Document manager Administration manual

Here is a list of document that administrators might find useful when dealing with docman. They are ordered by importance, so be sure to read them.

Reference reading

Installation instructions (but, you already read that, right?)
FAQ and optionally Upgrade from v1.x
New Directory Layout and how that increase security
Performance tips
Trustee documentation (ACL)

Errors

There are two types of errors in document manager:

errors which are result of user actions (and they are reposted to users)
errors which are result of configuration error (which are by default reported to users, but they can be re-directed to error_log of Apache)
You can re-direct administrative messages using $gblSeparateAdminMessages = 1 in realm/http_virtual_host.conf (See also explanation how to do that in Installation instructions )

Register Globals and PHP

Starting with version 2.0 docman doesn't need register_globals in php.ini. That means that docman knows which variables should be result of POST and what of GET which makes inserting bogus URL harder.

Unknown file types

By default, docman will report administrative error on unknown file types (like pipes, block and character files). You can change this behavior to ignoring those files by setting $gblIgnoreUnknownFileType = 0 in realm/http_virtual_host.conf

Force download on view

If you set options $gblForceDownload= 1 in realm/http_virtual_host.conf it will force download (and save to disk) if user wants to view file (just clicks on filename). Checkout will always force download.

Using script path as realm name

If you don't have ability to use http_virtual_host names for each docman installation, you can use path before docman.php as a identifier for a realm. To enable this, you will have to create directory named as same as virtual host, all directories wish exist before your docman.php and then conf, htusers and optionally trustee and info.inc files.

e.g.: if your host is called dreamhouse.lan and you want to have repositories on URL http://dreamhouse.lan/project/ and http://dreamhouse.lan/documentation/ you will have to create following files: (those marked with asterisk ^* are optional)
realm/dreamhouse.lan/project/conf
realm/dreamhouse.lan/project/htusers
realm/dreamhouse.lan/project/trustee (optional)
realm/dreamhouse.lan/project/info.inc (optional)
realm/dreamhouse.lan/documentation/conf
realm/dreamhouse.lan/documentation/htusers
realm/dreamhouse.lan/documentation/trustee (optional)
realm/dreamhouse.lan/documentation/info.inc (optional)

Conversion of files to realm with directories

If you followed installation instructions and you want now to install docman to your host in directory projects which will be on disk at /home/httpd/htdocs/project/ and served via URL http://my.host/project/ you have to do few more steps:

	$ cd /home/httpd/docman2/realm/
	$ mkdir my.host
	$ mkdir my.host/project
	$ mv http_virtual_host.htusers my.host/project/htusers
	$ mv http_virtual_host.conf my.host/project/conf

That's it. You are ready to go...

Repository information files

There are special files, called info.inc files with informations which are local to that repository. Usually they are located in repository/.info.inc file. However, you can also use realm/http_host/script_path/info.inc file is you are using script path as realm identifier.

Overview of security features

authorization using login and password

works without register_globals in PHP.
all directory names taken from URL will be checked for parent directory strings (..)
all upload filenames are check for directory specification (if they contain slash (/) upload will be aborted)
all filenames taken from URL will be checked for parent directory (..) or slashes (/)
all files are served from repository directory (which is not visible by web server) by docman.php script which enforces permission checking
trustees can be used to provide fine-graded security permissions on files and directories

Realm configuration options

For preatty good overview of configuration options, please examine localhost.conf.dist.