X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=INSTALL;h=921107f6d685f039082e10831d0c9efabe50ad74;hp=049f6e67fcc29f71aa061abd23495d71a78117d6;hb=4e655787027a17ca84ed5c5eb65b801b31a01ba9;hpb=86bb50f8dab8ee19d158fb563eaa8ba22845059e

diff --git a/INSTALL b/INSTALL
index 049f6e67..921107f6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -69,6 +69,10 @@ Each of these steps is covered in detail below.
     Required for Japanese translation. Optional for translations that
     use non-ISO-8859-1 charset
 
+  It is highly advised to NOT turn on register_globals, as this can lead
+  to security holes. If you must use register_globals for some applications,
+  turn it on locally for only those directories, or turn it off for the
+  SquirrelMail folder.
   If you want your users to attach files to their mails, make sure
   File Uploads in php.ini is set to On.
 
@@ -113,7 +117,7 @@ b. Setting up directories
   running as the user "nobody" and group "nobody" you can fix this by
   running:
 
-    $ chown -R nobody:nobody /path/to/your/datadir
+    $ chown -R nobody:nobody /var/local/squirrelmail/data
 
   Keep in mind that with different installations, the web server could
   typically run as userid/groupid of nobody/nobody, nobody/nogroup,
@@ -124,17 +128,17 @@ b. Setting up directories
   before they are sent. Since personal mail is stored in this
   directory you might want to be a bit careful about how you set it
   up. It should be owned by another user than the webserver is running
-  as (root might be a good choice) and the webserver should have write
-  and execute permissions on the directory, but should not have read
+  as (root might be a good choice) and the webserver should have directory
+  write and execute permissions, but should not have read
   permissions. You could do this by running these commands (still
-  granted that the webserver is running as nobody/nobody)
+  granted that the webserver is running as nobody/nobody):
 
-    $ cd /var/some/place
-    $ mkdir SomeDirectory
-    $ chgrp -R nobody SomeDirectory
-    $ chmod 730 SomeDirectory
+    $ cd /var/local/squirrelmail/
+    $ mkdir attach
+    $ chgrp -R nobody attach
+    $ chmod 730 attach
 
-  If you trust all the users on you system not to read mail they are
+  If you trust all the users at your system not to read mail they are
   not supposed to read, you can simply use /tmp as you attachments
   directory.
 
@@ -178,7 +182,7 @@ c. Setting up SquirrelMail
 
   After you've created a configuration, you can use your webbrowser to
   browse to http://your-squirrelmail-location/src/configtest.php.
-  This will perform some basic checks on your config to make sure
+  This will perform some basic checks on your configuration to make sure
   everything works like it should.
 
 
@@ -239,7 +243,7 @@ c. Setting up SquirrelMail
     configuration files are optional. See README files in plugin directories.
   * squirrelspell
     configuration is stored in plugins/squirrelspell/sqspell_config.php
-    Default configuration might not work on your server.
+    The default configuration might not work at your server.
   * administrator
     plugin must be setup correctly in order to detect administrative user.
     See plugins/administrator/INSTALL