1 |
On Friday, December 09, 2011 07:49:13 AM Grant wrote: |
2 |
> >> I ran squirrelmail/configtest.php and realized I don't have an |
3 |
> >> attachment directory set up for Squirrelmail: |
4 |
> >> |
5 |
> >> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not |
6 |
> >> exist! |
7 |
> >> |
8 |
> >> I don't even have a /var/local/. Would a good Gentoo'er create the |
9 |
> >> directory in that location? |
10 |
> > |
11 |
> > If a website needs to write files, let it do so under its own directory |
12 |
> > hierarchy. All of our PHP sites have something equivalent to the |
13 |
> > following in their apache vhost configs: |
14 |
> > |
15 |
> > php_admin_value open_basedir /var/www/example.com/www/ |
16 |
> > php_admin_value upload_tmp_dir /var/www/example.com/www/tmp |
17 |
> > php_admin_value session.save_path /var/www/example.com/www/tmp |
18 |
> > |
19 |
> > That way, if www.example.com is compromised, the rest of the machine is |
20 |
> > still safe (barring PHP bugs). |
21 |
> |
22 |
> There is a Squirrelmail document recommending that the Squirrelmail |
23 |
> data and attachments directories are established outside of the web |
24 |
> server's reach. /var is given as an example. They also recommend |
25 |
> root:apache 0730 for both directories. |
26 |
> |
27 |
> This is a little disturbing because my Squirrelmail data directory was |
28 |
> created under the webroot as apache:apache 0755 at some point. Would |
29 |
> this have been done by Gentoo? Should I file a bug? |
30 |
> |
31 |
> "Prepare data and attachment directories" |
32 |
> http://squirrelmail.org/docs/admin/admin-3.html |
33 |
> |
34 |
> - Grant |
35 |
|
36 |
I think the data-directory is included from upstream and is there to have it |
37 |
work when installing it "blindly". Recommendations are not always possible |
38 |
(think hosted environments) |
39 |
|
40 |
-- |
41 |
Joost |