[gollem] Gollem Setup

Devin Reade gdr at gno.org
Wed Oct 29 09:27:47 PST 2003 

Ryan Burton wrote:

> I am looking for instructions on how to setup gollem.

The short version is that first you need to be running horde et al
out of CVS; at this time gollem will not work with the "released"
versions of horde.

The current horde cvs provides an admin interface to configure
at least part of gollem (and other components).  Anyone who is
configured in horde as an administrator automatically sees the
relevent links when they log in.

In addition to using the web-based admin interface to create
conf.php based on conf.xml, I had to manually configure gollem's
backends.php file.

(I'm using the ftp backend.)

There were some other differences in configuring stable-horde/imp/turba
vs cvs-horde/imp/turba, but those are out of scope for your question
and this mailing list.

> Does gollem work well?  I am simply looking for something that will
> allow users to share files, will this suffice?

I can't speak for other backends, but whether or not you can use
the ftp backend to permit users to share files depends on how you've
got your backing filesystems (eg: home directories) set up.

In my case, users can share files by uploading/moving them to 
their public_html directories.  Home directories are set to 0711,
so anything else they upload is private to the user.  (The go+x
bits are set to permit mail forwarding and vacation messages to
work.)

> Should I wait for an official release? 

I have found that the cvs horde/gollem is currently very sensitive
to the choice of user OS and browser:
	- the stable version seems to work with browsers OSes and
	  multiple OSes
	- cvs horde/imp/turba seems to work with Linux RH7.3 and
	  the early version of mozilla that came with RH7.3, however
	  the "rename" feature of gollem failed.  (Other gollem
	  features seemed to work.)
	- by upgrading mozilla to a recent version, I was able to
	  get the gollem rename feature working
	- a (non-naive) user reported to me last night various
	  problems that seem to exist when connecting from an
	  older windows machine (but with a current JRE and mozilla).
	  In some cases, the upload feature would seem to take the
	  file, but nothing was created on the server.  In other
	  cases, the file would be created on the server, but would
	  be of zero length.  (This is a recently observed problem,
	  and until now has not been mentioned to the developers,
	  AFAIK.)

In my case, although I have a few knowledgable users who will be
able to sort through the browser/OS problems, unfortunately the
average user base are naive windows users.  With that in mind,
I've decided to enable sftp/scp as the supported file upload
mechanism, with the help of rssh (a shell that restricts access
to sftp/scp operations, and does not provide arbitrary command
execution).

The choice to proceed with sftp access was not optimal; originally,
I wanted to restrict user read access to their home directories
and user write access to their $HOME/public_html and $HOME/private_files
directories.  Unfortunately, due to the lack of this capability 
in the backing ftp server (vsftpd), this was not possible even
with using just the gollem interface.  By enabling sftp access,
the users now have read access to the entire filesystem, modulo
UNIX file/directory perms.  While I'd prefer not to grant such
access, my confidence in maintaining system integrity despite
such access is high enough that I will take that route in order
to reduce the amount of handholding/troubleshooting that is
necessary for the naive user base.

Another thing that I noticed is that the horde tree in general
seems to be mid-migration, not only in the use of the new admin
interface, but also in a few other respects (like where certain
"libraries" live, etc).  If you are sufficiently knowledgeable
in php/pear you should be able to iron out the minor problems
this is creating right now, otherwise you may find it to be
too much of a headache.  OTOH, their have been some changes
elsewhere in horde/imp/turba that are nice to use now, rather
than having to migrate later (having to do with LDAP schema,
etc).

So to answer your question, I would evaluate your php/pear
experience level and the type of users that you must support.
With respect to the latter, if it is reasonable to assume that all
of your users (that need file upload support) can be forced into
using compatible browsers/OSes, then the current horde/gollem may be
fine.  Otherwise, you may want to wait a while, maybe for a
stable release that includes gollem.

--
         Devin Reade         <gdr at gno.org>

More information about the gollem mailing list