On Nov 19, 2009, at 1:26 PM, [email protected] wrote: > > [r...@r13151 ~]# ls -All /home/fakessh/public_html/roundcube/ > total 92 > drwxr-xr-x 2 root root 4096 nov 18 22:10 bin > -rw-r--r-- 1 root root 2926 nov 18 22:10 CHANGELOG > drwxrwxrwx 2 root root 4096 nov 18 22:36 config > -rw-r--r-- 1 root root 9829 nov 18 22:10 index.php > -rw-r--r-- 1 root root 7645 nov 18 22:10 INSTALL > -rw-r--r-- 1 root root 17987 nov 18 22:10 LICENSE > drwxrwxrwx 2 root root 4096 nov 18 22:39 logs > drwxr-xr-x 22 root root 4096 nov 18 22:10 plugins > drwxr-xr-x 7 root root 4096 nov 18 22:10 program > -rw-r--r-- 1 root root 1856 nov 18 22:10 README > -rw-r--r-- 1 root root 26 nov 18 22:10 robots.txt > drwxr-xr-x 3 root root 4096 nov 18 22:10 skins > drwxr-xr-x 2 root root 4096 nov 18 22:10 SQL > drwxrwxrwx 2 root root 4096 nov 18 22:10 temp > -rw-r--r-- 1 root root 4668 nov 18 22:10 UPGRADING
As a security issue, your config directory is writable by the web server process. This could allow an attacker to write to your configuration file from a web script. The permissions on my install do not allow that. [ch...@mail roundcube]$ ls -l <snip> drwxr-xr-x 2 chasd users 4096 2009-11-03 17:18 config You don't want any user to have access to certain directories, but allow the web server process to write. This prevents snooping if an attacker gains access to some other account. drwxrwxr-x 2 chasd apache 4096 2009-11-16 08:59 logs drwxrwxr-x 2 chasd apache 4096 2009-11-18 15:26 temp The log files are owned by the web server process [ch...@mail roundcube]$ ls -l logs/ -rw-r--r-- 1 apache apache 415 2009-11-16 08:59 errors -rw-r--r-- 1 apache apache 1634 2009-11-18 15:26 sendmail > Yet there was much mail is sent on a problem with php-mcrypt > entitled [RCU] > mcrypt issues . I am not convinced that is your problem, there is no proof from log file errors. I think it would be best to fix your logging problem first. > I can go through the driver syslogd to try but I do not really know > how to > parameterize the > otherwise for the moment I have no log RoundCube writes its errors to the " errors " file in its logs directory. PHP writes errors however you have it configured, usually the web server error log ( /var/log/httpd/error_log ). Each log provides a different insight into the problem. You have many options to configure PHP logging in /etc/php.ini, read it to decide what is best for you. I personally don't like logging PHP errors to syslog, there is too much other stuff going into that log already. -- Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265 _______________________________________________ List info: http://lists.roundcube.net/users/
