From iRedMail

Revision as of 07:14, 25 July 2010

If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.

Create a new system account

We will make iRedAdmin run with Apache web server, but as non-apache, low privilege user: iredadmin.

#
# ---- On Linux ----
# 
# useradd -s /sbin/nologin -m -d /home/iredadadmin iredadmin

#
# ---- On FreeBSD ----
#
# pw useradd -s /sbin/nologin -d /home/iredadmin -m -n iredadmin

Configure Apache

Edit Apache config file of iRedAdmin, make iRedAdmin run as user 'iredadmin'. File localtion on different distributions:

• RHEL/CentOS: /etc/httpd/conf.d/iredadmin.conf
• Debian/Ubuntu: /etc/apache2/conf.d/iredadmin.conf
• FreeBSD: /usr/local/etc/apache22/Includes/iredadmin.conf

WSGISocketPrefix /var/run/wsgi
WSGIDaemonProcess iredadmin user=iredadmin threads=15
WSGIProcessGroup iredadmin

Change file permissions

Change current directory to apache server root directory:

#
# ---- On RHEL/CentOS ----
#
# cd /var/www/

#
# ---- On Debian/Ubuntu ----
#
# cd /usr/share/apache2/

#
# ---- On FreeBSD ----
#
# cd /usr/local/www/

Change file permissions:

# chown -R iredadmin:iredadmin iRedAdmin-x.y.z
# chmod -R 0755 iRedAdmin-x.y.z
# chmod 0600 iRedAdmin-x.y.z/settings.ini

Restart Apache

Restart Apache to make changes work.

Verify it

You can simply use top command to verify it:

#
# ---- Sample output ----
#
# top -u iredadmin
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                        
 3978 iredadmi  25   0  458m 7052 1028 S  0.0  1.4   0:00.00 httpd

Credits

We'd like to thank supanji12@YouTube for his/her great video tutorial: http://www.youtube.com/watch?v=o285XYJTGQw