| 1 |
>> I ran squirrelmail/configtest.php and realized I don't have an |
| 2 |
>> attachment directory set up for Squirrelmail: |
| 3 |
>> |
| 4 |
>> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist! |
| 5 |
>> |
| 6 |
>> I don't even have a /var/local/. Would a good Gentoo'er create the |
| 7 |
>> directory in that location? |
| 8 |
> |
| 9 |
> |
| 10 |
> If a website needs to write files, let it do so under its own directory |
| 11 |
> hierarchy. All of our PHP sites have something equivalent to the following |
| 12 |
> in their apache vhost configs: |
| 13 |
> |
| 14 |
> php_admin_value open_basedir /var/www/example.com/www/ |
| 15 |
> php_admin_value upload_tmp_dir /var/www/example.com/www/tmp |
| 16 |
> php_admin_value session.save_path /var/www/example.com/www/tmp |
| 17 |
> |
| 18 |
> That way, if www.example.com is compromised, the rest of the machine is |
| 19 |
> still safe (barring PHP bugs). |
| 20 |
|
| 21 |
There is a Squirrelmail document recommending that the Squirrelmail |
| 22 |
data and attachments directories are established outside of the web |
| 23 |
server's reach. /var is given as an example. They also recommend |
| 24 |
root:apache 0730 for both directories. |
| 25 |
|
| 26 |
This is a little disturbing because my Squirrelmail data directory was |
| 27 |
created under the webroot as apache:apache 0755 at some point. Would |
| 28 |
this have been done by Gentoo? Should I file a bug? |
| 29 |
|
| 30 |
"Prepare data and attachment directories" |
| 31 |
http://squirrelmail.org/docs/admin/admin-3.html |
| 32 |
|
| 33 |
- Grant |
Archives