[Gnumed-devel] Re: install notes

[Andreas Tille]

On Tue, 15 Jun 2004, Michael Bonert wrote:

Besides Karsten's answers I would like to add some more comments:

> 1. I know the way I do stuff is a bit half-baked from the security
> side of things.  Thing is, I don't care 'nuff at this point to figure
> out nuances--especially if I have to spend energy just to get
> stuff working.
Well, there were two points in my answer critizising your postgresql setup

 1. Security point of view: While we are in alpha state we *could* go with
    some weak settings.  But you might think about users who might run
    other applications on their machine which depend on a secure server
    and *if* we *know* a more secure way (see my postings) I see no reason
    why we should ignore this.
 2. "Get it working" point of view: You mentioned several issues with
    user connections to the Postgresql server.  These are IMHO caused
    by the wrong setup method (its not only insecure it is not the right
    way to go).  So I was wondering why you did not gave the method a
    try which I suggested to use.

> 2. I don't think it is realistic to expect that people wade through
> the mail archive to figure-out how the heck one gets things
> working.
Not really and I hate that I'm so far behind my time frame.  I also
do not expect that random people search the archive.  I was just wondering
why you did not replied to the mails I wrote as an answer to your first
two trials and thought you would not have read them because the main
points I answered to you were not contained in your latest install guide.
Feel free to ask me on list or in private if I was not clear enouth in
my explanations.  I'd be happy to clarify anything which might remain
unclear.

> 3. At this point I prefer to do things in a generic way
> (read: more-or-less distribution independent).
OK, but you was refering to Debian-Sarge.  I guess the general hints I
wrote (for instance about restarting the postgresql server) should be
valid for other distributions as well.  For instance I'd suggest that
you should immediately should change your distribution if you can not do

   # /etc/init.d/postgresql restart

to accomplish this.  If I'm not totally misleaded this is possible for
all modern distributions and has the sense that any distribution specific
settings will be regarded.  You could seriousely break your PostgreSQL
installation if you do it otherwise.

Moreover I would love if people would check whether their pg_hba.conf
syntax allows refering to list of users using the "@userlist" syntax.
IMHO it was a Debian specific patch to PostgreSQL but went into the
main distribution.  This has the great advantage that you can keep
your pg_hba.conf untouched if you want to add GnuMed users.  You
can just edit this list and restart PostgreSQL.

> I put together the last email because it goes start
> to finish... and almost gets you there--something it seems hasn't
> been done too recently.  Also, I'm sure that a handful of people
> out there have taken a look at GnuMed... tried to install it and
> just gave up.
I guess you are right here and that's a pitty.  That's why your
guide is very welcome.

> My guide wasn't written to make things
> rock solid.  It was put together so someone doesn't have to
> wade through 4-5 months of the archive...
Perfectly all right.  My intention was to enhance your guide.  Also
my suggestions do not make it rock solid.  But I found things in your
guide which should be enhanced and even things which are wrong and
would misslead users.  That's why I posted this.  I even thought I
would give you some helping hand for your own installation.  Tell me
if I failed here and I will try to make my point more clearly.

> seeing how the install manual is out-of-date.
That's a pitty and I hope our discussion here would enhance this
situation.

Kind regards

          Andreas.