Addition/Protect.Configure.Files
From iRedMail
(Difference between revisions)
| Line 11: | Line 11: | ||
# chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /etc/amavisd.conf # Amavisd | # chmod 0640 /etc/amavisd.conf # Amavisd | ||
| + | # chown -R root:root /var/www/roundcubemail-x.y.z/ # Roundcube Webmail | ||
| + | # chown apache:apache /var/www/roundcubemail-x.y.z/config/*inc.php | ||
| + | # chmod 0640 /var/www/roundcubemail-x.y.z/config/*inc.php | ||
# chmod 0600 /etc/httpd/conf.d/awstats.conf # Awstats | # chmod 0600 /etc/httpd/conf.d/awstats.conf # Awstats | ||
</pre>}} | </pre>}} | ||
| Line 19: | Line 22: | ||
# chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /etc/amavis/conf.d/50-user # Amavisd | # chmod 0640 /etc/amavis/conf.d/50-user # Amavisd | ||
| + | # chown -R root:root /usr/share/roundcubemail-x.y.z/ # Roundcube Webmail | ||
| + | # chown www-data:www-data /usr/share/roundcubemail-x.y.z/config/*inc.php | ||
| + | # chmod 0640 /usr/share/roundcubemail-x.y.z/config/*inc.php | ||
# chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats | # chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats | ||
</pre>}} | </pre>}} | ||
| Line 27: | Line 33: | ||
# chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /usr/local/etc/amavisd.conf # Amavisd | # chmod 0640 /usr/local/etc/amavisd.conf # Amavisd | ||
| + | # chown -R root:root /usr/local/www/roundcubemail/ # Roundcube Webmail | ||
| + | # chown www:www /usr/local/www/roundcubemail/config/*inc.php | ||
| + | # chmod 0640 /usr/local/www/roundcubemail/config/*inc.php | ||
# chmod 0600 /usr/local/etc/apache22/Includes/awstats.conf # Awstats | # chmod 0600 /usr/local/etc/apache22/Includes/awstats.conf # Awstats | ||
</pre>}} | </pre>}} | ||
Revision as of 08:54, 25 July 2010
iRedMail-0.6.0 and earlier versions didn't set strict file permission on config files, even they contain username/passwords. Below's a quick fix, if you found that we missed some other files, please contact us.
Note:
- iRedAPD-1.3.3 is set to run as a low privilege user, if you didn't upgrade it, please reinstall it with iRedAPD install tutorial.
- iRedAdmin is set to run as a low privilege user, if you didn't apply this, please read this simple tutorial: Secure your exist iRedAdmin.
Steps:
- On RHEL/CentOS:
| Terminal: |
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavisd.conf # Amavisd # chown -R root:root /var/www/roundcubemail-x.y.z/ # Roundcube Webmail # chown apache:apache /var/www/roundcubemail-x.y.z/config/*inc.php # chmod 0640 /var/www/roundcubemail-x.y.z/config/*inc.php # chmod 0600 /etc/httpd/conf.d/awstats.conf # Awstats |
- On Debian/Ubuntu:
| Terminal: |
# chmod 0500 /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavis/conf.d/50-user # Amavisd # chown -R root:root /usr/share/roundcubemail-x.y.z/ # Roundcube Webmail # chown www-data:www-data /usr/share/roundcubemail-x.y.z/config/*inc.php # chmod 0640 /usr/share/roundcubemail-x.y.z/config/*inc.php # chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats |
- On FreeBSD:
| Terminal: |
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /usr/local/etc/amavisd.conf # Amavisd # chown -R root:root /usr/local/www/roundcubemail/ # Roundcube Webmail # chown www:www /usr/local/www/roundcubemail/config/*inc.php # chmod 0640 /usr/local/www/roundcubemail/config/*inc.php # chmod 0600 /usr/local/etc/apache22/Includes/awstats.conf # Awstats |
