Hi,

    I am now back in work, and can check the server. 

The RC installation is already on a mount point with noexec,nosuid. I could not remember last night. I don't know what could be gained by moving the temp dir outside of the RC installation. Might be unwanted.

 I use syslog, but the logging directory is set-up any way.  Perms are root:www-date, 770.

A  note about the vhost config:   (logs dir is defined in case it is ever used. Unlikely that this is)
        <Directory /www/roundcube/temp>
                Options -FollowSymLinks
                AllowOverride None
                Order allow,deny
                Deny from all
        </Directory>
        <Directory /www/roundcube/logs>
                Options -FollowSymLinks
                AllowOverride None
                Order allow,deny
                Deny from all
        </Directory>



On 04/27/2011 10:30 PM, JK4 wrote:

Hi Claudio,

  PHP is only set in /etc/php5/apache2/php.ini (or somewhere like this).

  Syslog is used for logging.

  No logging to files.

  The only writeable directory is <installdir>/temp, which is 770 and root:www-data.  Additionally, the mounts have nosuid on there.  However, I would like to relocate the temp dir off to another mount point which is mounted with nosuid,noexec.  Unsure if Roundcube allows for this. Does anyone know?

J. 

On Wed, 27 Apr 2011 21:26:56 +0200, Claudio Kuenzler wrote:

For example for PHP settings, as these can be adjusted for Roundcube in the .htaccess.
If you have a dedicated server for Roundcube then you could also set it all in your php.ini.

What about the log dirs? They must be writable by the web server or do you use syslog?

(sorry jkl for sending this twice, forgot to add RC users list to cc)

On Wed, Apr 27, 2011 at 8:38 PM, JKL <junk4@klunky.co.uk> wrote:
No, I disagree. Why do I need an .htaccess?

All files are either 644 400, and all dirs are either 700 or 755 where
applicable.

All files owned by root.

Please elaborate?

On 04/27/2011 08:01 PM, Michael wrote:
> Hi
>
>   I strongly recommend yo create the .htaccess files to secure your
> installation from unsavoury access.
>
> R e g a r d s
> M i c h a e l  L  G r i f f i n
> Please consider the environment before printing this email
>
> He who play in root,
>            eventually kill tree.
>
>
>
> On 27 April 2011 12:42, J4K <junk4@klunky.co.uk> wrote:
>> On 04/27/2011 12:34 PM, J4K wrote:
>>
>> On 04/22/2011 08:02 PM, Thomas Bruederli wrote:
>>
>> Dear Roundcube users and lovers,
>>
>> We're happy to announce another release of the Roundcube webmail
>> suite. This service update brings some more bug fixes and stability
>> improvements and it includes an updated version of the TinyMCE editor
>> which is now supposed to work correctly in IE9.
>>
>> It is considered stable and we recommend to update all existing
>> Roundcube installation with this release. For a complete list of
>> changes see http://trac.roundcube.net/wiki/Changelog. Packages can be
>> downloaded from the usual place: http://roundcube.net/download
>>
>> Have fun and happy easter,
>> Thomas
>>
>> Hi all,
>>
>>     I just upgraded to 0.5.2. Easy to do.  However, I noticed  that the
>> address book entries have disappeared.
>>
>> The entries are still in the dB, yet RC does not display these.
>>
>> Example:
>> |       5 |
>> |         36 | 2011-04-01 16:32:09 |   1 |
>> lyn.jim@aaa.co.uk
>> | fred.fred@aaaa.co.uk            |           |          | BEGIN:VCARD
>> VERSION:3.0
>> FN:lyn.jim@aaa.co.uk
>> N:;;;;
>> EMAIL;type=INTERNET;type=HOME;type=pref:fred.fred@aaa.co.uk
>> END:VCARD
>>
>> Perhaps the userids are not matching up?
>>
>> | user_id    | int(10) unsigned | NO   | MUL | 0
>> |                |
>>
>> I ought to mend this before the users notice... Hmm.
>>
>> Regards, S
>>
>> By the way, just checked the apache error logs and noticed these:
>>
>> [Wed Apr 27 12:24:31 2011] [crit] [client 11.11.11.11] (13)Permission
>> denied: /www/roundcube/admin/.htaccess pcfg_openfile: unable to check
>> htaccess file, ensure it is readable, referer:
>> https://webmail.xxx.xxx.co.uk/?_task=logout
>>
>> There is no /www/roundcube/admin/.htaccess configured. Why is it trying to
>> access this? Perhaps there I can disable this somewhere as I don't use
>> htaccess files.
>>
>>
>>
>> --
>> List info: http://lists.roundcube.net/users/
>> BT/c4100e82
>>
>>
--
List info: http://lists.roundcube.net/users/
BT/e21360c6