1

Topic: Secure your exist iRedAdmin

Hi, all.

Here's a simple tutorial to secure your exist iRedAdmin installation:
http://www.iredmail.org/wiki/index.php? … .iRedAdmin

The goal is to make iRedAdmin run as a low privilege user instead of Apache user.

Enjoy. smile

We'd like to thank supanji12@YouTube for his/her great video tutorial: http://www.youtube.com/watch?v=o285XYJTGQw

P.S. This was implemented in iRedMail moment ago.

2

Re: Secure your exist iRedAdmin

Hi,
is this really implemented in the next version of iredadmin?

I am running a few webpages on my iredmail box which use mpm-itk for running the vhosts with different user privileges (unfortunately this doesnt seem to work with phyton/iredadmin).

using the mentioned method uses an extra of 200mb ram on my box. this is because i have changed back to running iredadmin as www-data.

Regards Felix

3

Re: Secure your exist iRedAdmin

This is implemented with mod_wsgi, not iRedAdmin.

4

Re: Secure your exist iRedAdmin

Yeah, but you wrote

ZhangHuangbin wrote:

P.S. This was implemented in iRedMail moment ago.

this is why i asked.

5

Re: Secure your exist iRedAdmin

Oh, sorry for the confuse, what i mean is i added this WSGI related settings in iRedMail script.

6

Re: Secure your exist iRedAdmin

No problem, as a default or optional setting? As I wrote I would vote for an optional feature.