Re: [RCU] Update 0.5.2 is out

[J4K]

Hi,

    I am now back in work, and can check the server. 

The RC installation is already on a mount point with noexec,nosuid. I
could not remember last night. I don't know what could be gained by
moving the temp dir outside of the RC installation. Might be unwanted.

 I use syslog, but the logging directory is set-up any way.  Perms are
root:www-date, 770.

A  note about the vhost config:   (logs dir is defined in case it is
ever used. Unlikely that this is)
        <Directory /www/roundcube/temp>
                Options -FollowSymLinks
                AllowOverride None
                Order allow,deny
                Deny from all
        </Directory>
        <Directory /www/roundcube/logs>
                Options -FollowSymLinks
                AllowOverride None
                Order allow,deny
                Deny from all
        </Directory>



On 04/27/2011 10:30 PM, JK4 wrote:
>
> Hi Claudio,
>
>   PHP is only set in /etc/php5/apache2/php.ini (or somewhere like this).
>
>   Syslog is used for logging.
>
>   No logging to files.
>
>   The only writeable directory is *<installdir>/temp*, which is 770
> and root:www-data.  Additionally, the mounts have nosuid on there.
>  However, I would like to relocate the temp dir off to another mount
> point which is mounted with nosuid,noexec.  Unsure if Roundcube allows
> for this. Does anyone know?
>
> J. 
>
> On Wed, 27 Apr 2011 21:26:56 +0200, Claudio Kuenzler wrote:
>
>> For example for PHP settings, as these can be adjusted for Roundcube
>> in the .htaccess.
>> If you have a dedicated server for Roundcube then you could also set
>> it all in your php.ini.
>>
>> What about the log dirs? They must be writable by the web server or
>> do you use syslog?
>>
>> (sorry jkl for sending this twice, forgot to add RC users list to cc)
>>
>> On Wed, Apr 27, 2011 at 8:38 PM, JKL <ju...@klunky.co.uk
>> <mailto:ju...@klunky.co.uk>> wrote:
>>
>>     No, I disagree. Why do I need an .htaccess?
>>
>>     All files are either 644 400, and all dirs are either 700 or 755
>>     where
>>     applicable.
>>
>>     All files owned by root.
>>
>>     Please elaborate?
>>
>>     On 04/27/2011 08:01 PM, Michael wrote:
>>     > Hi
>>     >
>>     >   I strongly recommend yo create the .htaccess files to secure your
>>     > installation from unsavoury access.
>>     >
>>     > R e g a r d s
>>     > M i c h a e l  L  G r i f f i n
>>     > Please consider the environment before printing this email
>>     >
>>     > He who play in root,
>>     >            eventually kill tree.
>>     >
>>     >
>>     >
>>     > On 27 April 2011 12:42, J4K <ju...@klunky.co.uk
>>     <mailto:ju...@klunky.co.uk>> wrote:
>>     >> On 04/27/2011 12:34 PM, J4K wrote:
>>     >>
>>     >> On 04/22/2011 08:02 PM, Thomas Bruederli wrote:
>>     >>
>>     >> Dear Roundcube users and lovers,
>>     >>
>>     >> We're happy to announce another release of the Roundcube webmail
>>     >> suite. This service update brings some more bug fixes and
>>     stability
>>     >> improvements and it includes an updated version of the TinyMCE
>>     editor
>>     >> which is now supposed to work correctly in IE9.
>>     >>
>>     >> It is considered stable and we recommend to update all existing
>>     >> Roundcube installation with this release. For a complete list of
>>     >> changes see http://trac.roundcube.net/wiki/Changelog. Packages
>>     can be
>>     >> downloaded from the usual place: http://roundcube.net/download
>>     >>
>>     >> Have fun and happy easter,
>>     >> Thomas
>>     >>
>>     >> Hi all,
>>     >>
>>     >>     I just upgraded to 0.5.2. Easy to do.  However, I noticed
>>      that the
>>     >> address book entries have disappeared.
>>     >>
>>     >> The entries are still in the dB, yet RC does not display these.
>>     >>
>>     >> Example:
>>     >> |       5 |
>>     >> |         36 | 2011-04-01 16:32:09 |   1 |
>>     >> lyn....@aaa.co.uk <mailto:lyn....@aaa.co.uk>
>>     >> | fred.f...@aaaa.co.uk <mailto:fred.f...@aaaa.co.uk>          
>>      |           |          | BEGIN:VCARD
>>     >> VERSION:3.0
>>     >> FN:lyn....@aaa.co.uk <mailto:fn%3alyn....@aaa.co.uk>
>>     >> N:;;;;
>>     >> EMAIL;type=INTERNET;type=HOME;type=pref:fred.f...@aaa.co.uk
>>     <mailto:pref%3afred.f...@aaa.co.uk>
>>     >> END:VCARD
>>     >>
>>     >> Perhaps the userids are not matching up?
>>     >>
>>     >> | user_id    | int(10) unsigned | NO   | MUL | 0
>>     >> |                |
>>     >>
>>     >> I ought to mend this before the users notice... Hmm.
>>     >>
>>     >> Regards, S
>>     >>
>>     >> By the way, just checked the apache error logs and noticed these:
>>     >>
>>     >> [Wed Apr 27 12:24:31 2011] [crit] [client 11.11.11.11]
>>     (13)Permission
>>     >> denied: /www/roundcube/admin/.htaccess pcfg_openfile: unable
>>     to check
>>     >> htaccess file, ensure it is readable, referer:
>>     >> https://webmail.xxx.xxx.co.uk/?_task=logout
>>     >>
>>     >> There is no /www/roundcube/admin/.htaccess configured. Why is
>>     it trying to
>>     >> access this? Perhaps there I can disable this somewhere as I
>>     don't use
>>     >> htaccess files.
>>     >>
>>     >>
>>     >>
>>     >> --
>>     >> List info: http://lists.roundcube.net/users/
>>     >> BT/c4100e82
>>     >>
>>     >>
>>     --
>>     List info: http://lists.roundcube.net/users/
>>     BT/e21360c6
>>
>  


-- 
List info: http://lists.roundcube.net/users/
BT/8f4f07cd