On Nov 19, 2009, at 1:26 PM, fakessh@fakessh.eu wrote:
[root@r13151 ~]# ls -All /home/fakessh/public_html/roundcube/ total 92 drwxr-xr-x 2 root root 4096 nov 18 22:10 bin -rw-r--r-- 1 root root 2926 nov 18 22:10 CHANGELOG drwxrwxrwx 2 root root 4096 nov 18 22:36 config -rw-r--r-- 1 root root 9829 nov 18 22:10 index.php -rw-r--r-- 1 root root 7645 nov 18 22:10 INSTALL -rw-r--r-- 1 root root 17987 nov 18 22:10 LICENSE drwxrwxrwx 2 root root 4096 nov 18 22:39 logs drwxr-xr-x 22 root root 4096 nov 18 22:10 plugins drwxr-xr-x 7 root root 4096 nov 18 22:10 program -rw-r--r-- 1 root root 1856 nov 18 22:10 README -rw-r--r-- 1 root root 26 nov 18 22:10 robots.txt drwxr-xr-x 3 root root 4096 nov 18 22:10 skins drwxr-xr-x 2 root root 4096 nov 18 22:10 SQL drwxrwxrwx 2 root root 4096 nov 18 22:10 temp -rw-r--r-- 1 root root 4668 nov 18 22:10 UPGRADING
As a security issue, your config directory is writable by the web
server process. This could allow an attacker to write to your
configuration file from a web script. The permissions on my install
do not allow that.
[chasd@mail roundcube]$ ls -l
<snip> drwxr-xr-x 2 chasd users 4096 2009-11-03 17:18 config
You don't want any user to have access to certain directories, but
allow the web server process to write. This prevents snooping if an
attacker gains access to some other account.
drwxrwxr-x 2 chasd apache 4096 2009-11-16 08:59 logs
drwxrwxr-x 2 chasd apache 4096 2009-11-18 15:26 temp
The log files are owned by the web server process
[chasd@mail roundcube]$ ls -l logs/ -rw-r--r-- 1 apache apache 415 2009-11-16 08:59 errors -rw-r--r-- 1 apache apache 1634 2009-11-18 15:26 sendmail
Yet there was much mail is sent on a problem with php-mcrypt
entitled [RCU] mcrypt issues .
I am not convinced that is your problem, there is no proof from log
file errors. I think it would be best to fix your logging problem first.
I can go through the driver syslogd to try but I do not really know
how to parameterize the otherwise for the moment I have no log
RoundCube writes its errors to the " errors " file in its logs
directory.
PHP writes errors however you have it configured, usually the web
server error log ( /var/log/httpd/error_log ).
Each log provides a different insight into the problem.
You have many options to configure PHP logging in /etc/php.ini, read
it to decide what is best for you. I personally don't like logging
PHP errors to syslog, there is too much other stuff going into that
log already.