From 8b244ec577f0eb6f34dcf12688ba0e26e2e714a5 Mon Sep 17 00:00:00 2001
From: Paul Buetow <git@mx.buetow.org>
Date: Tue, 29 Dec 2020 08:34:04 +0000
Subject: Make Linux ACL support optional, as it requires CGo and makes the
 binary less portable

---
 doc/installation.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'doc/installation.md')

diff --git a/doc/installation.md b/doc/installation.md
index 6f946c4..6bf17b0 100644
--- a/doc/installation.md
+++ b/doc/installation.md
@@ -7,6 +7,26 @@ The following installation guide has been tested successfully on CentOS 7. You m
 
 Please check the [Quick Starting Guide](quickstart.md) for instructions how to compile DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable RPM via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead.
 
+## Linux ACL support
+
+This is optional but it gives you better security. On Linux you have the option to compile `dserver` with File System Access Control List support. For that you need:
+
+### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora it would be
+
+```console
+% sudo dnf install libacl-devel -y
+```
+
+### 2. Enable ACL via a Go build flag
+
+Set the `USE_ACL` environment variable before invoking the make command.
+
+```console
+% export USE_ACL=yes
+```
+
+Alternatively you could just add `-tags linuxacl` to the Go compiler. 
+
 # Install it
 
 It is recommended to automate all the installation process outlined here. You could use a configuration management system such as Puppet, Chef or Ansible. However, that relies heavily on how your infrastructure is managed and is out of scope of this documentation.
-- 
cgit v1.2.3


From 1a3b56d4df31737cd2a3e4369a69db16cdb610d5 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Wed, 13 Oct 2021 20:39:00 +0300
Subject: backport docs from master

---
 doc/installation.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'doc/installation.md')

diff --git a/doc/installation.md b/doc/installation.md
index 6bf17b0..8f3892c 100644
--- a/doc/installation.md
+++ b/doc/installation.md
@@ -5,13 +5,13 @@ The following installation guide has been tested successfully on CentOS 7. You m
 
 # Compile it
 
-Please check the [Quick Starting Guide](quickstart.md) for instructions how to compile DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable RPM via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead.
+Please check the [Quick Starting Guide](quickstart.md) for instructions on compiling DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable (.rpm, .deb, ...) via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead.
 
 ## Linux ACL support
 
-This is optional but it gives you better security. On Linux you have the option to compile `dserver` with File System Access Control List support. For that you need:
+This is optional, but it gives you better security. On Linux, you have the option to compile `dserver` with File System Access Control List support. For that, you need:
 
-### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora it would be
+### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora, it would be
 
 ```console
 % sudo dnf install libacl-devel -y
@@ -25,7 +25,7 @@ Set the `USE_ACL` environment variable before invoking the make command.
 % export USE_ACL=yes
 ```
 
-Alternatively you could just add `-tags linuxacl` to the Go compiler. 
+Alternatively, you could add `-tags linuxacl` to the Go compiler. 
 
 # Install it
 
@@ -95,7 +95,7 @@ To start the DTail server via ``systemd`` run:
 
 # Register SSH public keys in DTail server
 
-The DTail server now runs as a ``systemd`` service under system user ``dserver``. The system user ``dserver`` however has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish a SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``.
+The DTail server now runs as a ``systemd`` service under system user ``dserver``. However, the system user ``dserver`` has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish an SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``.
 
 It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes:
 
@@ -115,11 +115,11 @@ It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.s
 
 # Run DTail client
 
-Now you should be able to use DTail client like outlined in the [Quick Starting Guide](quickstart.md). Also have a look at the [Examples](examples.md).
+Now you should be able to use DTail client like outlined in the [Quick Starting Guide](quickstart.md). Also, have a look at the [Examples](examples.md).
 
 # Monitor it
 
-To verify that DTail server is up and running and functioning as expected  you should configure the Nagios check [check_dserver.sh](../samples/check_dserver.sh.sample) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of scope of this guide.
+To verify that DTail server is up and running and functioning as expected, you should configure the Nagios check [check_dserver.sh](../samples/check_dserver.sh.sample) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of scope of this guide.
 
 ```console
 % ./check_dserver.sh
-- 
cgit v1.2.3