Removed one line left over from copied code

[squirrelmail.git] / INSTALL

diff --git a/INSTALL b/INSTALL
index 11b11d78aeb9a6595e99e36028d019681543ca90..921107f6d685f039082e10831d0c9efabe50ad74 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -69,6 +69,10 @@ Each of these steps is covered in detail below.
     Required for Japanese translation. Optional for translations that
     use non-ISO-8859-1 charset
 
     Required for Japanese translation. Optional for translations that
     use non-ISO-8859-1 charset
 

+  It is highly advised to NOT turn on register_globals, as this can lead
+  to security holes. If you must use register_globals for some applications,
+  turn it on locally for only those directories, or turn it off for the
+  SquirrelMail folder.

   If you want your users to attach files to their mails, make sure
   File Uploads in php.ini is set to On.
 
   If you want your users to attach files to their mails, make sure
   File Uploads in php.ini is set to On.
 


@@ -106,13 +110,14 @@ b. Setting up directories
   directories outside of your web tree.
 
   The data directory is used for storing user preferences, like
   directories outside of your web tree.
 
   The data directory is used for storing user preferences, like

-  signature, name and theme. When unpacking the sources this directory
-  is created as data/ in your SquirrelMail directory. This directory
-  must be writable by the webserver. If your webserver is running as
-  the user "nobody" you can fix this by running:
+  signature, name and theme. You need to create this directory yourself.
+  Recommended location is under /var, for example:
+  /var/local/squirrelmail/data
+  This directory must be writable by the webserver. If your webserver is
+  running as the user "nobody" and group "nobody" you can fix this by
+  running:

 
 

-    $ chown -R nobody data
-    $ chgrp -R nobody data
+    $ chown -R nobody:nobody /var/local/squirrelmail/data

 
   Keep in mind that with different installations, the web server could
   typically run as userid/groupid of nobody/nobody, nobody/nogroup,
 
   Keep in mind that with different installations, the web server could
   typically run as userid/groupid of nobody/nobody, nobody/nogroup,


@@ -123,19 +128,19 @@ b. Setting up directories
   before they are sent. Since personal mail is stored in this
   directory you might want to be a bit careful about how you set it
   up. It should be owned by another user than the webserver is running
   before they are sent. Since personal mail is stored in this
   directory you might want to be a bit careful about how you set it
   up. It should be owned by another user than the webserver is running

-  as (root might be a good choice) and the webserver should have write
-  and execute permissions on the directory, but should not have read
+  as (root might be a good choice) and the webserver should have directory
+  write and execute permissions, but should not have read

   permissions. You could do this by running these commands (still
   permissions. You could do this by running these commands (still

-  granted that the webserver is running as nobody/nobody)
+  granted that the webserver is running as nobody/nobody):

 
 

-    $ cd /var/some/place
-    $ mkdir SomeDirectory
-    $ chgrp -R nobody SomeDirectory
-    $ chmod 730 SomeDirectory
+    $ cd /var/local/squirrelmail/
+    $ mkdir attach
+    $ chgrp -R nobody attach
+    $ chmod 730 attach

 
 

-  If you trust all the users on you system not to read mail they are
-  not supposed to read change the last line to chmod 777 SomeDirectory
-  or simply use /tmp as you attachments directory.
+  If you trust all the users at your system not to read mail they are
+  not supposed to read, you can simply use /tmp as you attachments
+  directory.

 
   If a user is aborting a mail but has uploaded some attachments to it
   the files will be lying around in this directory forever if you do not
 
   If a user is aborting a mail but has uploaded some attachments to it
   the files will be lying around in this directory forever if you do not


@@ -143,7 +148,7 @@ b. Setting up directories
   deletes everything in the attachment directory.  Something similar
   to the following will be good enough:
 
   deletes everything in the attachment directory.  Something similar
   to the following will be good enough:
 

-    $ cd /var/attach/directory
+    $ cd /var/local/squirrelmail/attach

     $ rm -f *
 
   However, this will delete attachments that are currently in use by people
     $ rm -f *
 
   However, this will delete attachments that are currently in use by people


@@ -157,24 +162,27 @@ b. Setting up directories
   attachment directory is the same as your data directory) might look like
   this:
 
   attachment directory is the same as your data directory) might look like
   this:
 

-    $ rm `find /var/attach/directory -atime +2 | grep -v "\." | grep -v _`
+    $ rm `find /var/local/squirrelmail/attach -atime +2 | grep -v "\." | grep -v _`

 
   Remember to be careful with whatever method you do use, and to test out
   the command before it potentially wipes out everyone's preferences.
 
 c. Setting up SquirrelMail
 
 
   Remember to be careful with whatever method you do use, and to test out
   the command before it potentially wipes out everyone's preferences.
 
 c. Setting up SquirrelMail
 

-  There are two ways to configure SquirrelMail.  In the config/ directory,
+  There are three ways to configure SquirrelMail.  In the config/ directory,

   there is a perl script called conf.pl that will aid you in the
   configuration process.  This is the recommended way of handling
   the config.
 
   there is a perl script called conf.pl that will aid you in the
   configuration process.  This is the recommended way of handling
   the config.
 

+  There's also a plugin called 'administrator' for the webinterface but you'll
+  have to be able to at least log in to SquirrelMail first.
+

   You can also copy the config/config_default.php file to config/config.php
   and edit that manually.
 
   After you've created a configuration, you can use your webbrowser to
   browse to http://your-squirrelmail-location/src/configtest.php.
   You can also copy the config/config_default.php file to config/config.php
   and edit that manually.
 
   After you've created a configuration, you can use your webbrowser to
   browse to http://your-squirrelmail-location/src/configtest.php.

-  This will perform some basic checks on your config to make sure
+  This will perform some basic checks on your configuration to make sure

   everything works like it should.
 
 
   everything works like it should.
 
 


@@ -210,11 +218,11 @@ c. Setting up SquirrelMail
 
   Each translation contains an install script that copies the required files
   into their appropriate locations. If you can't run that script, you can
 
   Each translation contains an install script that copies the required files
   into their appropriate locations. If you can't run that script, you can

-  extract the contents of translation packages into your SquirrelMail
+  extract the contents of a translation package into your SquirrelMail

   directory.
 
   NOTE No.1: *-src.tar.gz, *-src.tar.bz2 and *-src.zip archives do not contain
   directory.
 
   NOTE No.1: *-src.tar.gz, *-src.tar.bz2 and *-src.zip archives do not contain

-  compiled translation files. You will need to run the compilelocales script
+  compiled translation files. You will need to run the "compilelocales" script

   in order to get all gettext binary translations.
 
   NOTE No.2: You might need to restart your webserver before using translations.
   in order to get all gettext binary translations.
 
   NOTE No.2: You might need to restart your webserver before using translations.


@@ -235,7 +243,7 @@ c. Setting up SquirrelMail
     configuration files are optional. See README files in plugin directories.
   * squirrelspell
     configuration is stored in plugins/squirrelspell/sqspell_config.php
     configuration files are optional. See README files in plugin directories.
   * squirrelspell
     configuration is stored in plugins/squirrelspell/sqspell_config.php

-    Default configuration might not work on your server.
+    The default configuration might not work at your server.

   * administrator
     plugin must be setup correctly in order to detect administrative user.
     See plugins/administrator/INSTALL
   * administrator
     plugin must be setup correctly in order to detect administrative user.
     See plugins/administrator/INSTALL