Addition/Secure.Your.Exist.iRedAdmin
From iRedMail
(→Create a new system account) |
(→Create a new system account) |
||
| (3 intermediate revisions not shown) | |||
| Line 10: | Line 10: | ||
# ---- On Linux ---- | # ---- On Linux ---- | ||
# | # | ||
| - | # useradd -s /sbin/nologin - | + | # useradd -s /sbin/nologin -m -d /home/iredadmin iredadmin |
# | # | ||
# ---- On FreeBSD ---- | # ---- On FreeBSD ---- | ||
# | # | ||
| - | # pw useradd -s /sbin/nologin -d /home/iredadmin -n iredadmin | + | # pw useradd -s /sbin/nologin -d /home/iredadmin -m -n iredadmin |
</pre>}} | </pre>}} | ||
| + | |||
| + | Note: Don't forget to use '''-m''' flag to create HOME directory, otherwise apache can't chroot process to this directory. | ||
= Configure Apache = | = Configure Apache = | ||
| Line 70: | Line 72: | ||
3978 iredadmi 25 0 458m 7052 1028 S 0.0 1.4 0:00.00 httpd | 3978 iredadmi 25 0 458m 7052 1028 S 0.0 1.4 0:00.00 httpd | ||
</pre>}} | </pre>}} | ||
| + | |||
| + | = Credits = | ||
| + | We'd like to thank supanji12@YouTube for his/her great video tutorial: http://www.youtube.com/watch?v=o285XYJTGQw | ||
Revision as of 05:01, 9 October 2010
Contents |
If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.
Create a new system account
We will make iRedAdmin run with Apache web server, but as non-apache, low privilege user: iredadmin.
| Terminal: |
# # ---- On Linux ---- # # useradd -s /sbin/nologin -m -d /home/iredadmin iredadmin # # ---- On FreeBSD ---- # # pw useradd -s /sbin/nologin -d /home/iredadmin -m -n iredadmin |
Note: Don't forget to use -m flag to create HOME directory, otherwise apache can't chroot process to this directory.
Configure Apache
Edit Apache config file of iRedAdmin, make iRedAdmin run as user 'iredadmin'. File localtion on different distributions:
- RHEL/CentOS: /etc/httpd/conf.d/iredadmin.conf
- Debian/Ubuntu: /etc/apache2/conf.d/iredadmin.conf
- FreeBSD: /usr/local/etc/apache22/Includes/iredadmin.conf
| File: iredadmin.conf |
WSGISocketPrefix /var/run/wsgi WSGIDaemonProcess iredadmin user=iredadmin threads=15 WSGIProcessGroup iredadmin |
Change file permissions
Change current directory to apache server root directory:
| Terminal: |
# # ---- On RHEL/CentOS ---- # # cd /var/www/ # # ---- On Debian/Ubuntu ---- # # cd /usr/share/apache2/ # # ---- On FreeBSD ---- # # cd /usr/local/www/ |
Change file permissions:
| Terminal: |
# chown -R iredadmin:iredadmin iRedAdmin-x.y.z # chmod -R 0755 iRedAdmin-x.y.z # chmod 0600 iRedAdmin-x.y.z/settings.ini |
Restart Apache
Restart Apache to make changes work.
Verify it
You can simply use top command to verify it:
| Terminal: |
# # ---- Sample output ---- # # top -u iredadmin PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3978 iredadmi 25 0 458m 7052 1028 S 0.0 1.4 0:00.00 httpd |
Credits
We'd like to thank supanji12@YouTube for his/her great video tutorial: http://www.youtube.com/watch?v=o285XYJTGQw
