugzilla/data/* filter_deny
ns_register_filter preauth GET /bugzilla/template/* filter_deny
proc filter_deny { why } { proc filter_deny { why } {
ns_log Notice "filter_deny" ns_log Notice "filter_deny"
...@@ -545,31 +547,84 @@ ALT="Warning"></TD ...@@ -545,31 +547,84 @@ ALT="Warning"></TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>This doesn't appear to account for everything mentioned in >This probably doesn't account for all possible editor backup
<A files so you may wish to add some additional variations of
HREF="security.html"
>Section 5.6</A
>. In particular, it doesn't block access
to the <TT
CLASS="filename"
>data</TT
> or
<TT <TT
CLASS="filename" CLASS="filename"
>template</TT >localconfig</TT
> directories. It also >. For more information, see
doesn't account for the editor backup files that were the topic of
<A <A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383" HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383"
TARGET="_top" TARGET="_top"
>bug >bug
186383</A 186383</A
>, <A > or <A
HREF="http://online.securityfocus.com/bid/6501" HREF="http://online.securityfocus.com/bid/6501"
TARGET="_top" TARGET="_top"
>Bugtraq ID 6501</A >Bugtraq ID 6501</A
>.
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If you are using webdot from research.att.com (the default
configuration for the <TT
CLASS="option"
>webdotbase</TT
> paramater), you
will need to allow access to <TT
CLASS="filename"
>data/webdot/*.dot</TT
>
for the reasearch.att.com machine.
</P
><P
>If you are using a local installation of <A
HREF="http://www.graphviz.org"
TARGET="_top"
>GraphViz</A
>, you will need to allow
everybody to access <TT
CLASS="filename"
>*.png</TT
>, >,
and a partial cause for the 2.16.2 release. <TT
CLASS="filename"
>*.gif</TT
>, <TT
CLASS="filename"
>*.jpg</TT
>, and
<TT
CLASS="filename"
>*.map</TT
> in the
<TT
CLASS="filename"
>data/webdot</TT
> directory.
</P </P
></TD ></TD
></TR ></TR
......
docs/html/index.html
View file @ cf24e428
<HTML <HTML
><HEAD ><HEAD
><TITLE ><TITLE
>The Bugzilla Guide</TITLE >The Bugzilla Guide - 2.17.4 Development Release</TITLE
><META ><META
NAME="GENERATOR" NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
...@@ -46,7 +46,7 @@ CLASS="title" ...@@ -46,7 +46,7 @@ CLASS="title"
><A ><A
NAME="AEN2" NAME="AEN2"
></A ></A
>The Bugzilla Guide</H1 >The Bugzilla Guide - 2.17.4 Development Release</H1
><H3 ><H3
CLASS="author" CLASS="author"
><A ><A
...@@ -58,18 +58,18 @@ CLASS="author" ...@@ -58,18 +58,18 @@ CLASS="author"
><A ><A
NAME="AEN9" NAME="AEN9"
></A ></A
>Jacob Steenhagen</H3
><H3
CLASS="corpauthor"
>The Bugzilla Team</H3 >The Bugzilla Team</H3
><P ><P
CLASS="edition"
>2.17.3 Development Release&nbsp;Edition </P
><P
CLASS="pubdate" CLASS="pubdate"
>2003-01-02<BR></P >2003-02-16<BR></P
><DIV ><DIV
><DIV ><DIV
CLASS="abstract" CLASS="abstract"
><A ><A
NAME="AEN15" NAME="AEN14"
></A ></A
><P ><P
></P ></P
...@@ -335,7 +335,7 @@ HREF="variants.html" ...@@ -335,7 +335,7 @@ HREF="variants.html"
><DL ><DL
><DT ><DT
>D.1. <A >D.1. <A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
>Red Hat Bugzilla</A >Red Hat Bugzilla</A
></DT ></DT
><DT ><DT
......
docs/html/installation.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="User Preferences" TITLE="User Preferences"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -118,17 +118,17 @@ HREF="stepbystep.html#sbs-http" ...@@ -118,17 +118,17 @@ HREF="stepbystep.html#sbs-http"
></DT ></DT
><DT ><DT
>4.1.7. <A >4.1.7. <A
HREF="stepbystep.html#AEN590" HREF="stepbystep.html#AEN620"
>Bugzilla</A >Bugzilla</A
></DT ></DT
><DT ><DT
>4.1.8. <A >4.1.8. <A
HREF="stepbystep.html#AEN615" HREF="stepbystep.html#AEN645"
>Setting Up the MySQL Database</A >Setting Up the MySQL Database</A
></DT ></DT
><DT ><DT
>4.1.9. <A >4.1.9. <A
HREF="stepbystep.html#AEN651" HREF="stepbystep.html#AEN681"
><TT ><TT
CLASS="filename" CLASS="filename"
>checksetup.pl</TT >checksetup.pl</TT
...@@ -136,12 +136,7 @@ CLASS="filename" ...@@ -136,12 +136,7 @@ CLASS="filename"
></DT ></DT
><DT ><DT
>4.1.10. <A >4.1.10. <A
HREF="stepbystep.html#AEN683" HREF="stepbystep.html#AEN713"
>Securing MySQL</A
></DT
><DT
>4.1.11. <A
HREF="stepbystep.html#AEN749"
>Configuring Bugzilla</A >Configuring Bugzilla</A
></DT ></DT
></DL ></DL
...@@ -155,17 +150,17 @@ HREF="extraconfig.html" ...@@ -155,17 +150,17 @@ HREF="extraconfig.html"
><DL ><DL
><DT ><DT
>4.2.1. <A >4.2.1. <A
HREF="extraconfig.html#AEN755" HREF="extraconfig.html#AEN719"
>Dependency Charts</A >Dependency Charts</A
></DT ></DT
><DT ><DT
>4.2.2. <A >4.2.2. <A
HREF="extraconfig.html#AEN770" HREF="extraconfig.html#AEN734"
>Bug Graphs</A >Bug Graphs</A
></DT ></DT
><DT ><DT
>4.2.3. <A >4.2.3. <A
HREF="extraconfig.html#AEN783" HREF="extraconfig.html#AEN747"
>The Whining Cron</A >The Whining Cron</A
></DT ></DT
><DT ><DT
...@@ -181,15 +176,6 @@ HREF="extraconfig.html#content-type" ...@@ -181,15 +176,6 @@ HREF="extraconfig.html#content-type"
></DT ></DT
><DT ><DT
>4.2.6. <A >4.2.6. <A
HREF="extraconfig.html#htaccess"
><TT
CLASS="filename"
>.htaccess</TT
>
files and security</A
></DT
><DT
>4.2.7. <A
HREF="extraconfig.html#directoryindex" HREF="extraconfig.html#directoryindex"
><TT ><TT
CLASS="filename" CLASS="filename"
...@@ -197,7 +183,7 @@ CLASS="filename" ...@@ -197,7 +183,7 @@ CLASS="filename"
> for the Bugzilla default page.</A > for the Bugzilla default page.</A
></DT ></DT
><DT ><DT
>4.2.8. <A >4.2.7. <A
HREF="extraconfig.html#mod_perl" HREF="extraconfig.html#mod_perl"
>Bugzilla and <TT >Bugzilla and <TT
CLASS="filename" CLASS="filename"
...@@ -205,7 +191,7 @@ CLASS="filename" ...@@ -205,7 +191,7 @@ CLASS="filename"
></A ></A
></DT ></DT
><DT ><DT
>4.2.9. <A >4.2.8. <A
HREF="extraconfig.html#mod-throttle" HREF="extraconfig.html#mod-throttle"
><TT ><TT
CLASS="filename" CLASS="filename"
...@@ -277,12 +263,12 @@ HREF="troubleshooting.html" ...@@ -277,12 +263,12 @@ HREF="troubleshooting.html"
><DL ><DL
><DT ><DT
>4.5.1. <A >4.5.1. <A
HREF="troubleshooting.html#AEN1063" HREF="troubleshooting.html#AEN1009"
>Bundle::Bugzilla makes me upgrade to Perl 5.6.1</A >Bundle::Bugzilla makes me upgrade to Perl 5.6.1</A
></DT ></DT
><DT ><DT
>4.5.2. <A >4.5.2. <A
HREF="troubleshooting.html#AEN1068" HREF="troubleshooting.html#AEN1014"
>DBD::Sponge::db prepare failed</A >DBD::Sponge::db prepare failed</A
></DT ></DT
><DT ><DT
......
docs/html/integration.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/introduction.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Document Conventions" TITLE="Document Conventions"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/newversions.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="About This Guide" TITLE="About This Guide"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -77,7 +77,7 @@ NAME="newversions" ...@@ -77,7 +77,7 @@ NAME="newversions"
></A ></A
>1.3. New Versions</H1 >1.3. New Versions</H1
><P ><P
>&#13; This is the 2.17.3 version of The Bugzilla Guide. It is so named >&#13; This is the 2.17.4 version of The Bugzilla Guide. It is so named
to match the current version of Bugzilla. to match the current version of Bugzilla.
This version of the guide, like its associated Bugzilla version is a This version of the guide, like its associated Bugzilla version is a
......
docs/html/os-specific.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Installation" TITLE="Installation"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -214,11 +214,11 @@ TARGET="_top" ...@@ -214,11 +214,11 @@ TARGET="_top"
></TABLE ></TABLE
></DIV ></DIV
><DIV ><DIV
CLASS="note" CLASS="tip"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="tip"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -227,9 +227,9 @@ WIDTH="25" ...@@ -227,9 +227,9 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/tip.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Tip"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
...@@ -358,30 +358,9 @@ CLASS="section" ...@@ -358,30 +358,9 @@ CLASS="section"
><H4 ><H4
CLASS="section" CLASS="section"
><A ><A
NAME="win32-code-mail" NAME="AEN863"
></A ></A
>4.3.1.3.2. Making mail work</H4 >4.3.1.3.2. System Calls</H4
><P
>The easiest way to get mail working is to use the mail patches
on <A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=124174"
TARGET="_top"
>bug
124174</A
>. With any luck, this patch will receive the required
reviews and integrated into the main Bugzilla distribution very soon.
Until that happens, there's at least one report of this patch working
well on Windows.
</P
></DIV
><DIV
CLASS="section"
><H4
CLASS="section"
><A
NAME="AEN930"
></A
>4.3.1.3.3. System Calls</H4
><P ><P
>In order to get system calls to work on win32's perl, you need >In order to get system calls to work on win32's perl, you need
to tell the windows shell what interpreter to use. This is done by to tell the windows shell what interpreter to use. This is done by
...@@ -410,7 +389,7 @@ WIDTH="100%" ...@@ -410,7 +389,7 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;system("./processmail", $id, $exporter); >&#13;system("$webdotbase","-Tpng","-o","$pngfilename","$filename");
</PRE </PRE
></FONT ></FONT
></TD ></TD
...@@ -428,19 +407,12 @@ WIDTH="100%" ...@@ -428,19 +407,12 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;system("C:\\perl\\bin\\perl", "processmail", $id, $exporter); >&#13;system("C:\\perl\\bin\\perl", "$webdotbase","-Tpng","-o","$pngfilename","$filename");
</PRE </PRE
></FONT ></FONT
></TD ></TD
></TR ></TR
></TABLE ></TABLE
><P
>Notice that the <TT
CLASS="computeroutput"
>./</TT
> is also
removed.
</P
><DIV ><DIV
CLASS="tip" CLASS="tip"
><P ><P
...@@ -479,6 +451,51 @@ CLASS="productname" ...@@ -479,6 +451,51 @@ CLASS="productname"
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>It appears that the only <TT
CLASS="function"
>system</TT
> call
remaining in the Bugzilla codebase is in
<TT
CLASS="filename"
>showdependencygraph.cgi</TT
>. Not changing this
file will only cause dependency graphs to not function if the
<TT
CLASS="option"
>webdotbase</TT
> paramater points to a local
installation of <A
HREF="http://www.graphviz.org"
TARGET="_top"
>GraphViz</A
>.
</P
></TD
></TR
></TABLE
></DIV
></DIV ></DIV
></DIV ></DIV
><DIV ><DIV
...@@ -494,8 +511,8 @@ NAME="win32-http" ...@@ -494,8 +511,8 @@ NAME="win32-http"
able to handle Bugzilla; however, the Bugzilla Team still recommends able to handle Bugzilla; however, the Bugzilla Team still recommends
Apache whenever asked. No matter what web server you choose, be sure Apache whenever asked. No matter what web server you choose, be sure
to pay attention to the security notes in <A to pay attention to the security notes in <A
HREF="security.html" HREF="security.html#security-access"
>Section 5.6</A >Section 5.6.4</A
>. >.
More information on configuring specific web servers can be found in More information on configuring specific web servers can be found in
<A <A
......
docs/html/parameters.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/patches.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="MySQL Bugzilla Database Introduction" TITLE="MySQL Bugzilla Database Introduction"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/programadmin.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/rewrite.html
View file @ cf24e428
...@@ -10,7 +10,7 @@ NAME="GENERATOR" ...@@ -10,7 +10,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Useful Patches and Utilities for Bugzilla" TITLE="Useful Patches and Utilities for Bugzilla"
...@@ -40,7 +40,7 @@ CELLSPACING="0" ...@@ -40,7 +40,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/security.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -129,60 +129,227 @@ VALIGN="TOP" ...@@ -129,60 +129,227 @@ VALIGN="TOP"
><P ><P
>These instructions must, of necessity, be somewhat vague since >These instructions must, of necessity, be somewhat vague since
Bugzilla runs on so many different platforms. If you have refinements Bugzilla runs on so many different platforms. If you have refinements
of these directions for specific platforms, please submit them to of these directions, please submit a bug to <A
<A HREF="http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla&component=Documentation"
HREF="mailto://mozilla-webtools@mozilla.org"
TARGET="_top" TARGET="_top"
>&#13; mozilla-webtools@mozilla.org</A >Bugzilla Documentation</A
> >.
</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>This is not meant to be a comprehensive list of every possible
security issue regarding the tools mentioned in this section. There is
no subsitute for reading the information written by the authors of any
software running on your system.
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="security-networking"
></A
>5.6.1. TCP/IP Ports</H2
><P
>TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla
only needs 1... 2 if you need to use features that require e-mail such
as bug moving or the e-mail interface from contrib. You should audit
your server and make sure that you aren't listening on any ports you
don't need to be. You may also wish to use some kind of firewall
software to be sure that trafic can only be recieved on ports you
specify.
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="security-mysql"
></A
>5.6.2. MySQL</H2
><P
>MySQL ships by default with many settings that should be changed.
By defaults it allows anybody to connect from localhost without a
password and have full administrative capabilities. It also defaults to
not have a root password (this is <EM
>not</EM
> the same as
the system root). Also, many installations default to running
<SPAN
CLASS="application"
>mysqld</SPAN
> as the system root.
</P
><P ><P
>To secure your installation:
<P
></P ></P
><OL ><OL
TYPE="1" TYPE="1"
><LI ><LI
><P ><P
>&#13; <EM >Consult the documentation that came with your system for
>There is no substitute for understanding the tools on your information on making <SPAN
system!</EM CLASS="application"
> >mysqld</SPAN
> run as an
Read unprivleged user.
<A </P
HREF="http://www.mysql.com/doc/P/r/Privilege_system.html"
TARGET="_top"
>&#13; The MySQL Privilege System</A
>
until you can recite it from memory!</P
></LI ></LI
><LI ><LI
><P ><P
>Lock down <TT >You should also be sure to disable the anonymous user account
and set a password for the root user. This is accomplished using the
following commands:
</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;<TT
CLASS="prompt"
>bash$</TT
> mysql mysql
<TT
CLASS="prompt"
>mysql&#62;</TT
> DELETE FROM user WHERE user = '';
<TT
CLASS="prompt"
>mysql&#62;</TT
> UPDATE user SET password = password('<TT
CLASS="replaceable"
><I
>new_password</I
></TT
>') WHERE user = 'root';
<TT
CLASS="prompt"
>mysql&#62;</TT
> FLUSH PRIVILEGES;
</PRE
></FONT
></TD
></TR
></TABLE
><P
>From this point forward you will need to use
<B
CLASS="command"
>mysql -u root -p</B
> and enter
<TT
CLASS="replaceable"
><I
>new_password</I
></TT
> when prompted when using the
mysql client.
</P
></LI
><LI
><P
>If you run MySQL on the same machine as your httpd server, you
should consider disabling networking from within MySQL by adding
the following to your <TT
CLASS="filename" CLASS="filename"
>/etc/inetd.conf</TT >/etc/my.conf</TT
>. Heck, disable >:
inet entirely on this box. It should only listen to port 25 for </P
Sendmail and port 80 for Apache.</P ><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;[myslqd]
# Prevent network access to MySQL.
skip-networking
</PRE
></FONT
></TD
></TR
></TABLE
></LI ></LI
><LI ><LI
><P ><P
>Do not run Apache as >You may also consider running MySQL, or even all of Bugzilla
in a chroot jail; however, instructions for doing that are beyond
the scope of this document.
</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="security-daemon"
></A
>5.6.3. Daemon Accounts</H2
><P
>Many daemons, such as Apache's httpd and MySQL's mysqld default to
running as either <SPAN
CLASS="QUOTE"
>"root"</SPAN
> or <SPAN
CLASS="QUOTE"
>"nobody"</SPAN
>. Running
as <SPAN
CLASS="QUOTE"
>"root"</SPAN
> introduces obvious security problems, but the
problems introduced by running everything as <SPAN
CLASS="QUOTE"
>"nobody"</SPAN
> may
not be so obvious. Basically, if you're running every daemon as
<SPAN <SPAN
CLASS="QUOTE" CLASS="QUOTE"
>"nobody"</SPAN >"nobody"</SPAN
> > and one of them gets comprimised, they all get
comprimised. For this reason it is recommended that you create a user
. This will require very lax permissions in your Bugzilla account for each daemon.
directories. Run it, instead, as a user with a name, set via your </P
httpd.conf file. ><DIV
<DIV
CLASS="note" CLASS="note"
><P ><P
></P ></P
...@@ -203,62 +370,232 @@ ALT="Note"></TD ...@@ -203,62 +370,232 @@ ALT="Note"></TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>&#13; <SPAN >You will need to set the <TT
CLASS="QUOTE" CLASS="varname"
>"nobody"</SPAN >webservergroup</TT
> > to
the group you created for your webserver to run as in
is a real user on UNIX systems. Having a process run as user id <TT
<SPAN CLASS="filename"
CLASS="QUOTE" >localconfig</TT
>"nobody"</SPAN >. This will allow
> <B
CLASS="command"
is absolutely no protection against system crackers versus using >./checksetup.pl</B
any other user account. As a general security measure, I recommend > to better adjust the file
you create unique user ID's for each daemon running on your system permissions on your Bugzilla install so as to not require making
and, if possible, use "chroot" to jail that process away from the anything world-writable.
rest of your system.</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="security-access"
></A
>5.6.4. Web Server Access Controls</H2
><P
>There are many files that are placed in the Bugzilla directory
area that should not be accessable from the web. Because of the way
Bugzilla is currently layed out, the list of what should and should
not be accessible is rather complicated. A new installation method
is currently in the works which should solve this by allowing files
that shouldn't be accessible from the web to be placed in directory
outside the webroot. See
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=44659"
TARGET="_top"
>bug
44659</A
> for more information.
</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>In the main Bugzilla directory, you should:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block:
<TT
CLASS="filename"
>*.pl</TT
>, <TT
CLASS="filename"
>*localconfig*</TT
>, <TT
CLASS="filename"
>runtests.sh</TT
> >
</P </P
></LI ></LI
><LI ><LI
><P ><P
>Ensure you have adequate access controls for the >But allow:
<TT <TT
CLASS="filename" CLASS="filename"
>$BUGZILLA_HOME/data/</TT >localconfig.js</TT
> directory, as well as the >, <TT
<TT
CLASS="filename" CLASS="filename"
>$BUGZILLA_HOME/localconfig</TT >localconfig.rdf</TT
> file. >
The localconfig file stores your "bugs" database account password. </P
In addition, some ></LI
files under <TT ></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>data</TT
>:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow:
<TT
CLASS="filename" CLASS="filename"
>$BUGZILLA_HOME/data/</TT >duplicates.rdf</TT
> store sensitive >
information.
</P </P
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>data/webdot</TT
>:</P
><P ><P
>Also, beware that some text editors create backup files in the ></P
current working directory so you need to also secure files like ><UL
COMPACT="COMPACT"
><LI
><P
>If you use a remote webdot server:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow
<TT <TT
CLASS="filename" CLASS="filename"
>localconfig~</TT >*.dot</TT
>. >
only for the remote webdot server</P
></LI
></UL
></LI
><LI
><P
>Otherwise, if you use a local GraphViz:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
><LI
><P
>But allow:
<TT
CLASS="filename"
>*.png</TT
>, <TT
CLASS="filename"
>*.gif</TT
>, <TT
CLASS="filename"
>*.jpg</TT
>, <TT
CLASS="filename"
>*.map</TT
>
</P </P
></LI
></UL
></LI
><LI
><P
>And if you don't use any dot:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
></UL
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>Bugzilla</TT
>:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
></UL
></LI
><LI
><P
>In <TT
CLASS="filename"
>template</TT
>:</P
><P
></P
><UL
COMPACT="COMPACT"
><LI
><P
>Block everything</P
></LI
></UL
></LI
></UL
><DIV ><DIV
CLASS="note" CLASS="tip"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="tip"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -267,102 +604,64 @@ WIDTH="25" ...@@ -267,102 +604,64 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/tip.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Tip"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>Simply blocking <TT >Bugzilla ships with the ability to generate
CLASS="computeroutput" <TT
>.*localconfig.*</TT
>
won't work because the QuickSearch feature requires the web browser
to be able to retrieve <TT
CLASS="filename" CLASS="filename"
>localconfig.js</TT >.htaccess</TT
> and > files instructing
others may be introduced in the future (see
<A <A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383" HREF="glossary.html#gloss-apache"
TARGET="_top" ><I
>bug CLASS="glossterm"
186383</A >Apache</I
> for more information. ></A
> which files
should and should not be accessible. For more information, see
<A
HREF="http.html#http-apache"
>Section 4.4.1</A
>.
</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><P ><P
>Bugzilla provides default <TT >You should test to make sure that the files mentioned above are
CLASS="filename" not accessible from the Internet, especially your
>.htaccess</TT
> files
to protect the most common Apache installations. However, you should
verify these are adequate according to the site-wide security policy
of your web server, and ensure that the <TT
CLASS="filename"
>.htaccess</TT
>
files are allowed to <SPAN
CLASS="QUOTE"
>"override"</SPAN
> default permissions set
in your Apache configuration files. Covering Apache security is beyond
the scope of this Guide; please consult the Apache documentation for
details.
</P
><P
>If you are using a web server that does not support the
<TT
CLASS="filename"
>.htaccess</TT
> control method,
<EM
>you are at risk!</EM
>
After installing, check to see if you can view the file
<TT <TT
CLASS="filename" CLASS="filename"
>localconfig</TT >localconfig</TT
> in your web browser (e.g.: > file which contains your database
password. To test, simply point your web browser at the file; for
example, to test mozilla.org's installation, we'd try to access
<A <A
HREF="http://bugzilla.mozilla.org/localconfig" HREF="http://bugzilla.mozilla.org/localconfig"
TARGET="_top" TARGET="_top"
>&#13; http://bugzilla.mozilla.org/localconfig</A >http://bugzilla.mozilla.org/localconfig</A
>. You should
get a <SPAN
CLASS="errorcode"
>403</SPAN
> <SPAN
CLASS="errorname"
>Forbidden</SPAN
> >
error.
). If you can read the contents of this file, your web server has </P
not secured your bugzilla directory properly and you must fix this
problem before deploying Bugzilla. If, however, it gives you a
"Forbidden" error, then it probably respects the .htaccess
conventions and you are good to go.</P
></LI
><LI
><P
>When you run checksetup.pl, the script will attempt to modify
various permissions on files which Bugzilla uses. If you do not have
a webservergroup set in the <TT
CLASS="filename"
>localconfig</TT
> file,
then Bugzilla will have to make certain files world readable and/or
writable.
<EM
>THIS IS INSECURE!</EM
>
. This means that anyone who can get access to your system can do
whatever they want to your Bugzilla installation.</P
><DIV ><DIV
CLASS="note" CLASS="caution"
><P ><P
></P ></P
><TABLE ><TABLE
CLASS="note" CLASS="caution"
WIDTH="100%" WIDTH="100%"
BORDER="0" BORDER="0"
><TR ><TR
...@@ -371,90 +670,55 @@ WIDTH="25" ...@@ -371,90 +670,55 @@ WIDTH="25"
ALIGN="CENTER" ALIGN="CENTER"
VALIGN="TOP" VALIGN="TOP"
><IMG ><IMG
SRC="../images/note.gif" SRC="../images/caution.gif"
HSPACE="5" HSPACE="5"
ALT="Note"></TD ALT="Caution"></TD
><TD ><TD
ALIGN="LEFT" ALIGN="LEFT"
VALIGN="TOP" VALIGN="TOP"
><P ><P
>This also means that if your webserver runs all cgi scripts >Not following the instructions in this section, including
as the same user/group, anyone on the system who can run cgi testing, may result in sensitive information being globally
scripts will be able to take control of your Bugzilla accessible.
installation.</P </P
></TD ></TD
></TR ></TR
></TABLE ></TABLE
></DIV ></DIV
><DIV
CLASS="tip"
><P ><P
>On Apache, you can use <TT ></P
CLASS="filename" ><TABLE
>.htaccess</TT CLASS="tip"
> files to WIDTH="100%"
protect access to these directories, as outlined in Bugs BORDER="0"
<A ><TR
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=57161" ><TD
TARGET="_top" WIDTH="25"
>&#13; 57161</A ALIGN="CENTER"
> and VALIGN="TOP"
<A ><IMG
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=186383" SRC="../images/tip.gif"
TARGET="_top" HSPACE="5"
>&#13; 186383</A ALT="Tip"></TD
> ><TD
ALIGN="LEFT"
for the <TT VALIGN="TOP"
CLASS="filename"
>localconfig</TT
> file, and
<A
HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=65572"
TARGET="_top"
>Bug
65572</A
>
for adequate protection in your <TT
CLASS="filename"
>data/</TT
> directory.
Also, don't forget about the <TT
CLASS="filename"
>template/</TT
> and
<TT
CLASS="filename"
>Bugzilla/</TT
> directories and to allow access to the
<TT
CLASS="filename"
>data/webdot</TT
> directory for the
<TT
CLASS="computeroutput"
>192.20.225.10</TT
> IP address if you are
using webdot from research.att.com. The easiest way to
accomplish this is to set <TT
CLASS="function"
>$create_htaccess</TT
> to 1
in <TT
CLASS="filename"
>localconfig</TT
>. However, the information below
is provided for those that want to know exactly what is created.
</P
><P ><P
>FIX ME BEFORE RELEASE!!!!! >You should check <A
Note the instructions which follow are Apache-specific. If you HREF="http.html"
use IIS, Netscape, or other non-Apache web servers, please consult >Section 4.4</A
your system documentation for how to secure these files from being > to see if instructions
transmitted to curious users.</P have been included for your web server. You should also compare those
></LI instructions with this list to make sure everything is properly
></OL accounted for.
>
</P </P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV ></DIV
><DIV ><DIV
CLASS="NAVFOOTER" CLASS="NAVFOOTER"
......
docs/html/stepbystep.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Installation" TITLE="Installation"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -863,7 +863,7 @@ CLASS="section" ...@@ -863,7 +863,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN556" NAME="AEN586"
></A ></A
>4.1.5.1. DBI</H3 >4.1.5.1. DBI</H3
><P ><P
...@@ -878,7 +878,7 @@ CLASS="section" ...@@ -878,7 +878,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN559" NAME="AEN589"
></A ></A
>4.1.5.2. Data::Dumper</H3 >4.1.5.2. Data::Dumper</H3
><P ><P
...@@ -892,7 +892,7 @@ CLASS="section" ...@@ -892,7 +892,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN562" NAME="AEN592"
></A ></A
>4.1.5.3. MySQL-related modules</H3 >4.1.5.3. MySQL-related modules</H3
><P ><P
...@@ -918,7 +918,7 @@ CLASS="section" ...@@ -918,7 +918,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN567" NAME="AEN597"
></A ></A
>4.1.5.4. TimeDate modules</H3 >4.1.5.4. TimeDate modules</H3
><P ><P
...@@ -934,7 +934,7 @@ CLASS="section" ...@@ -934,7 +934,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN570" NAME="AEN600"
></A ></A
>4.1.5.5. GD (optional)</H3 >4.1.5.5. GD (optional)</H3
><P ><P
...@@ -989,7 +989,7 @@ CLASS="section" ...@@ -989,7 +989,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN577" NAME="AEN607"
></A ></A
>4.1.5.6. Chart::Base (optional)</H3 >4.1.5.6. Chart::Base (optional)</H3
><P ><P
...@@ -1004,7 +1004,7 @@ CLASS="section" ...@@ -1004,7 +1004,7 @@ CLASS="section"
><H3 ><H3
CLASS="section" CLASS="section"
><A ><A
NAME="AEN580" NAME="AEN610"
></A ></A
>4.1.5.7. Template Toolkit</H3 >4.1.5.7. Template Toolkit</H3
><P ><P
...@@ -1073,7 +1073,7 @@ CLASS="section" ...@@ -1073,7 +1073,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN590" NAME="AEN620"
></A ></A
>4.1.7. Bugzilla</H2 >4.1.7. Bugzilla</H2
><P ><P
...@@ -1223,7 +1223,7 @@ WIDTH="100%" ...@@ -1223,7 +1223,7 @@ WIDTH="100%"
COLOR="#000000" COLOR="#000000"
><PRE ><PRE
CLASS="programlisting" CLASS="programlisting"
>&#13;perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm processmail syncshadowdb >&#13;perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm syncshadowdb
</PRE </PRE
></FONT ></FONT
></TD ></TD
...@@ -1243,7 +1243,7 @@ CLASS="section" ...@@ -1243,7 +1243,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN615" NAME="AEN645"
></A ></A
>4.1.8. Setting Up the MySQL Database</H2 >4.1.8. Setting Up the MySQL Database</H2
><P ><P
...@@ -1416,7 +1416,7 @@ CLASS="section" ...@@ -1416,7 +1416,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN651" NAME="AEN681"
></A ></A
>4.1.9. <TT >4.1.9. <TT
CLASS="filename" CLASS="filename"
...@@ -1569,287 +1569,9 @@ CLASS="section" ...@@ -1569,287 +1569,9 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN683" NAME="AEN713"
></A ></A
>4.1.10. Securing MySQL</H2 >4.1.10. Configuring Bugzilla</H2
><P
>If you followed the installation instructions for setting up your
"bugs" and "root" user in MySQL, much of this should not apply to you.
If you are upgrading an existing installation of Bugzilla, you should
pay close attention to this section.</P
><P
>Most MySQL installs have "interesting" default security
parameters:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>mysqld defaults to running as root</TD
></TR
><TR
><TD
>it defaults to allowing external network connections</TD
></TR
><TR
><TD
>it has a known port number, and is easy to detect</TD
></TR
><TR
><TD
>it defaults to no passwords whatsoever</TD
></TR
><TR
><TD
>it defaults to allowing "File_Priv"</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>This means anyone from anywhere on the Internet can not only drop
the database with one SQL command, and they can write as root to the
system.</P
><P
>To see your permissions do:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>bash#</TT
>
<B
CLASS="command"
>mysql -u root -p</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>use mysql;</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>show tables;</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>select * from user;</B
>
</TT
>
</TD
></TR
><TR
><TD
>&#13; <TT
CLASS="computeroutput"
>&#13; <TT
CLASS="prompt"
>mysql&#62;</TT
>
<B
CLASS="command"
>select * from db;</B
>
</TT
>
</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>To fix the gaping holes:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>DELETE FROM user WHERE User='';</TD
></TR
><TR
><TD
>UPDATE user SET Password=PASSWORD('new_password') WHERE
user='root';</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>If you're not running "mit-pthreads" you can use:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@localhost;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@localhost;</TD
></TR
><TR
><TD
>REVOKE DROP ON bugs.* FROM bugs@localhost;</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>With "mit-pthreads" you'll need to modify the "globals.pl"
Mysql-&#62;Connect line to specify a specific host name instead of
"localhost", and accept external connections:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>GRANT USAGE ON *.* TO bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>GRANT ALL ON bugs.* TO bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;</TD
></TR
><TR
><TD
>FLUSH PRIVILEGES;</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>Consider also:
<P
></P
><OL
TYPE="1"
><LI
><P
>Turning off external networking with "--skip-networking",
unless you have "mit-pthreads", in which case you can't. Without
networking, MySQL connects with a Unix domain socket.</P
></LI
><LI
><P
>using the --user= option to mysqld to run it as an
unprivileged user.</P
></LI
><LI
><P
>running MySQL in a chroot jail</P
></LI
><LI
><P
>running the httpd in a chroot jail</P
></LI
><LI
><P
>making sure the MySQL passwords are different from the OS
passwords (MySQL "root" has nothing to do with system
"root").</P
></LI
><LI
><P
>running MySQL on a separate untrusted machine</P
></LI
><LI
><P
>making backups ;-)</P
></LI
></OL
>
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN749"
></A
>4.1.11. Configuring Bugzilla</H2
><P ><P
>&#13; You should run through the parameters on the Edit Parameters page >&#13; You should run through the parameters on the Edit Parameters page
(link in the footer) and set them all to appropriate values. (link in the footer) and set them all to appropriate values.
......
docs/html/troubleshooting.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Installation" TITLE="Installation"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -85,7 +85,7 @@ CLASS="section" ...@@ -85,7 +85,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1063" NAME="AEN1009"
></A ></A
>4.5.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1</H2 >4.5.1. Bundle::Bugzilla makes me upgrade to Perl 5.6.1</H2
><P ><P
...@@ -110,7 +110,7 @@ CLASS="section" ...@@ -110,7 +110,7 @@ CLASS="section"
><H2 ><H2
CLASS="section" CLASS="section"
><A ><A
NAME="AEN1068" NAME="AEN1014"
></A ></A
>4.5.2. DBD::Sponge::db prepare failed</H2 >4.5.2. DBD::Sponge::db prepare failed</H2
><P ><P
......
docs/html/upgrading.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/useradmin.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/userpreferences.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Using Bugzilla" TITLE="Using Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/using.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Why Should We Use Bugzilla?" TITLE="Why Should We Use Bugzilla?"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -122,7 +122,7 @@ HREF="hintsandtips.html" ...@@ -122,7 +122,7 @@ HREF="hintsandtips.html"
><DL ><DL
><DT ><DT
>3.2.1. <A >3.2.1. <A
HREF="hintsandtips.html#AEN340" HREF="hintsandtips.html#AEN370"
>Autolinkification</A >Autolinkification</A
></DT ></DT
><DT ><DT
...@@ -142,7 +142,7 @@ HREF="hintsandtips.html#attachments" ...@@ -142,7 +142,7 @@ HREF="hintsandtips.html#attachments"
></DT ></DT
><DT ><DT
>3.2.5. <A >3.2.5. <A
HREF="hintsandtips.html#AEN369" HREF="hintsandtips.html#AEN399"
>Filing Bugs</A >Filing Bugs</A
></DT ></DT
></DL ></DL
......
docs/html/variant-fenris.html
View file @ cf24e428
...@@ -7,14 +7,14 @@ NAME="GENERATOR" ...@@ -7,14 +7,14 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
HREF="variants.html"><LINK HREF="variants.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Red Hat Bugzilla" TITLE="Red Hat Bugzilla"
HREF="rhbugzilla.html"><LINK HREF="variant-redhat.html"><LINK
REL="NEXT" REL="NEXT"
TITLE="Issuezilla" TITLE="Issuezilla"
HREF="variant-issuezilla.html"></HEAD HREF="variant-issuezilla.html"></HEAD
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -45,7 +45,7 @@ WIDTH="10%" ...@@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left" ALIGN="left"
VALIGN="bottom" VALIGN="bottom"
><A ><A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
ACCESSKEY="P" ACCESSKEY="P"
>Prev</A >Prev</A
></TD ></TD
...@@ -100,7 +100,7 @@ WIDTH="33%" ...@@ -100,7 +100,7 @@ WIDTH="33%"
ALIGN="left" ALIGN="left"
VALIGN="top" VALIGN="top"
><A ><A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
ACCESSKEY="P" ACCESSKEY="P"
>Prev</A >Prev</A
></TD ></TD
......
docs/html/variant-issuezilla.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -82,7 +82,7 @@ NAME="variant-issuezilla" ...@@ -82,7 +82,7 @@ NAME="variant-issuezilla"
at tigris.org is their Java-based bug-tracker, at tigris.org is their Java-based bug-tracker,
<A <A
HREF="variant-scarab.html" HREF="variant-scarab.html"
>Scarab</A >Section D.4</A
>.</P >.</P
><P ><P
>This section last updated 27 Jul 2002</P >This section last updated 27 Jul 2002</P
......
docs/html/variant-perforce.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/rhbugzilla.html docs/html/variant-redhat.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -73,7 +73,7 @@ CLASS="section" ...@@ -73,7 +73,7 @@ CLASS="section"
><H1 ><H1
CLASS="section" CLASS="section"
><A ><A
NAME="rhbugzilla" NAME="variant-redhat"
></A ></A
>D.1. Red Hat Bugzilla</H1 >D.1. Red Hat Bugzilla</H1
><P ><P
......
docs/html/variant-scarab.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/variant-sourceforge.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Bugzilla Variants and Competitors" TITLE="Bugzilla Variants and Competitors"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/variants.html
View file @ cf24e428
...@@ -7,14 +7,14 @@ NAME="GENERATOR" ...@@ -7,14 +7,14 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="PREVIOUS" REL="PREVIOUS"
TITLE="Command-line Bugzilla Queries" TITLE="Command-line Bugzilla Queries"
HREF="cmdline.html"><LINK HREF="cmdline.html"><LINK
REL="NEXT" REL="NEXT"
TITLE="Red Hat Bugzilla" TITLE="Red Hat Bugzilla"
HREF="rhbugzilla.html"></HEAD HREF="variant-redhat.html"></HEAD
><BODY ><BODY
CLASS="appendix" CLASS="appendix"
BGCOLOR="#FFFFFF" BGCOLOR="#FFFFFF"
...@@ -34,7 +34,7 @@ CELLSPACING="0" ...@@ -34,7 +34,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
...@@ -56,7 +56,7 @@ WIDTH="10%" ...@@ -56,7 +56,7 @@ WIDTH="10%"
ALIGN="right" ALIGN="right"
VALIGN="bottom" VALIGN="bottom"
><A ><A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
ACCESSKEY="N" ACCESSKEY="N"
>Next</A >Next</A
></TD ></TD
...@@ -81,7 +81,7 @@ CLASS="TOC" ...@@ -81,7 +81,7 @@ CLASS="TOC"
></DT ></DT
><DT ><DT
>D.1. <A >D.1. <A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
>Red Hat Bugzilla</A >Red Hat Bugzilla</A
></DT ></DT
><DT ><DT
...@@ -157,7 +157,7 @@ WIDTH="33%" ...@@ -157,7 +157,7 @@ WIDTH="33%"
ALIGN="right" ALIGN="right"
VALIGN="top" VALIGN="top"
><A ><A
HREF="rhbugzilla.html" HREF="variant-redhat.html"
ACCESSKEY="N" ACCESSKEY="N"
>Next</A >Next</A
></TD ></TD
......
docs/html/voting.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Administering Bugzilla" TITLE="Administering Bugzilla"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/whatis.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Introduction" TITLE="Introduction"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/html/why.html
View file @ cf24e428
...@@ -7,7 +7,7 @@ NAME="GENERATOR" ...@@ -7,7 +7,7 @@ NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK "><LINK
REL="HOME" REL="HOME"
TITLE="The Bugzilla Guide" TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK HREF="index.html"><LINK
REL="UP" REL="UP"
TITLE="Introduction" TITLE="Introduction"
...@@ -37,7 +37,7 @@ CELLSPACING="0" ...@@ -37,7 +37,7 @@ CELLSPACING="0"
><TH ><TH
COLSPAN="3" COLSPAN="3"
ALIGN="center" ALIGN="center"
>The Bugzilla Guide</TH >The Bugzilla Guide - 2.17.4 Development Release</TH
></TR ></TR
><TR ><TR
><TD ><TD
......
docs/txt/Bugzilla-Guide.txt
View file @ cf24e428
The Bugzilla Guide The Bugzilla Guide - 2.17.4 Development Release
Matthew P. Barnson Matthew P. Barnson
The Bugzilla Team Jacob Steenhagen
2.17.3 Development Release Edition The Bugzilla Team
2003-01-02 2003-02-16
This is the documentation for Bugzilla, the mozilla.org bug-tracking This is the documentation for Bugzilla, the mozilla.org bug-tracking
system. Bugzilla is an enterprise-class piece of software that powers system. Bugzilla is an enterprise-class piece of software that powers
...@@ -166,7 +166,7 @@ Chapter 1. About This Guide ...@@ -166,7 +166,7 @@ Chapter 1. About This Guide
1.3. New Versions 1.3. New Versions
This is the 2.17.3 version of The Bugzilla Guide. It is so named to This is the 2.17.4 version of The Bugzilla Guide. It is so named to
match the current version of Bugzilla. This version of the guide, like match the current version of Bugzilla. This version of the guide, like
its associated Bugzilla version is a development version. Information its associated Bugzilla version is a development version. Information
is subject to change between now and when 2.18 is released. If you are is subject to change between now and when 2.18 is released. If you are
...@@ -196,32 +196,41 @@ Chapter 1. About This Guide ...@@ -196,32 +196,41 @@ Chapter 1. About This Guide
efforts, numerous e-mail and IRC support sessions, and overall efforts, numerous e-mail and IRC support sessions, and overall
excellent contribution to the Bugzilla community: excellent contribution to the Bugzilla community:
Matthew P. Barnson for the Herculaean task of pulling together the Matthew P. Barnson <mbarnson@sisna.com>
Bugzilla Guide and shepherding it to 2.14. for the Herculaean task of pulling together the Bugzilla Guide
and shepherding it to 2.14.
Terry Weissman for initially writing Bugzilla and creating the README Terry Weissman <terry@mozilla.org>
upon which the UNIX installation documentation is largely based. for initially writing Bugzilla and creating the README upon
which the UNIX installation documentation is largely based.
Tara Hernandez for keeping Bugzilla development going strong after Tara Hernandez <tara@tequilarists.org>
Terry left mozilla.org for keeping Bugzilla development going strong after Terry left
mozilla.org and for running landfill.
Dave Lawrence for providing insight into the key differences between Dave Lawrence <dkl@redhat.com>
Red Hat's customized Bugzilla, and being largely responsible for the for providing insight into the key differences between Red
"Red Hat Bugzilla" appendix Hat's customized Bugzilla, and being largely responsible for
Section D.1.
Dawn Endico for being a hacker extraordinaire and putting up with my Dawn Endico <endico@mozilla.org>
incessant questions and arguments on irc.mozilla.org in #mozwebtools for being a hacker extraordinaire and putting up with Matthew's
incessant questions and arguments on irc.mozilla.org in
#mozwebtools
Jacob Steenhagen <jake@bugzilla.org>
for taking over documentation during the 2.17 development
period.
Last but not least, all the members of the Last but not least, all the members of the
netscape.public.mozilla.webtools newsgroup. Without your discussions, news://news.mozilla.org/netscape/public/mozilla/webtools newsgroup.
insight, suggestions, and patches, this could never have happened. Without your discussions, insight, suggestions, and patches, this
could never have happened.
Thanks also go to the following people for significant contributions Thanks also go to the following people for significant contributions
to this documentation (in no particular order): to this documentation (in alphabetical order): Andrew Pearson, Ben
FrantzDale, Eric Hanson, Gervase Markham, Joe Robins, Kevin Brannen,
Zach Liption, Andrew Pearson, Spencer Smith, Eric Hanson, Kevin Ron Teitelbaum, Spencer Smith, Zach Liption .
Brannen, Ron Teitelbaum, Jacob Steenhagen, Joe Robins, Gervase
Markham.
_________________________________________________________________ _________________________________________________________________
1.5. Document Conventions 1.5. Document Conventions
...@@ -951,7 +960,7 @@ Chapter 4. Installation ...@@ -951,7 +960,7 @@ Chapter 4. Installation
to perl on your system inside /usr/bonsaitools/bin to perl on your system inside /usr/bonsaitools/bin
perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm
processmail syncshadowdb syncshadowdb
Change /usr/bin/perl to match the location of Perl on your machine. Change /usr/bin/perl to match the location of Perl on your machine.
_________________________________________________________________ _________________________________________________________________
...@@ -1031,71 +1040,7 @@ processmail syncshadowdb ...@@ -1031,71 +1040,7 @@ processmail syncshadowdb
Bugzilla. Bugzilla.
_________________________________________________________________ _________________________________________________________________
4.1.10. Securing MySQL 4.1.10. Configuring Bugzilla
If you followed the installation instructions for setting up your
"bugs" and "root" user in MySQL, much of this should not apply to you.
If you are upgrading an existing installation of Bugzilla, you should
pay close attention to this section.
Most MySQL installs have "interesting" default security parameters:
mysqld defaults to running as root
it defaults to allowing external network connections
it has a known port number, and is easy to detect
it defaults to no passwords whatsoever
it defaults to allowing "File_Priv"
This means anyone from anywhere on the Internet can not only drop the
database with one SQL command, and they can write as root to the
system.
To see your permissions do:
bash# mysql -u root -p
mysql> use mysql;
mysql> show tables;
mysql> select * from user;
mysql> select * from db;
To fix the gaping holes:
DELETE FROM user WHERE User='';
UPDATE user SET Password=PASSWORD('new_password') WHERE user='root';
FLUSH PRIVILEGES;
If you're not running "mit-pthreads" you can use:
GRANT USAGE ON *.* TO bugs@localhost;
GRANT ALL ON bugs.* TO bugs@localhost;
REVOKE DROP ON bugs.* FROM bugs@localhost;
FLUSH PRIVILEGES;
With "mit-pthreads" you'll need to modify the "globals.pl"
Mysql->Connect line to specify a specific host name instead of
"localhost", and accept external connections:
GRANT USAGE ON *.* TO bugs@bounce.hop.com;
GRANT ALL ON bugs.* TO bugs@bounce.hop.com;
REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;
FLUSH PRIVILEGES;
Consider also:
1. Turning off external networking with "--skip-networking", unless
you have "mit-pthreads", in which case you can't. Without
networking, MySQL connects with a Unix domain socket.
2. using the --user= option to mysqld to run it as an unprivileged
user.
3. running MySQL in a chroot jail
4. running the httpd in a chroot jail
5. making sure the MySQL passwords are different from the OS
passwords (MySQL "root" has nothing to do with system "root").
6. running MySQL on a separate untrusted machine
7. making backups ;-)
_________________________________________________________________
4.1.11. Configuring Bugzilla
You should run through the parameters on the Edit Parameters page You should run through the parameters on the Edit Parameters page
(link in the footer) and set them all to appropriate values. They key (link in the footer) and set them all to appropriate values. They key
...@@ -1255,45 +1200,7 @@ set=ISO-8859-1/i" *.cgi *.pl ...@@ -1255,45 +1200,7 @@ set=ISO-8859-1/i" *.cgi *.pl
making bugzilla charset aware by default. making bugzilla charset aware by default.
_________________________________________________________________ _________________________________________________________________
4.2.6. .htaccess files and security 4.2.6. directoryindex for the Bugzilla default page.
To enhance the security of your Bugzilla installation, Bugzilla's
checksetup.pl script will generate .htaccess files which the Apache
webserver can use to restrict access to the bugzilla data files. These
.htaccess files will not work with Apache 1.2.x - but this has
security holes, so you shouldn't be using it anyway.
Note
If you are using an alternate provider of webdot services for graphing
(as described when viewing editparams.cgi in your web browser), you
will need to change the ip address in data/webdot/.htaccess to the ip
address of the webdot server that you are using.
The default .htaccess file may not provide adequate access
restrictions, depending on your web server configuration. Be sure to
check the <Directory> entries for your Bugzilla directory so that the
.htaccess file is allowed to override web server defaults. For
instance, let's assume your installation of Bugzilla is installed to
/usr/local/bugzilla . You should have this <Directory> entry in your
httpd.conf file:
<Directory /usr/local/bugzilla/>
Options +FollowSymLinks +Indexes +Includes +ExecCGI
AllowOverride All
</Directory>
The important part above is "AllowOverride All" . Without that, the
.htaccess file created by checksetup.pl will not have sufficient
permissions to protect your Bugzilla installation.
If you are using Internet Information Server (IIS) or another web
server which does not observe .htaccess conventions, you can disable
their creation by editing localconfig and setting the $create_htaccess
variable to 0.
_________________________________________________________________
4.2.7. directoryindex for the Bugzilla default page.
You should modify the <DirectoryIndex> parameter for the Apache You should modify the <DirectoryIndex> parameter for the Apache
virtual host running your Bugzilla installation to allow index.cgi as virtual host running your Bugzilla installation to allow index.cgi as
...@@ -1301,13 +1208,13 @@ set=ISO-8859-1/i" *.cgi *.pl ...@@ -1301,13 +1208,13 @@ set=ISO-8859-1/i" *.cgi *.pl
index.htm, and so forth. index.htm, and so forth.
_________________________________________________________________ _________________________________________________________________
4.2.8. Bugzilla and mod_perl 4.2.7. Bugzilla and mod_perl
Bugzilla is unsupported under mod_perl. Effort is underway to make it Bugzilla is unsupported under mod_perl. Effort is underway to make it
work cleanly in a mod_perl environment, but it is slow going. work cleanly in a mod_perl environment, but it is slow going.
_________________________________________________________________ _________________________________________________________________
4.2.9. mod_throttle and Security 4.2.8. mod_throttle and Security
It is possible for a user, by mistake or on purpose, to access the It is possible for a user, by mistake or on purpose, to access the
database many times in a row which can result in very slow access database many times in a row which can result in very slow access
...@@ -1369,7 +1276,7 @@ C:\perl> ppm <module name> ...@@ -1369,7 +1276,7 @@ C:\perl> ppm <module name>
Template Toolkit. The Template Toolkit website suggests using the Template Toolkit. The Template Toolkit website suggests using the
instructions on OpenInteract's website. instructions on OpenInteract's website.
Note Tip
A complete list of modules that can be installed using ppm can be A complete list of modules that can be installed using ppm can be
found at http://www.activestate.com/PPMPackages/5.6plus. found at http://www.activestate.com/PPMPackages/5.6plus.
...@@ -1400,33 +1307,30 @@ my $webservergid = getgrnam($my_webservergroup) ...@@ -1400,33 +1307,30 @@ my $webservergid = getgrnam($my_webservergroup)
my $webservergid = '8' my $webservergid = '8'
_________________________________________________________________ _________________________________________________________________
4.3.1.3.2. Making mail work 4.3.1.3.2. System Calls
The easiest way to get mail working is to use the mail patches on bug
124174. With any luck, this patch will receive the required reviews
and integrated into the main Bugzilla distribution very soon. Until
that happens, there's at least one report of this patch working well
on Windows.
_________________________________________________________________
4.3.1.3.3. System Calls
In order to get system calls to work on win32's perl, you need to tell In order to get system calls to work on win32's perl, you need to tell
the windows shell what interpreter to use. This is done by changing the windows shell what interpreter to use. This is done by changing
the system calls. You will need to search all of Bugzilla's code for the system calls. You will need to search all of Bugzilla's code for
system calls. To tell perl your interpreter, it needs to be the first system calls. To tell perl your interpreter, it needs to be the first
argument to the system call. For example, you'll need to change: argument to the system call. For example, you'll need to change:
system("./processmail", $id, $exporter); system("$webdotbase","-Tpng","-o","$pngfilename","$filename");
with with
system("C:\\perl\\bin\\perl", "processmail", $id, $exporter); system("C:\\perl\\bin\\perl", "$webdotbase","-Tpng","-o","$pngfilename","$filen
ame");
Notice that the ./ is also removed.
Tip Tip
The grep command is very helpful in finding these system calls, The grep command is very helpful in finding these system calls,
assuming you have the cygwin utilities. assuming you have the cygwin utilities.
Note
It appears that the only system call remaining in the Bugzilla
codebase is in showdependencygraph.cgi. Not changing this file will
only cause dependency graphs to not function if the webdotbase
paramater points to a local installation of GraphViz.
_________________________________________________________________ _________________________________________________________________
4.3.1.4. Serving the web pages 4.3.1.4. Serving the web pages
...@@ -1434,7 +1338,7 @@ system("C:\\perl\\bin\\perl", "processmail", $id, $exporter); ...@@ -1434,7 +1338,7 @@ system("C:\\perl\\bin\\perl", "processmail", $id, $exporter);
As is the case on Unix based systems, any web server should be able to As is the case on Unix based systems, any web server should be able to
handle Bugzilla; however, the Bugzilla Team still recommends Apache handle Bugzilla; however, the Bugzilla Team still recommends Apache
whenever asked. No matter what web server you choose, be sure to pay whenever asked. No matter what web server you choose, be sure to pay
attention to the security notes in Section 5.6. More information on attention to the security notes in Section 5.6.4. More information on
configuring specific web servers can be found in Section 4.4. configuring specific web servers can be found in Section 4.4.
Note Note
...@@ -1492,7 +1396,7 @@ system("C:\\perl\\bin\\perl", "processmail", $id, $exporter); ...@@ -1492,7 +1396,7 @@ system("C:\\perl\\bin\\perl", "processmail", $id, $exporter);
web server that can be configured to run CGI scripts should be able to web server that can be configured to run CGI scripts should be able to
handle Bugzilla. No matter what web server you choose, but especially handle Bugzilla. No matter what web server you choose, but especially
if you choose something other than Apache, you should be sure to read if you choose something other than Apache, you should be sure to read
Section 5.6. Section 5.6.4.
The plan for this section is to eventually document the specifics of The plan for this section is to eventually document the specifics of
how to lock down permissions on individual web servers. how to lock down permissions on individual web servers.
...@@ -1535,7 +1439,7 @@ AllowOverride Limit ...@@ -1535,7 +1439,7 @@ AllowOverride Limit
$BUGZILLA_HOME/.htaccess $BUGZILLA_HOME/.htaccess
# don't allow people to retrieve non-cgi executable files or our private data # don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$> <FilesMatch ^(.*\.pl|.*localconfig.*|runtests.sh)$>
deny from all deny from all
</FilesMatch> </FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$> <FilesMatch ^(localconfig.js|localconfig.rdf)$>
...@@ -1591,7 +1495,7 @@ deny from all ...@@ -1591,7 +1495,7 @@ deny from all
Also, and this can't be stressed enough, make sure that files such as Also, and this can't be stressed enough, make sure that files such as
localconfig and your data directory are secured as described in localconfig and your data directory are secured as described in
Section 5.6. Section 5.6.4.
_________________________________________________________________ _________________________________________________________________
4.4.3. AOL Server 4.4.3. AOL Server
...@@ -1609,11 +1513,14 @@ deny from all ...@@ -1609,11 +1513,14 @@ deny from all
with the following contents (change /bugzilla/ to the web-based path with the following contents (change /bugzilla/ to the web-based path
to your Bugzilla installation): to your Bugzilla installation):
ns_register_filter preauth GET /bugzilla/localconfig filter_deny ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny
ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny
ns_register_filter preauth GET /bugzilla/*.pl filter_deny ns_register_filter preauth GET /bugzilla/*.pl filter_deny
ns_register_filter preauth GET /bugzilla/localconfig filter_deny
ns_register_filter preauth GET /bugzilla/processmail filter_deny
ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny
ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny
ns_register_filter preauth GET /bugzilla/data/* filter_deny
ns_register_filter preauth GET /bugzilla/template/* filter_deny
proc filter_deny { why } { proc filter_deny { why } {
ns_log Notice "filter_deny" ns_log Notice "filter_deny"
...@@ -1622,11 +1529,19 @@ proc filter_deny { why } { ...@@ -1622,11 +1529,19 @@ proc filter_deny { why } {
Warning Warning
This doesn't appear to account for everything mentioned in Section This probably doesn't account for all possible editor backup files so
5.6. In particular, it doesn't block access to the data or template you may wish to add some additional variations of localconfig. For
directories. It also doesn't account for the editor backup files that more information, see bug 186383 or Bugtraq ID 6501.
were the topic of bug 186383, Bugtraq ID 6501, and a partial cause for
the 2.16.2 release. Note
If you are using webdot from research.att.com (the default
configuration for the webdotbase paramater), you will need to allow
access to data/webdot/*.dot for the reasearch.att.com machine.
If you are using a local installation of GraphViz, you will need to
allow everybody to access *.png, *.gif, *.jpg, and *.map in the
data/webdot directory.
_________________________________________________________________ _________________________________________________________________
4.5. Troubleshooting 4.5. Troubleshooting
...@@ -2124,87 +2039,133 @@ Chapter 5. Administering Bugzilla ...@@ -2124,87 +2039,133 @@ Chapter 5. Administering Bugzilla
These instructions must, of necessity, be somewhat vague since These instructions must, of necessity, be somewhat vague since
Bugzilla runs on so many different platforms. If you have refinements Bugzilla runs on so many different platforms. If you have refinements
of these directions for specific platforms, please submit them to of these directions, please submit a bug to Bugzilla Documentation.
mozilla-webtools@mozilla.org
To secure your installation: Warning
1. There is no substitute for understanding the tools on your system! This is not meant to be a comprehensive list of every possible
Read The MySQL Privilege System until you can recite it from security issue regarding the tools mentioned in this section. There is
memory! no subsitute for reading the information written by the authors of any
2. Lock down /etc/inetd.conf. Heck, disable inet entirely on this software running on your system.
box. It should only listen to port 25 for Sendmail and port 80 for _________________________________________________________________
Apache.
3. Do not run Apache as "nobody" . This will require very lax
permissions in your Bugzilla directories. Run it, instead, as a
user with a name, set via your httpd.conf file.
Note 5.6.1. TCP/IP Ports
"nobody" is a real user on UNIX systems. Having a process run as user TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla only
id "nobody" is absolutely no protection against system crackers versus needs 1... 2 if you need to use features that require e-mail such as
using any other user account. As a general security measure, I bug moving or the e-mail interface from contrib. You should audit your
recommend you create unique user ID's for each daemon running on your server and make sure that you aren't listening on any ports you don't
system and, if possible, use "chroot" to jail that process away from need to be. You may also wish to use some kind of firewall software to
the rest of your system. be sure that trafic can only be recieved on ports you specify.
4. Ensure you have adequate access controls for the _________________________________________________________________
$BUGZILLA_HOME/data/ directory, as well as the
$BUGZILLA_HOME/localconfig file. The localconfig file stores your
"bugs" database account password. In addition, some files under
$BUGZILLA_HOME/data/ store sensitive information.
Also, beware that some text editors create backup files in the
current working directory so you need to also secure files like
localconfig~.
Note 5.6.2. MySQL
MySQL ships by default with many settings that should be changed. By
defaults it allows anybody to connect from localhost without a
password and have full administrative capabilities. It also defaults
to not have a root password (this is not the same as the system root).
Also, many installations default to running mysqld as the system root.
1. Consult the documentation that came with your system for
information on making mysqld run as an unprivleged user.
2. You should also be sure to disable the anonymous user account and
set a password for the root user. This is accomplished using the
following commands:
bash$ mysql mysql
mysql> DELETE FROM user WHERE user = '';
mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
mysql> FLUSH PRIVILEGES;
From this point forward you will need to use mysql -u root -p and
enter new_password when prompted when using the mysql client.
3. If you run MySQL on the same machine as your httpd server, you
should consider disabling networking from within MySQL by adding
the following to your /etc/my.conf:
[myslqd]
# Prevent network access to MySQL.
skip-networking
4. You may also consider running MySQL, or even all of Bugzilla in a
chroot jail; however, instructions for doing that are beyond the
scope of this document.
_________________________________________________________________
5.6.3. Daemon Accounts
Simply blocking .*localconfig.* won't work because the QuickSearch Many daemons, such as Apache's httpd and MySQL's mysqld default to
feature requires the web browser to be able to retrieve localconfig.js running as either "root" or "nobody". Running as "root" introduces
and others may be introduced in the future (see bug 186383 for more obvious security problems, but the problems introduced by running
information. everything as "nobody" may not be so obvious. Basically, if you're
Bugzilla provides default .htaccess files to protect the most running every daemon as "nobody" and one of them gets comprimised,
common Apache installations. However, you should verify these are they all get comprimised. For this reason it is recommended that you
adequate according to the site-wide security policy of your web create a user account for each daemon.
server, and ensure that the .htaccess files are allowed to
"override" default permissions set in your Apache configuration
files. Covering Apache security is beyond the scope of this Guide;
please consult the Apache documentation for details.
If you are using a web server that does not support the .htaccess
control method, you are at risk! After installing, check to see if
you can view the file localconfig in your web browser (e.g.:
http://bugzilla.mozilla.org/localconfig ). If you can read the
contents of this file, your web server has not secured your
bugzilla directory properly and you must fix this problem before
deploying Bugzilla. If, however, it gives you a "Forbidden" error,
then it probably respects the .htaccess conventions and you are
good to go.
5. When you run checksetup.pl, the script will attempt to modify
various permissions on files which Bugzilla uses. If you do not
have a webservergroup set in the localconfig file, then Bugzilla
will have to make certain files world readable and/or writable.
THIS IS INSECURE! . This means that anyone who can get access to
your system can do whatever they want to your Bugzilla
installation.
Note Note
This also means that if your webserver runs all cgi scripts as the You will need to set the webservergroup to the group you created for
same user/group, anyone on the system who can run cgi scripts will be your webserver to run as in localconfig. This will allow
able to take control of your Bugzilla installation. ./checksetup.pl to better adjust the file permissions on your Bugzilla
On Apache, you can use .htaccess files to protect access to these install so as to not require making anything world-writable.
directories, as outlined in Bugs 57161 and 186383 for the _________________________________________________________________
localconfig file, and Bug 65572 for adequate protection in your
data/ directory. Also, don't forget about the template/ and 5.6.4. Web Server Access Controls
Bugzilla/ directories and to allow access to the data/webdot
directory for the 192.20.225.10 IP address if you are using webdot There are many files that are placed in the Bugzilla directory area
from research.att.com. The easiest way to accomplish this is to that should not be accessable from the web. Because of the way
set $create_htaccess to 1 in localconfig. However, the information Bugzilla is currently layed out, the list of what should and should
below is provided for those that want to know exactly what is not be accessible is rather complicated. A new installation method is
created. currently in the works which should solve this by allowing files that
FIX ME BEFORE RELEASE!!!!! Note the instructions which follow are shouldn't be accessible from the web to be placed in directory outside
Apache-specific. If you use IIS, Netscape, or other non-Apache web the webroot. See bug 44659 for more information.
servers, please consult your system documentation for how to
secure these files from being transmitted to curious users. * In the main Bugzilla directory, you should:
+ Block: *.pl, *localconfig*, runtests.sh
+ But allow: localconfig.js, localconfig.rdf
* In data:
+ Block everything
+ But allow: duplicates.rdf
* In data/webdot:
+ If you use a remote webdot server:
o Block everything
o But allow *.dot only for the remote webdot server
+ Otherwise, if you use a local GraphViz:
o Block everything
o But allow: *.png, *.gif, *.jpg, *.map
+ And if you don't use any dot:
o Block everything
* In Bugzilla:
+ Block everything
* In template:
+ Block everything
Tip
Bugzilla ships with the ability to generate .htaccess files
instructing Apache which files should and should not be accessible.
For more information, see Section 4.4.1.
You should test to make sure that the files mentioned above are not
accessible from the Internet, especially your localconfig file which
contains your database password. To test, simply point your web
browser at the file; for example, to test mozilla.org's installation,
we'd try to access http://bugzilla.mozilla.org/localconfig. You should
get a 403 Forbidden error.
Caution
Not following the instructions in this section, including testing, may
result in sensitive information being globally accessible.
Tip
You should check Section 4.4 to see if instructions have been included
for your web server. You should also compare those instructions with
this list to make sure everything is properly accounted for.
_________________________________________________________________ _________________________________________________________________
5.7. Template Customization 5.7. Template Customization
...@@ -3237,13 +3198,12 @@ Appendix A. The Bugzilla FAQ ...@@ -3237,13 +3198,12 @@ Appendix A. The Bugzilla FAQ
A.4.6. Email takes FOREVER to reach me from Bugzilla -- it's extremely A.4.6. Email takes FOREVER to reach me from Bugzilla -- it's extremely
slow. What gives? slow. What gives?
If you are using an alternate Mail Transport Agent (MTA other than If you are using an alternate MTA, make sure the options given in
sendmail), make sure the options given in the "processmail" and other Bugzilla/BugMail.pm and any other place where sendmail is called from
scripts for all instances of "sendmail" are correct for your MTA. are correct for your MTA. You should also ensure that the sendmailnow
param is set to on.
If you are using Sendmail, try enabling "sendmailnow" in If you are using sendmail, try enabling sendmailnow in editparams.cgi.
editparams.cgi. If you are using Postfix, you will also need to enable
"sendmailnow".
A.4.7. How come email from Bugzilla changes never reaches me? A.4.7. How come email from Bugzilla changes never reaches me?
...@@ -3914,7 +3874,8 @@ D.3. Issuezilla ...@@ -3914,7 +3874,8 @@ D.3. Issuezilla
Issuezilla was another fork from Bugzilla, made by collab.net and Issuezilla was another fork from Bugzilla, made by collab.net and
hosted at tigris.org. It is also dead; the primary focus of hosted at tigris.org. It is also dead; the primary focus of
bug-tracking at tigris.org is their Java-based bug-tracker, Scarab. bug-tracking at tigris.org is their Java-based bug-tracker, Section
D.4.
This section last updated 27 Jul 2002 This section last updated 27 Jul 2002
_________________________________________________________________ _________________________________________________________________
...@@ -4417,12 +4378,21 @@ J ...@@ -4417,12 +4378,21 @@ J
M M
mysqld Message Transport Agent (MTA)
mysqld is the name of the daemon for the MySQL database. In A Message Transport Agent is used to control the flow of email
general, it is invoked automatically through the use of the on a system. Many unix based systems use sendmail which is what
System V init scripts on GNU/Linux and AT&T System V-based Bugzilla expects to find by default at /usr/sbin/sendmail. Many
systems, such as Solaris and HP/UX, or through the RC scripts other MTA's will work, but they all require that the
on BSD-based systems. sendmailnow param be set to on.
MySQL
MySQL is currently the required RDBMS for Bugzilla. MySQL can
be downloaded from http://www.mysql.com. While you should
familiarize yourself with all of the documentation, some high
points are:
+ MySQL Privilege System - Much more detailed information about
the suggestions in Section 5.6.2.
P P
...@@ -4450,6 +4420,13 @@ Q ...@@ -4450,6 +4420,13 @@ Q
progress of bugs over their life cycle, thus the need for the progress of bugs over their life cycle, thus the need for the
"QA Contact" field in a bug. "QA Contact" field in a bug.
R
Relational DataBase Managment System (RDBMS)
A relational database management system is a database system
that stores information in tables that are related to each
other.
S S
SGML SGML
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment