| 1 |
On Friday, December 09, 2011 07:49:13 AM Grant wrote: |
| 2 |
> >> I ran squirrelmail/configtest.php and realized I don't have an |
| 3 |
> >> attachment directory set up for Squirrelmail: |
| 4 |
> >> |
| 5 |
> >> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not |
| 6 |
> >> exist! |
| 7 |
> >> |
| 8 |
> >> I don't even have a /var/local/. Would a good Gentoo'er create the |
| 9 |
> >> directory in that location? |
| 10 |
> > |
| 11 |
> > If a website needs to write files, let it do so under its own directory |
| 12 |
> > hierarchy. All of our PHP sites have something equivalent to the |
| 13 |
> > following in their apache vhost configs: |
| 14 |
> > |
| 15 |
> > php_admin_value open_basedir /var/www/example.com/www/ |
| 16 |
> > php_admin_value upload_tmp_dir /var/www/example.com/www/tmp |
| 17 |
> > php_admin_value session.save_path /var/www/example.com/www/tmp |
| 18 |
> > |
| 19 |
> > That way, if www.example.com is compromised, the rest of the machine is |
| 20 |
> > still safe (barring PHP bugs). |
| 21 |
> |
| 22 |
> There is a Squirrelmail document recommending that the Squirrelmail |
| 23 |
> data and attachments directories are established outside of the web |
| 24 |
> server's reach. /var is given as an example. They also recommend |
| 25 |
> root:apache 0730 for both directories. |
| 26 |
> |
| 27 |
> This is a little disturbing because my Squirrelmail data directory was |
| 28 |
> created under the webroot as apache:apache 0755 at some point. Would |
| 29 |
> this have been done by Gentoo? Should I file a bug? |
| 30 |
> |
| 31 |
> "Prepare data and attachment directories" |
| 32 |
> http://squirrelmail.org/docs/admin/admin-3.html |
| 33 |
> |
| 34 |
> - Grant |
| 35 |
|
| 36 |
I think the data-directory is included from upstream and is there to have it |
| 37 |
work when installing it "blindly". Recommendations are not always possible |
| 38 |
(think hosted environments) |
| 39 |
|
| 40 |
-- |
| 41 |
Joost |
Archives