Addition/Secure.Your.Exist.iRedAdmin
From iRedMail
Revision as of 05:28, 23 July 2010 by ZhangHuangbin (Talk | contribs)
Contents |
If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.
Create a new system account
We will make iRedAdmin run with Apache web server, but as non-apache, low privilege user: iredadmin.
| Terminal: |
# # ---- On Linux ---- # # useradd -s /sbin/nologin -M -d /home/iredadadmin iredadmin # # ---- On FreeBSD ---- # # pw useradd -s /sbin/nologin -d /home/iredadmin -n iredadmin |
Configure Apache
Edit Apache config file of iRedAdmin, make iRedAdmin run as user 'iredadmin'. File localtion on different distributions:
- RHEL/CentOS: /etc/httpd/conf.d/iredadmin.conf
- Debian/Ubuntu: /etc/apache2/conf.d/iredadmin.conf
- FreeBSD: /usr/local/etc/apache22/Includes/iredadmin.conf
| File: iredadmin.conf |
WSGISocketPrefix /var/run/wsgi WSGIDaemonProcess iredadmin user=iredadmin threads=15 WSGIProcessGroup iredadmin |
Change file permissions
Change current directory to apache server root directory:
| Terminal: |
# # ---- On RHEL/CentOS ---- # # cd /var/www/ # # ---- On Debian/Ubuntu ---- # # cd /usr/share/apache2/ # # ---- On FreeBSD ---- # # cd /usr/local/www/ |
Change file permissions:
| Terminal: |
# chown -R iredadmin:iredadmin iRedAdmin-x.y.z # chmod -R 0755 iRedAdmin-x.y.z # chmod 0600 iRedAdmin-x.y.z/settings.ini |
Restart Apache
Restart Apache to make changes work.
Verify it
You can simply use top command to verify it:
| Terminal: |
# # ---- Sample output ---- # # top -u iredadmin PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3978 iredadmi 25 0 458m 7052 1028 S 0.0 1.4 0:00.00 httpd |
Credits
We'd like to thank supanji12@YouTube for his/her great video tutorial: http://www.youtube.com/watch?v=o285XYJTGQw
