Gerardo Contreras skrev den 2022-12-06 16:27:
Root should NOT own any directory that is publicly accessed, such as
web content. Should there be a breach, then the visitor will have root
access to the whole system. It is better if the directory is owned by
the web server, and that depends on your platform.
Have you checked other security mechanisms? Sometimes, for example,
SELinux on RedHat is a big pain in the butt if you don't configure it
properly.
any files in tarball MUST be owned by Root, period.
and all config.inc.php and default.inc.php included
excepteions is ./logs ./temp in tarball patch, check .htaccess files in
this dirs
SELinux is not needed to be on if strong unix permisions is enforced
_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users
