public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Gentoo location for squirrelmail attachments
@ 2011-12-08 19:17 Grant
  2011-12-08 19:37 ` Stroller
  2011-12-09  2:49 ` Michael Orlitzky
  0 siblings, 2 replies; 10+ messages in thread
From: Grant @ 2011-12-08 19:17 UTC (permalink / raw
  To: Gentoo mailing list

I ran squirrelmail/configtest.php and realized I don't have an
attachment directory set up for Squirrelmail:

ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!

I don't even have a /var/local/.  Would a good Gentoo'er create the
directory in that location?

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-08 19:17 [gentoo-user] Gentoo location for squirrelmail attachments Grant
@ 2011-12-08 19:37 ` Stroller
  2011-12-09  6:51   ` J. Roeleveld
  2011-12-09  2:49 ` Michael Orlitzky
  1 sibling, 1 reply; 10+ messages in thread
From: Stroller @ 2011-12-08 19:37 UTC (permalink / raw
  To: gentoo-user


On 8 December 2011, at 19:17, Grant wrote:

> I ran squirrelmail/configtest.php and realized I don't have an
> attachment directory set up for Squirrelmail:
> 
> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!
> 
> I don't even have a /var/local/.  Would a good Gentoo'er create the
> directory in that location?

Is this a new installation of Squirrelmail or an existing one?

When you install Squirrelmail you're supposed to (last time I did so, which is admittedly a long time ago) run a setup program (it uses curses / text-menus). That asks what kind of IMAP server you're going to be connecting to (it works with all of them, but optimises itself for different ones), and the naming convention for Trash / Deleted Items, Drafts &c on your server. 

I would have thought paths like this would be configured during this setup stage. I'm pretty sure it's safe to rerun this setup program at any time.

Stroller.
 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-08 19:17 [gentoo-user] Gentoo location for squirrelmail attachments Grant
  2011-12-08 19:37 ` Stroller
@ 2011-12-09  2:49 ` Michael Orlitzky
  2011-12-09 15:49   ` Grant
  1 sibling, 1 reply; 10+ messages in thread
From: Michael Orlitzky @ 2011-12-09  2:49 UTC (permalink / raw
  To: gentoo-user

On 12/08/2011 02:17 PM, Grant wrote:
> I ran squirrelmail/configtest.php and realized I don't have an
> attachment directory set up for Squirrelmail:
>
> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!
>
> I don't even have a /var/local/.  Would a good Gentoo'er create the
> directory in that location?

If a website needs to write files, let it do so under its own directory 
hierarchy. All of our PHP sites have something equivalent to the 
following in their apache vhost configs:

   php_admin_value open_basedir /var/www/example.com/www/
   php_admin_value upload_tmp_dir /var/www/example.com/www/tmp
   php_admin_value session.save_path /var/www/example.com/www/tmp

That way, if www.example.com is compromised, the rest of the machine is 
still safe (barring PHP bugs).



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-08 19:37 ` Stroller
@ 2011-12-09  6:51   ` J. Roeleveld
  2011-12-09 15:51     ` Grant
  0 siblings, 1 reply; 10+ messages in thread
From: J. Roeleveld @ 2011-12-09  6:51 UTC (permalink / raw
  To: gentoo-user

On Thu, December 8, 2011 8:37 pm, Stroller wrote:
>
> On 8 December 2011, at 19:17, Grant wrote:
>
>> I ran squirrelmail/configtest.php and realized I don't have an
>> attachment directory set up for Squirrelmail:
>>
>> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!
>>
>> I don't even have a /var/local/.  Would a good Gentoo'er create the
>> directory in that location?
>
> Is this a new installation of Squirrelmail or an existing one?
>
> When you install Squirrelmail you're supposed to (last time I did so,
> which is admittedly a long time ago) run a setup program (it uses curses /
> text-menus). That asks what kind of IMAP server you're going to be
> connecting to (it works with all of them, but optimises itself for
> different ones), and the naming convention for Trash / Deleted Items,
> Drafts &c on your server.
>
> I would have thought paths like this would be configured during this setup
> stage. I'm pretty sure it's safe to rerun this setup program at any time.

Yes, it can be rerun at any time.

The script is in the webroot where you installed squirrelmail and is
called "configure".

Simply run that, then select option "4" (General Options).
The directories you want to check/change are the first 2.

HTH,

Joost




^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09  2:49 ` Michael Orlitzky
@ 2011-12-09 15:49   ` Grant
  2011-12-09 16:09     ` Michael Orlitzky
  2011-12-09 16:14     ` Joost Roeleveld
  0 siblings, 2 replies; 10+ messages in thread
From: Grant @ 2011-12-09 15:49 UTC (permalink / raw
  To: gentoo-user

>> I ran squirrelmail/configtest.php and realized I don't have an
>> attachment directory set up for Squirrelmail:
>>
>> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!
>>
>> I don't even have a /var/local/.  Would a good Gentoo'er create the
>> directory in that location?
>
>
> If a website needs to write files, let it do so under its own directory
> hierarchy. All of our PHP sites have something equivalent to the following
> in their apache vhost configs:
>
>  php_admin_value open_basedir /var/www/example.com/www/
>  php_admin_value upload_tmp_dir /var/www/example.com/www/tmp
>  php_admin_value session.save_path /var/www/example.com/www/tmp
>
> That way, if www.example.com is compromised, the rest of the machine is
> still safe (barring PHP bugs).

There is a Squirrelmail document recommending that the Squirrelmail
data and attachments directories are established outside of the web
server's reach.  /var is given as an example.  They also recommend
root:apache 0730 for both directories.

This is a little disturbing because my Squirrelmail data directory was
created under the webroot as apache:apache 0755 at some point.  Would
this have been done by Gentoo?  Should I file a bug?

"Prepare data and attachment directories"
http://squirrelmail.org/docs/admin/admin-3.html

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09  6:51   ` J. Roeleveld
@ 2011-12-09 15:51     ` Grant
  2011-12-09 16:08       ` Joost Roeleveld
  0 siblings, 1 reply; 10+ messages in thread
From: Grant @ 2011-12-09 15:51 UTC (permalink / raw
  To: gentoo-user

>>> I ran squirrelmail/configtest.php and realized I don't have an
>>> attachment directory set up for Squirrelmail:
>>>
>>> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist!
>>>
>>> I don't even have a /var/local/.  Would a good Gentoo'er create the
>>> directory in that location?
>>
>> Is this a new installation of Squirrelmail or an existing one?
>>
>> When you install Squirrelmail you're supposed to (last time I did so,
>> which is admittedly a long time ago) run a setup program (it uses curses /
>> text-menus). That asks what kind of IMAP server you're going to be
>> connecting to (it works with all of them, but optimises itself for
>> different ones), and the naming convention for Trash / Deleted Items,
>> Drafts &c on your server.
>>
>> I would have thought paths like this would be configured during this setup
>> stage. I'm pretty sure it's safe to rerun this setup program at any time.
>
> Yes, it can be rerun at any time.
>
> The script is in the webroot where you installed squirrelmail and is
> called "configure".
>
> Simply run that, then select option "4" (General Options).
> The directories you want to check/change are the first 2.

That is the script which sets the location of the attachment
directory, which I think is what you meant.  I could be wrong but I
think Stroller was referring to a script that actually creates the
directory.

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09 15:51     ` Grant
@ 2011-12-09 16:08       ` Joost Roeleveld
  0 siblings, 0 replies; 10+ messages in thread
From: Joost Roeleveld @ 2011-12-09 16:08 UTC (permalink / raw
  To: gentoo-user

On Friday, December 09, 2011 07:51:16 AM Grant wrote:
<SNIPPED>

> > The script is in the webroot where you installed squirrelmail and is
> > called "configure".
> > 
> > Simply run that, then select option "4" (General Options).
> > The directories you want to check/change are the first 2.
> 
> That is the script which sets the location of the attachment
> directory, which I think is what you meant.  I could be wrong but I
> think Stroller was referring to a script that actually creates the
> directory.
> 
> - Grant

I don't think there is a script that automatically creates the directory.
If there is, I haven't seen it yet.

--
Joost



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09 15:49   ` Grant
@ 2011-12-09 16:09     ` Michael Orlitzky
  2011-12-09 16:14     ` Joost Roeleveld
  1 sibling, 0 replies; 10+ messages in thread
From: Michael Orlitzky @ 2011-12-09 16:09 UTC (permalink / raw
  To: gentoo-user

On 12/09/2011 10:49 AM, Grant wrote:
>
> There is a Squirrelmail document recommending that the Squirrelmail
> data and attachments directories are established outside of the web
> server's reach.  /var is given as an example.

The two aren't mutually exclusive; using the previous example, we have,

   php_admin_value upload_tmp_dir /var/www/example.com/www/tmp
   DocumentRoot                   /var/www/example.com/www/public

so Apache can't serve up the temporary files. But sticking them both 
under /var/www/example.com/www does allow you to use tighter 
open_basedir restrictions.


> This is a little disturbing because my Squirrelmail data directory was
> created under the webroot as apache:apache 0755 at some point.  Would
> this have been done by Gentoo?  Should I file a bug?

I'm not sure. There's probably a policy that says one of two things:

   1. Ebuilds should by default set up everything as securely as
      possible, or

   2. Ebuilds should not mess with upstream

I've honestly never used Gentoo's webapp stuff; it confuses the hell out 
of me.



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09 15:49   ` Grant
  2011-12-09 16:09     ` Michael Orlitzky
@ 2011-12-09 16:14     ` Joost Roeleveld
  2011-12-09 18:24       ` Grant
  1 sibling, 1 reply; 10+ messages in thread
From: Joost Roeleveld @ 2011-12-09 16:14 UTC (permalink / raw
  To: gentoo-user

On Friday, December 09, 2011 07:49:13 AM Grant wrote:
> >> I ran squirrelmail/configtest.php and realized I don't have an
> >> attachment directory set up for Squirrelmail:
> >> 
> >> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not
> >> exist!
> >> 
> >> I don't even have a /var/local/.  Would a good Gentoo'er create the
> >> directory in that location?
> > 
> > If a website needs to write files, let it do so under its own directory
> > hierarchy. All of our PHP sites have something equivalent to the
> > following in their apache vhost configs:
> > 
> >  php_admin_value open_basedir /var/www/example.com/www/
> >  php_admin_value upload_tmp_dir /var/www/example.com/www/tmp
> >  php_admin_value session.save_path /var/www/example.com/www/tmp
> > 
> > That way, if www.example.com is compromised, the rest of the machine is
> > still safe (barring PHP bugs).
> 
> There is a Squirrelmail document recommending that the Squirrelmail
> data and attachments directories are established outside of the web
> server's reach.  /var is given as an example.  They also recommend
> root:apache 0730 for both directories.
> 
> This is a little disturbing because my Squirrelmail data directory was
> created under the webroot as apache:apache 0755 at some point.  Would
> this have been done by Gentoo?  Should I file a bug?
> 
> "Prepare data and attachment directories"
> http://squirrelmail.org/docs/admin/admin-3.html
> 
> - Grant

I think the data-directory is included from upstream and is there to have it 
work when installing it "blindly". Recommendations are not always possible 
(think hosted environments)

--
Joost



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Gentoo location for squirrelmail attachments
  2011-12-09 16:14     ` Joost Roeleveld
@ 2011-12-09 18:24       ` Grant
  0 siblings, 0 replies; 10+ messages in thread
From: Grant @ 2011-12-09 18:24 UTC (permalink / raw
  To: gentoo-user

>> There is a Squirrelmail document recommending that the Squirrelmail
>> data and attachments directories are established outside of the web
>> server's reach.  /var is given as an example.  They also recommend
>> root:apache 0730 for both directories.
>>
>> This is a little disturbing because my Squirrelmail data directory was
>> created under the webroot as apache:apache 0755 at some point.  Would
>> this have been done by Gentoo?  Should I file a bug?
>>
>> "Prepare data and attachment directories"
>> http://squirrelmail.org/docs/admin/admin-3.html
>>
>> - Grant
>
> I think the data-directory is included from upstream and is there to have it
> work when installing it "blindly". Recommendations are not always possible
> (think hosted environments)

The Squirrelmail list is telling me:

> SquirrelMail doesn't create any directories aside from the ones
> contained in the installation itself.  It doesn't put anything in your
> webroot or anywhere else unless you're using some third party
> installer that does other things.
>
> Maybe you should file a bug report against whatever entity it was that
> provided the package that did that.

Does this sound like a Gentoo bug I should report?

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2011-12-09 18:25 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-08 19:17 [gentoo-user] Gentoo location for squirrelmail attachments Grant
2011-12-08 19:37 ` Stroller
2011-12-09  6:51   ` J. Roeleveld
2011-12-09 15:51     ` Grant
2011-12-09 16:08       ` Joost Roeleveld
2011-12-09  2:49 ` Michael Orlitzky
2011-12-09 15:49   ` Grant
2011-12-09 16:09     ` Michael Orlitzky
2011-12-09 16:14     ` Joost Roeleveld
2011-12-09 18:24       ` Grant

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox