On 2014-10-07 11:23, Robert Moskowitz wrote:
On 10/07/2014 02:26 AM, Gordan Bobic wrote:
On 10/07/2014 12:50 AM, Robert Moskowitz wrote:
I am making progress with postfixadmin. My earlier php problem SEEMed
to be because I was running it via http://ipaddr/... Once I setup
the
dns entry for this server then ran it as http://fqdn/... it worked.
To
get to an actual setup error:
Error: Smarty template compile directory templates_c is not writable.
Please make it writable.
If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.
templates_c is writable:
4 drwxrwxr-x 2 root root 4096 May 6 16:50 templates_c
And no selinux installed at all.
So any ideas from the outside looking at this? I asked on the
postfixadmin forum, but no answer there. yet.
If this is supposed to run under apache, then as far as the
permissions are concerned, everything will run as the apache user and
group. So you will either need to chown that directory to apache or
make the privileges 777.
I looked at that for 2 hours and I did not see that priv is 775.
changed to 777 and got it working. Sheesh, maybe I DO need those new
glasses... thanks.
777 permissions are a really bad practice. You should really chown
that to the user than needs to have it writable and chmod it to 700.
I have to say I am somewhat surprised that you are running such a web
management interface after expressing concern regarding security
patches and the lack of working SELinux and. Web based management
interfaces like this are one of the most common attack vectors.
I am not a happy camper. Two mitigating factors:
Only the virtual roundcubemail is globally accessable. The regular
server, which can only do this postfixadmin, is allowed only to the
local net.
I hardly ever make email account changes, so the plan is this will
only be available internally for those infrequent accounting changes.
Really only the initial mail setup.
As a counterpoint, you probably already spent longer getting the
web administration tool to work than it would have taken you to
learn how to configure postfix using it's configuration files
in /etc/postfix/ ...
Of course roundcubemail is its own set of problems, but I do have to
provide web imap email.
Roundcube isn't really that problematic, I've been running it for
years. Having said that, I run it on a dedicated VServer instance,
so any scope for damage even if it did turn out to have an exploit
is very limited.
I generally prefer to use VServer/LXC/OpenVZ to isolate
instances if I need to have things running efficiently
on a single machine. It mitigates at least some types of
possible attack. Of course, those require rebuilding
the kernel with suitable patches, if they are not already
in the kernel you are using...
Gordan
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
