summaryrefslogtreecommitdiff
path: root/doc/faq.html
blob: 14af4b2640db3bd2e3f7f7d053bc9ece33392cf8 (plain)
  1. <ul>
  2. <li><h4>Printing to a Printer from a Windows Server</h4><p>
  3. There are several obstacles to printing from a web appliction that was written
  4. for Linux or UNIX in Windows.
  5. These include:</p><ul>
  6. <li>Lack of Postscript support in the printing subsystem. To resolve this, you
  7. must install Ghostscript and Gsview. The latter package provides a utility
  8. called gsprint that will allow you to print Postscript on your Windows
  9. printer.</li>
  10. <li>The fact that most Windows software, including gsprint, tends to print
  11. output that will cause the web server to crash. The winprint.bat included
  12. with this distribution corrects this problem. To use the winprint.bat
  13. solution, configure your printers in your ledger-smb.conf as
  14. "winprint.bat printer-name." If you omit the printer name, the default
  15. printer will be used.</li>
  16. <li>Windows does not allow you to set up system printers that all users can
  17. access. Thus the web server often doesn't have access to the printers you
  18. have set up. To correct this issue, follow the steps at
  19. <a href="http://support.microsoft.com/kb/q184291/">
  20. http://support.microsoft.com/kb/q184291/</a>.</li></ul></li>
  21. <p><li><h4>Error on converting from SQL-Ledger:
  22. ERROR: column "chart_id" contains null values</h4>
  23. SQL-Ledger does not enforce a NOT NULL constraint on the chart_id field in the
  24. acc_trans table. Consequently, it is possible in cirtain circumstances to
  25. insert transactions into the database with invalid information including NULL
  26. chart_id's. When this occurs, normally the Chart of Accounts and Trial Balance
  27. will fail to balance. So this is a serious problem with data integrity.
  28. LedgerSMB prevents this by adding the NOT NULL constraing but this can cause
  29. prevent people from migrating when they have invalid data in their databases.
  30. <br/><br/>
  31. If you encounter an error like this, the first thing to do is seek
  32. technical support, regardless of whether or not you wish to continue
  33. the migration. In general the providers of support for LedgerSMB and
  34. SQL-Ledger should all be able to be of some assistance.
  35. Unfortunately, since this problem involves information loss, no
  36. solution can be automated without invalidating your accounting
  37. information. </li></p>
  38. <p><li><h4>PostgreSQL 8.x</h4>
  39. PostgreSQL added a restriction in v8.x that a sequence cannot be dropped
  40. after if it is referenced by a table. However backups created with
  41. LedgerSMB v2.6.13 and earlier have a DROP SEQUENCE step in the backup
  42. which will fail. To fix this edit the backup before restoring on a 8.x
  43. system.
  44. <p>This typically looks like this:
  45. <pre>
  46. DROP SEQUENCE id ;
  47. CREATE SEQUENCE id START 10579;
  48. --
  49. DROP SEQUENCE invoiceid ;
  50. CREATE SEQUENCE invoiceid START 11096;
  51. --
  52. DROP SEQUENCE orderitemsid ;
  53. CREATE SEQUENCE orderitemsid START 178;
  54. --
  55. DROP SEQUENCE jcitemsid ;
  56. CREATE SEQUENCE jcitemsid START 53;
  57. </pre>
  58. <p>Change it to:
  59. <pre>
  60. CREATE SEQUENCE id;
  61. SELECT SETVAL('id', 10579);
  62. CREATE SEQUENCE invoiceid;
  63. SELECT SETVAL('invoiceid', 11096);
  64. CREATE SEQUENCE orderitemsid;
  65. SELECT SETVAL('orderitemsid', 178);
  66. CREATE SEQUENCE jcitemsid;
  67. SELECT SETVAL('jcitemsid', 53);
  68. </pre>
  69. <p><li><h4>PostgreSQL template1</h4>
  70. <tt>template1</tt> is a template that new databases are built from, by
  71. default. Anything you put into <tt>template1</tt> will be copied to a
  72. new database. Thus, when you try to create a new dataset, the tables
  73. are already drawn in from <tt>template1</tt> so that when LedgerSMB
  74. tries to create them, you will receive an error message indicating
  75. that the tables already exist.
  76. <p><li><h4>PostgreSQL 8.0+</h4>
  77. To use LedgerSMB with PostgreSQL 8.0+ you have to modify
  78. <tt>Pg-tables.sql</tt>. This file is in the sql directory.
  79. <pre>
  80. CREATE TABLE orderitems (
  81. trans_id int,
  82. parts_id int,
  83. description text,
  84. qty float4,
  85. sellprice float8,
  86. discount float4,
  87. unit varchar(5),
  88. project_id int,
  89. reqdate date,
  90. ship float4,
  91. serialnumber text,
  92. id int default nextval('orderitemsid')
  93. ) WITH OIDS;
  94. CREATE TABLE inventory (
  95. warehouse_id int,
  96. parts_id int,
  97. trans_id int,
  98. orderitems_id int,
  99. qty float4,
  100. shippingdate date,
  101. employee_id int
  102. ) WITH OIDS;
  103. CREATE TABLE assembly (
  104. id int,
  105. parts_id int,
  106. qty float,
  107. bom bool,
  108. adj bool
  109. ) WITH OIDS;
  110. </pre>
  111. This change is only required for LedgerSMB versions 2.6.3 and below.
  112. <p>If you already built a dataset without this change you will get
  113. an error when you try to save a PO or assembly.
  114. <p>"ERROR: column "oid" does not exist"
  115. <p>Drop the tables and rebuild WITH OIDS.
  116. <p><li><h4>Japanese characters</h4>
  117. modify apache so that EUC_JP is the main additional language.
  118. <br>comment out all unrelated languages except, UTF_8 shift jis, EUC_JP
  119. <br>restart apache
  120. <br>Fire up psql and do the encoding as per the table:-
  121. <br>Table 5-2. Postgres Client/Server Character Set Encodings
  122. <p>Server Encoding Available Client Encodings
  123. <br>EUC_JP EUC_JP, SJIS
  124. <br>EUC_TW EUC_TW, BIG5
  125. <br>LATIN2 LATIN2, WIN1250
  126. <br>LATIN5 LATIN5, WIN, ALT
  127. <br>MULE_INTERNAL EUC_JP, SJIS, EUC_KR, EUC_CN, EUC_TW, BIG5, LATIN1 to LATIN5, WIN, ALT, WIN1250
  128. <p>Create the dataset from admin.pl, now the Japanese shows up in multibyte encoding
  129. <p>Now you can write in Hiragana, Katakana, Kanji and English
  130. <p><li><h4>Error posting a check/receipt</h4>
  131. <pre>
  132. DBD::Pg::db do failed: ERROR: syntax error at or near "," at character 114
  133. Error!
  134. INSERT INTO acc_trans (trans_id, chart_id, transdate,amount)
  135. VALUES (13314, , '03-22-2005',1.00 * 1)
  136. ERROR: syntax error at or near "," at character 114 </pre>
  137. This error is caused by a transaction which does not have links to
  138. an AR/AP account.
  139. <br>set up your chart of accounts properly and create at least one
  140. AR and AP account. Then edit all your transactions and repost.
  141. <p><li><h4>SELinux</h4>
  142. <a href=http://fedora.redhat.com/docs/selinux-faq-fc3/index.html>http://fedora.redhat.com/docs/selinux-faq-fc3/index.html</a>
  143. <p>modify <tt>/etc/selinux/conf</tt> and set <tt>SELINUX=permissive</tt>
  144. <p>use <tt>audit2allow</tt>, add the following to
  145. <tt>policy.conf</tt>, then run <tt>make reload</tt>
  146. <p>#line 83
  147. <br>allow httpd_sys_script_t port_type:{ tcp_socket udp_socket } { send_msg
  148. recv_msg };
  149. <br>allow httpd_sys_script_t sysctl_kernel_t:dir search;
  150. <br>allow httpd_sys_script_t sysctl_t:dir search;
  151. <br>allow httpd_sys_script_t tmp_t:sock_file write;
  152. <br>allow httpd_sys_script_t httpd_sys_content_t:lnk_file read;
  153. <br>allow httpd_sys_script_t sysctl_kernel_t:file read;
  154. <br>allow httpd_sys_script_t unconfined_t:unix_stream_socket connectto;
  155. <p><li><h4>session timeouts</h4>
  156. If you get frequent timeouts or can't even log in, synchronize
  157. the clocks between the server and workstation.
  158. <p><li><h4>lineitems not printing</h4>
  159. Templates designed on a UNIX platform don't work on a DOS platform.
  160. To make them work load the template either with the builtin template editor
  161. or a text editor and save. Templates designed on a Windows platform have the
  162. same problem and won't work on a UNIX platform. Once you strip the ^M's
  163. the'll work just fine.
  164. <p><li><h4>UTF-8 character encoding</h4>
  165. Most of the translations are in ISO format. To convert the translations
  166. change directory to locale/cc and convert the files with iconv to UTF-8.
  167. You should also convert the COAs too and make sure you select UTF-8
  168. encoding when you set up a new dataset.
  169. <p><li><h4>characterset problems</h4>
  170. If you have problems displaying the correct characterset try adding
  171. <pre>
  172. AddDefaultCharset On</pre>
  173. in your <tt>httpd.conf</tt> file.
  174. <p><li><h4>About installation</h4>
  175. The easiest is to use the setup.pl script as root.
  176. You don't need to know very much about your system, just login as root,
  177. run 'perl setup.pl' and follow the prompts.
  178. <p>setup.pl does not check for missing software packages and it is your
  179. responsibility to make sure you have the required software
  180. installed either from source or from a package.
  181. <p>Requirements are clearly indicated in the <tt>README</tt> file and
  182. on the download page.
  183. <p><li><h4>cannot create function</h4>
  184. <ol>
  185. <li>either run <tt>createlang plpgsql</tt> to install the plpgsql
  186. language handler or install yourself. For more information how to do
  187. that, visit <a href=http://www.postgresql.org/docs/>PostgreSQL</a> and
  188. read the interactive documentation for procedural languages.
  189. <li>load admin.pl
  190. <li>unlock the system
  191. <li>login
  192. </ol>
  193. <p><li><h4>The requested URL /ledger-smb/admin.pl was not found</h4>
  194. Your webserver doesn't know where to find the script. Most commonly this
  195. results when distributions hide webserver configuration files in unexpected
  196. locations so that <tt>setup.pl</tt> wasn't able to configure the location for
  197. you. Find out which file (<tt>httpd.conf</tt>, <tt>httpdcommon.conf</tt>, ...)
  198. controls your webserver configuration and add
  199. <pre>
  200. # LedgerSMB
  201. Include /etc/httpd/ledger-smb-httpd.conf</pre>
  202. Create a file 'ledger-smb-httpd.conf' in /etc/httpd and copy the next part
  203. into the file.
  204. <pre>
  205. AddHandler cgi-script .pl
  206. AddDefaultCharset On
  207. Alias /ledger-smb /var/www/ledger-smb/
  208. &lt;Directory /var/www/ledger-smb&gt;
  209. Options ExecCGI Includes FollowSymlinks
  210. &lt;/Directory&gt;
  211. &lt;Directory /var/www/ledger-smb/users&gt;
  212. Order Deny,Allow
  213. Deny from All
  214. &lt;/Directory&gt;</pre>
  215. replace '/etc/httpd' and '/var/www' with the appropriate directories.
  216. <p><li><h4>users/members : Permission denied</h4>
  217. Your webserver must have write access to the users directory.
  218. If your server runs as user/group 'apache:apache' then set the
  219. users directory to owner/group apache:apache.
  220. <pre>
  221. # chown -R apache:apache users</pre>
  222. <p><li><h4>Dataset newer than version</h4>
  223. You are trying to use an older version with a dataset which was
  224. created with a newer version.
  225. <p><li><h4>PDF option not working</h4>
  226. Check if you have latex and pdflatex installed.
  227. <p><li><h4>Apache 2.0 "error 500"</h4>
  228. Some of the early versions of Apache 2.0 (< patchlevel 44) had a rewrite engine
  229. which decoded escaped strings. This created a lot of problems and I worked
  230. around it by escaping strings twice.
  231. If you get a server 500 error 'filename too long' or if collapsed menus
  232. don't expand you may have to adjusted the following code in
  233. SL/Form.pm and change the number (44) on line 84.
  234. <pre>
  235. # for Apache 2 we escape strings twice
  236. if (($ENV{SERVER_SIGNATURE} =~ /Apache\/2\.(\d+)\.(\d+)/) && !$beenthere) {
  237. $str = $self->escape($str, 1) if $2 < 44;
  238. }</pre>
  239. <p><li><h4>IDENT Authentication failed for user "sledger-smb"</h4>
  240. Edit pg_hba.conf and change authentication to
  241. <pre>
  242. local all all MD5</pre>
  243. The file is in the 'data' directory of your postgresql installation.
  244. This is different with every distribution so look for it.
  245. <pre>
  246. # find / -name 'pg_hba.conf'</pre>
  247. <p>Some people can't read and seem to think 'localhost' is just some
  248. fancy word for a local machine.
  249. 'localhost' is a host like any other host on a network.
  250. A 'local' entry in pg_hba.conf will allow socket connections ONLY and
  251. not allow a host connection. If you then try to connect to 'localhost',
  252. PostgreSQL will come back with an authentication error.
  253. <p>So, if the database resides on the same server as the web server,
  254. forget you ever heard there is such a thing as 'localhost' and leave
  255. the Host portion blank.
  256. <p><b>WARNING!</b> DO NOT just put a 'host all all trust' in
  257. pg_hba.conf unless you know what you are doing; that can introduce a
  258. pretty huge security hole.
  259. <p><li><h4>DBD-Pg for Mandrake 9.0</h4>
  260. Mandrake did not package a compiled DBD-Pg package again, so install DBD-Pg
  261. from the source package.
  262. Install perl-DBD-Pg-1.01-4mdk.i586.rpm from the 'contrib' area.
  263. (Mandrake / 9.0 / contrib / RPMS)
  264. <p><li><h4>LaTeX error</h4>
  265. If for some reason LaTeX produces an error message check for strange
  266. characters in your account description and parts description
  267. and use \usepackage[latin1]{inputenc} in the preamble.
  268. <p><li><h4>LaTeX templates</h4>
  269. If you don't want to edit tex code by hand,
  270. you could use Lyx, Abiword, or any WYSIWYG editor capable of exporting
  271. latex code.
  272. To do that you must change the tokens for the variables <% and %> to something
  273. like << and >>. % is the comment character in tex. There is also a
  274. pagebreak block which must be commented out.
  275. When you are done with the changes
  276. replace << and >> with <% and %> and uncomment the pagebreak block.
  277. <p>LaTeX is somewhat complex to learn, initially, but offers a much
  278. superior environment to produce professional-looking forms in
  279. postscript and PDF format.
  280. <p><li><h4>W3M</h4>
  281. pass terminal=mozilla when you start w3m
  282. <pre>
  283. $ w3m -F http://localhost/ledger-smb/login.pl?terminal=mozilla</pre>
  284. To use without frames
  285. <pre>
  286. $ w3m http://localhost/ledger-smb/login.pl?terminal=lynx</pre>
  287. <p><li><h4>PDF option disappeared</h4>
  288. Edit ledger-smb.conf and set $latex = 1;
  289. <br>ledger-smb.conf is perl code, check if it compiles, if it does not,
  290. the internal defaults are used which turn off $latex, hence no PDF option.
  291. <p><li><h4>Installation on Windows (WIN32)</h4>
  292. <ul>
  293. <li>install Apache, perl,
  294. <a href=http://techdocs.postgresql.org/guides/InstallingOnWindows>Postgres</a>
  295. or Oracle, DBI and the appropriate DBD
  296. module
  297. <br>if you can't compile DBD-Pg here is a precompiled
  298. <a href=http://http://pgfoundry.org/projects/dbdpgppm/>DBD-Pg module</a>
  299. <li>download the latest version of <a
  300. href="http://www.ledgersmb.org/download/">LedgerSMB</a>
  301. <li>extract the files to c:\apache\ledger-smb
  302. <li>run 'perl shebang' to change the first line of the scripts. If perl
  303. is not in c:\perl\bin' change '#!c:\\perl\\bin\\perl' to the location where
  304. your perl binary is.
  305. <li>edit c:\apache\conf\httpd.conf and add
  306. <pre>
  307. Alias /ledger-smb "c:/apache/ledger-smb/"
  308. &lt;Directory "c:/apache/ledger-smb"&gt;
  309. AllowOverride All
  310. AddHandler cgi-script .pl
  311. AddDefaultCharset On
  312. Options +ExecCGI
  313. Order Allow,Deny
  314. Allow from All
  315. &lt;/Directory&gt;
  316. &lt;Directory "c:/apache/ledger-smb/users"&gt;
  317. Order Deny,Allow
  318. Deny from All
  319. &lt;/Directory&gt;
  320. </pre>
  321. <li>start Apache
  322. <li>start Postgres|Oracle|DB2
  323. <li>connect to http://localhost/ledger-smb/admin.pl and set up users
  324. and datasets
  325. <li>connect to http://localhost/ledger-smb/login.pl and login
  326. </ul>
  327. <p><li><h4>What do I enter for the language</h4>
  328. If you use English, nothing, if you want to use a foreign language for
  329. the login screen and admin stuff enter the language code, this is the
  330. directory in the locale directory.
  331. <p><li><h4>printing to a printer</h4>
  332. Printers are defined in ledger-smb.conf
  333. <pre>
  334. %printer = ( 'Default' => 'lpr', 'Color' => 'lpr -PEpson' );</pre>
  335. Check in your /etc/printcap file for the names of available printers.
  336. <p>If you have LaTeX installed set
  337. <pre>
  338. $latex = 1</pre> in ledger-smb.conf
  339. <p>To send the document to the printer check the "Postscript" or "PDF" format,
  340. enter the number of copies and click on the "Print" button.
  341. <p>The printer you enter in your preferences is the default printer.
  342. You can choose any other available printer. This makes it possible
  343. to print from anywhere on the network to any printer.
  344. <p>Note: html format is for screen preview. Use the "Print" option from your
  345. browser to print to a printer.
  346. <p><li><h4>Using samba to send printjobs to a printer attached to a Windows XP workstation</h4>
  347. The next part applies to roll your own print filters only. If you use CUPS or
  348. LPRng your milage may vary but you can still use this as a guide how it works.
  349. I use the printer 'Epson' as an example which is
  350. attached to a XP workstation called Raven.
  351. <pre>
  352. /etc/printcap entry on the server which runs lpd
  353. epson:Epson\
  354. :sh:\
  355. :lp=/dev/null:\
  356. :sd=/var/spool/output/epson:\
  357. :if=/usr/libexec/lpr/epson/prnfilter:\
  358. # end of entry in /etc/printcap
  359. # prnfilter shell script
  360. #!/bin/sh
  361. # Filter for Epson Stylus
  362. PATH="$PATH:/usr/local/bin"
  363. #read first_line
  364. read tmp
  365. first_line=`echo $tmp | cut -b1-2 | sed -n '1p'`
  366. first_chr=`expr "$first_line" : '\(.\)'`
  367. first_two=`expr "$first_line" : '\(..\)'`
  368. rewindstdin
  369. if [ "$first_two" = "%!" ]; then # Postscript file
  370. gs @st640p.upp -dSAFER -dNOPAUSE -q -sOutputFile=/tmp/$$ -
  371. else
  372. # text file
  373. cat &gt; /tmp/$$
  374. echo -n "^L" &gt;&gt; /tmp/$$
  375. smbclient '\\Raven\Epson' "" -c 'printmode text'
  376. fi
  377. smbclient '\\Raven\Epson' "" -P -c "print /tmp/$$"
  378. rm /tmp/$$
  379. # EOF
  380. rewindstdin is a small program to rewind the filehandle for STDIN
  381. save the next part up to EOF to a file rewindstdin.c and compile
  382. #include &lt;sys/types.h&gt;
  383. #include &lt;unistd.h&gt;
  384. extern int errno;
  385. main()
  386. {
  387. if( lseek(0,0,0) == 0 ){
  388. errno = 0;
  389. }
  390. return( errno );
  391. }
  392. # EOF
  393. compile to an executable
  394. gcc -o /usr/local/bin/rewindstdin rewindstdin.c
  395. </pre>
  396. <p><li><h4>beginning balances</h4>
  397. Add a GL Journal entry and enter the beginning balance for your accounts.
  398. Beginning balances are the balances from your last balance sheet. If you also
  399. add open invoices to account for COGS for inventory, add the invoices
  400. and make the appropriate adjustments.
  401. <p><li><h4>establish a beginning inventory</h4>
  402. add the parts with a vendor invoice. Use the <b>real cost</b> for the items,
  403. not zero. If you use zero cost then the cost of goods will be zero when you
  404. sell the item.
  405. <p><li><h4>Assemblies</h4>
  406. Assemblies are manufactured goods assembled from parts, services and
  407. assemblies. Because you do not buy assemblies you 'stock assemblies' by
  408. adding assembled units to your inventory. The quantity for individual parts
  409. is reduced and the quantity for the assembly increased. To disassemble an
  410. assembly you simply return the parts to inventory by entering a negative
  411. quantity for the number of assemblies to stock.
  412. <p><li><h4>DBD-Pg not installed</h4>
  413. Most modern distributions now package DBD-Pg. If it is
  414. not packaged follow this recipe to get it working.
  415. <ul>
  416. <li>check if you have the header files for PostgreSQL
  417. <br>$ find / -name 'libpq-fe.h'
  418. <br>if nothing shows up install the development package for PostgreSQL
  419. <li>download and untar DBD-Pg
  420. <li>set the environment variables POSTGRES_LIB and POSTGRES_INCLUDE
  421. <li>cd to DBD-Pg directory
  422. <br>as ordinary user
  423. <br>$ perl Makefile.PL
  424. <br>$ make
  425. <br>$ make test
  426. <br>if all went well su to root
  427. <br># make install
  428. <li>remove DBD-Pg
  429. </ul>
  430. <p><li><h4>login.pl has compilation error</h4>
  431. This could be because of a missing configuration file in the users directory
  432. <p>check the permission for the users directory. The directory must be
  433. set writeable for the webserver. If your webserver runs ias user/group
  434. nobody.nogroup set the directory to
  435. <pre>
  436. drwx--x--x 2 nobody nogroup 1024 May 26 16:49 users
  437. or
  438. drwxrwx--x 2 johndoe nogroup 1024 May 26 16:49 users</pre>
  439. <p><li><h4>script not executing, shows in browser instead</h4>
  440. Add
  441. <pre>
  442. AddHandler cgi-script .pl</pre>
  443. in your httpd.conf file.
  444. <p><li><h4>unknown terminal!</h4>
  445. the frontend script couldn't figure out which browser you are using
  446. <p>include the terminal variable on the URL
  447. <pre>
  448. http://localhost/ledger-smb/login.pl?terminal=lynx</pre>
  449. Valid terminal variables are lynx, mozilla and js
  450. <p><li><h4>permission denied</h4>
  451. Check if your web server has write permission to write to the following
  452. files and directories:
  453. <pre>
  454. users/
  455. templates/
  456. users/members
  457. # chown nobody:nogroup users templates users/members
  458. </pre>
  459. <p><li><h4>permission denied to access tables</h4>
  460. The user you entered in the "Database section" must be a valid
  461. database user who has rights to access the tables.
  462. <p>If the tables are owned by 'joe' and you enter 'mary' as the dba
  463. you might run into this problem if mary doesn't have the rights to
  464. access tables owned by joe.
  465. <p><li><h4>html and graphics files don't show up on screen</h4>
  466. Enable Includes and FollowSymlinks Options in your httpd.conf file
  467. <pre>
  468. &lt;Directory /usr/local/ledger-smb&gt;
  469. Options ExecCGI Includes FollowSymlinks
  470. &lt;/Directory&gt;
  471. </pre>
  472. <p><li><h4>switch display to a foreign language</h4>
  473. Load your preferences and select the language.
  474. <br>Language selection is in accordance to
  475. <a href=http://www.unece.org/cefact/locode/service/main.htm>
  476. ISO 3166-1</a> standards.
  477. <p><li><h4>Text shows in English when I use a foreign language</h4>
  478. This is because the corresponding hash entry is missing.
  479. Add the missing text in the locale/cc/all or locale/cc/missing
  480. file and run 'perl locales.pl' from the command line to rebuild
  481. the individual files.
  482. <br>cc refers to the country code.
  483. <p><li><h4>switch to a foreign language for the login and admin screen</h4>
  484. Edit ledger-smb.conf and enter the code for the $language variable
  485. <pre>
  486. $language = "de";</pre>
  487. <p>This is a global change and applies to all logins, individual settings
  488. may be changed by setting the language in your Preferences.
  489. </ul>
  490. <p>
  491. <hr>
  492. <a name=security>
  493. <h1>LedgerSMB security</h1>
  494. </a>
  495. <ul>
  496. <li>The security features built into LedgerSMB provide encrypted passwords
  497. and access control which makes it fairly safe out of the box to run even in
  498. front of a firewall.
  499. Some precautions which are out of our control must be taken though.
  500. It matters where you install SL and how you configure your web server and
  501. SQL server.
  502. <pre>
  503. Typical setups:
  504. /usr/local/vh/www <- DocumentRoot for virtual host
  505. /usr/local/vh/ledger-smb <- Alias for ledger-smb
  506. /usr/local/vh/users <- users directory out of reach
  507. <hr width=60% align=left>
  508. /usr/local/vh/www <- DocumentRoot for virtual host
  509. /usr/local/vh/www/ledger-smb <- Alias for ledger-smb
  510. /usr/local/vh/www/ledger-smb/users <- users configuration files and tmp space
  511. &lt;Directory /usr/local/vh/www/ledger-smb/users&gt; <- disable webserver access
  512. Order Deny,Allow for users directory
  513. Deny from All
  514. &lt;/Directory&gt;
  515. </pre>
  516. The location for the users directory can be specified in ledger-smb.conf
  517. <p><li>Set permission for the users and templates directory to 711
  518. <p><li>If you do not want anyone to change the templates with the built-in
  519. editor set the files in templates/directory/ to read only or disable
  520. the menu item to edit the templates.
  521. <p><li>You can set up a read-only environment if you disable the menu items
  522. to add data. i.e 'Add Transaction' if unchecked you will not be able to add
  523. a transaction or repost a transaction. You may look at it but nothing else.
  524. <p><li>There are various settings for audit control and you may disable
  525. reposting entirely or up to a certain date. And with the audit trail enabled
  526. you can keep tab of who is doing what.
  527. <p><li>For PostgreSQL you may also set who has access to the server in the file
  528. pg_hba.conf
  529. <br>Authentication crypt does not work because not all SQL servers
  530. accept encrypted passwords.
  531. <p><li>in addition you can secure the tables from unauthorized access by
  532. setting up a different database user and GRANT rights. For instance,
  533. users without DELETE rights will still be able to use the program, change
  534. customers and vendors, add transactions but will not be able to delete or
  535. repost transactions.
  536. <br>To lock all the tables to create a RO system GRANT SELECT rights only.
  537. <p><li>Other security options include a secure shell, your webserver's
  538. authentication system, SSL, encrypted tunnels, ...
  539. </ul>
  540. </BODY>
  541. </HTML>