Addition/Protect.Configure.Files
From iRedMail
(Difference between revisions)
| (2 intermediate revisions not shown) | |||
| Line 9: | Line 9: | ||
{{cmd|<pre> | {{cmd|<pre> | ||
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot | # chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot | ||
| + | # chgrp postfix /etc/postfix/ldap_*.cf /etc/postfix/mysql_*.cf # Postfix | ||
# chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /etc/amavisd.conf # Amavisd | # chmod 0640 /etc/amavisd.conf # Amavisd | ||
| Line 20: | Line 21: | ||
{{cmd|<pre> | {{cmd|<pre> | ||
# chmod 0500 /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-mysql.conf # Dovecot | # chmod 0500 /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-mysql.conf # Dovecot | ||
| + | # chgrp postfix /etc/postfix/ldap_*.cf /etc/postfix/mysql_*.cf # Postfix | ||
# chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /etc/amavis/conf.d/50-user # Amavisd | # chmod 0640 /etc/amavis/conf.d/50-user # Amavisd | ||
| - | # chown -R root:root /usr/share/roundcubemail-x.y.z/ # Roundcube Webmail | + | # chown -R root:root /usr/share/apache2/roundcubemail-x.y.z/ # Roundcube Webmail |
| - | # chown www-data:www-data /usr/share/roundcubemail-x.y.z/config/*inc.php | + | # chown www-data:www-data /usr/share/apache2/roundcubemail-x.y.z/config/*inc.php |
| - | # chmod 0640 /usr/share/roundcubemail-x.y.z/config/*inc.php | + | # chmod 0640 /usr/share/apache2/roundcubemail-x.y.z/config/*inc.php |
# chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats | # chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats | ||
</pre>}} | </pre>}} | ||
| Line 30: | Line 32: | ||
* On FreeBSD: | * On FreeBSD: | ||
{{cmd|<pre> | {{cmd|<pre> | ||
| - | # chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot | + | # chmod 0500 /usr/local/etc/dovecot-ldap.conf /usr/local/etc/dovecot-mysql.conf # Dovecot |
| - | # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix | + | # chgrp postfix /usr/local/etc/postfix/ldap_*.cf /usr/local/etc/postfix/mysql_*.cf # Postfix |
| + | # chmod 0640 /usr/local/etc/postfix/ldap_*.cf /usr/local/etc/postfix/mysql_*cf # Postfix | ||
# chmod 0640 /usr/local/etc/amavisd.conf # Amavisd | # chmod 0640 /usr/local/etc/amavisd.conf # Amavisd | ||
# chown -R root:root /usr/local/www/roundcubemail/ # Roundcube Webmail | # chown -R root:root /usr/local/www/roundcubemail/ # Roundcube Webmail | ||
Current revision as of 09:05, 25 July 2010
iRedMail-0.6.0 and earlier versions didn't set strict file permission on config files, even they contain username/passwords. Below's a quick fix, if you found that we missed some other files, please contact us.
Note:
- iRedAPD-1.3.3 is set to run as a low privilege user, if you didn't upgrade it, please reinstall it with iRedAPD install tutorial.
- iRedAdmin is set to run as a low privilege user, if you didn't apply this, please read this simple tutorial: Secure your exist iRedAdmin.
Steps:
- On RHEL/CentOS:
| Terminal: |
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot # chgrp postfix /etc/postfix/ldap_*.cf /etc/postfix/mysql_*.cf # Postfix # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavisd.conf # Amavisd # chown -R root:root /var/www/roundcubemail-x.y.z/ # Roundcube Webmail # chown apache:apache /var/www/roundcubemail-x.y.z/config/*inc.php # chmod 0640 /var/www/roundcubemail-x.y.z/config/*inc.php # chmod 0600 /etc/httpd/conf.d/awstats.conf # Awstats |
- On Debian/Ubuntu:
| Terminal: |
# chmod 0500 /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-mysql.conf # Dovecot # chgrp postfix /etc/postfix/ldap_*.cf /etc/postfix/mysql_*.cf # Postfix # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavis/conf.d/50-user # Amavisd # chown -R root:root /usr/share/apache2/roundcubemail-x.y.z/ # Roundcube Webmail # chown www-data:www-data /usr/share/apache2/roundcubemail-x.y.z/config/*inc.php # chmod 0640 /usr/share/apache2/roundcubemail-x.y.z/config/*inc.php # chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats |
- On FreeBSD:
| Terminal: |
# chmod 0500 /usr/local/etc/dovecot-ldap.conf /usr/local/etc/dovecot-mysql.conf # Dovecot # chgrp postfix /usr/local/etc/postfix/ldap_*.cf /usr/local/etc/postfix/mysql_*.cf # Postfix # chmod 0640 /usr/local/etc/postfix/ldap_*.cf /usr/local/etc/postfix/mysql_*cf # Postfix # chmod 0640 /usr/local/etc/amavisd.conf # Amavisd # chown -R root:root /usr/local/www/roundcubemail/ # Roundcube Webmail # chown www:www /usr/local/www/roundcubemail/config/*inc.php # chmod 0640 /usr/local/www/roundcubemail/config/*inc.php # chmod 0600 /usr/local/etc/apache22/Includes/awstats.conf # Awstats |
