Sablime Configuration Management System • v8.3
A separate Web Sablime upgrade is not required if you are upgrading from any recent version of Sablime: any version v6.0u1 or later. If you followed the instructions in the Sablime Upgrade Guide, then your Web Sablime instance will already be updated.
Also see Web Sablime Security box below
The guide applies to new installations of Sablime (and also to upgrades from very old versions of Web Sablime - see box). The guide provides Web Sablime installation information and instructions for the Sablime Administrator and for the Web Server Administrator.
The Sablime Administrator is the owner of Sablime binaries and databases. The Web Server Administrator is someone who has permissions to update the configuration file for the Web Server, and who can restart it when necessary.
Web Sablime Security Older versions of Sablime’s web interface made use of a setuid-root executable to cause the actions of web users to be executed on the host under the user’s actual ID.
Sablime included a Web Sablime Security Guide intended to reassure the System Administrator that this setuid-root utility was reasonable and that it had plenty of built-in protections against abuse.
New Web Sablime installations do not require the presence of a setuid-root executable. Actions initiated through the web interface are executed under the ID of the Web Server.
The sablime_install installation script that comes with the package will upgrade your Web Sablime instance from any version v6.0u1 or later, usually removing the dependence on the setuid-root executable.
However, if your setup is such that its root_install directory is not at $sabLCB/web/root_install, the script will retain the setuid-root executable for the new setup (but it will only be used when users change their web Sablime passwords).
If you want to be assured of removing the reliance on the setuid-root executable even for a post v6.0u1 instance, you can follow these Web Sablime Installation and Upgrade instructions to re-install Web Sablime.
An instance of Sablime v8.3 must be present on the intended Web Server host. The instance must have at least one Sablime product with at least one generic. A properly running instance will be able to execute licensed Sablime commands, and be able to run hotline.ck and setperm without failures.
Note that the Web Server host can be an NFS* client of the Sablime host, as long as the Web Server has full access to all the Sablime databases.
A fully operational Web Server should be running on the Unix/Linux host. Web Sablime is designed for use with the Apache* web server. To avoid some serious Apache security problems, use version 1.3.27 or later, or 2.0.43 or later.
Perl (version 5.004_01 or later) must be installed on the host.
Log into the host as the user ID that owns the Sablime binaries and databases. Please log in as this user rather than using “su”.
Run the Sablime setup script for a generic in the instance you wish to associate with the Web interface.
$ cd SABHOME $ . ./set_sablime GEN (...Normal Sabime setup output....)
Update configuration input file.
In the web admin directory, there is a file that defines some path and file locations that the web installation process needs to know about. Sablime supplies a template file so that later updates won’t overwrite the master copy. Copy the template file, and then update the copy. The comments in the file should make it clear which items need updating.
$cd $sabLCB/web/admin $cp config.input.tmpl config.input (edit config.input)
If the program is permitted to update the web server’s configuration file, and to restart the web server, it will. Otherwise it will inform you that someone with appropriate permissions will need to do these things.
Restart the Web Server if necessary.
The wsab_install script will add the sablime.conf file into the web server’s configuration directory, and will update the server’s httpd.conf file (adding a directive for it to include sablime.conf). It will then restart the Web Server.
If the wsab_install process does not have permissions to do some or all of these things, it will tell you to have the web server administrator do them.
Establish user passwords and Java.
Each user who needs access to web Sablime should log into the web server host and create a web Sablime password.
$ cd SABHOME $ . ./set_sablime GEN (...Normal Sablime setup output....) $ sabpasswd New password: password Re-type new password: password
For web-only users, the Sablime administrator can create the password for them by running sabpasswd PTS. Since web server passwords are inherently less secure than system passwords, users that have logins should be discouraged from using their system password as a web server password.
Verify Installation Success
Web Sablime should now be fully functional. To verify, use a browser to connect to the URL http://server_name:port_number/docs/wsab.html. The server_name and port_number are defined in the web server’s httpd.conf file.
Log in and select Tools > Debug > Run Site Diagnostics. This will do a quick audit of the Web Sablime instance and should not report any problems.
The web server administrator should be aware that the web server log files will grow over time. There is no automatic maintenance, so the administrator should periodically truncate the log files as local disk space availability conditions require.
If the path to the preferred perl executable changes, the Sablime administrator should update the value of “PERL” in $sabLCB/web/admin/reset_perl and then run the script as ./reset_perl. This will update the other Web Sablime perl scripts.
After completing these instructions, most Web Sablime related files have been placed into the $sabLCB/wsab directory. If this is an upgrade from an early version of Web Sablime (pre-v6.0u1) and you are satisfied that the installation was successful, you can remove the old Web Sablime directories (and their contents) that were located under your old Server Root directory: wsab, merge, wsabJSolver, images, VHELP, webVHELP, and docs.
Apache is a trademark of the Apache Software Foundation.
UNIX is a registered trademark of The Open Group.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Java and NFS are trademarks or registered trademarks of Oracle and/or its affiliates in the United States and other countries.
Sablime is a registered trademark of Alcatel-Lucent Inc.
Contents copyright © 2010-2015 Alcatel-Lucent. Permission to photocopy in support of a licensed installation of Sablime is hereby granted.