From 368ab96688336731107a39003577ee60ccf7f82c Mon Sep 17 00:00:00 2001 From: kink Date: Tue, 23 Aug 2005 17:33:31 +0000 Subject: [PATCH] Remove data/ dir from distribution, update docs accordingly. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9984 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 1 + INSTALL | 21 +++++++++++---------- ReleaseNotes | 10 ++++++++++ config/conf.pl | 11 ++++++----- config/config_default.php | 22 +++++++++++++--------- data/.cvsignore | 3 --- data/.htaccess | 1 - data/index.php | 20 -------------------- 8 files changed, 41 insertions(+), 48 deletions(-) delete mode 100644 data/.cvsignore delete mode 100644 data/.htaccess delete mode 100644 data/index.php diff --git a/ChangeLog b/ChangeLog index 3fa94758..de47fe31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -434,6 +434,7 @@ Version 1.5.1 -- CVS - login_form hook changed from do_hook to concat_hook_function in order to place form elements before login button (#1245070). - Forwarding broken when not using compose in new window (#1222436). + - Drop data/ dir from distributed tarball. Version 1.5.0 - 2 February 2004 ------------------------------- diff --git a/INSTALL b/INSTALL index 11b11d78..e2d08e0f 100644 --- a/INSTALL +++ b/INSTALL @@ -106,13 +106,14 @@ b. Setting up directories directories outside of your web tree. The data directory is used for storing user preferences, like - signature, name and theme. When unpacking the sources this directory - is created as data/ in your SquirrelMail directory. This directory - must be writable by the webserver. If your webserver is running as - the user "nobody" you can fix this by running: + signature, name and theme. You need to create this directory yourself. + Recommended location is under /var, for example: + /var/local/squirrelmail/data + This directory must be writable by the webserver. If your webserver is + running as the user "nobody" and group "nobody" you can fix this by + running: - $ chown -R nobody data - $ chgrp -R nobody data + $ chown -R nobody:nobody /path/to/your/datadir Keep in mind that with different installations, the web server could typically run as userid/groupid of nobody/nobody, nobody/nogroup, @@ -134,8 +135,8 @@ b. Setting up directories $ chmod 730 SomeDirectory If you trust all the users on you system not to read mail they are - not supposed to read change the last line to chmod 777 SomeDirectory - or simply use /tmp as you attachments directory. + not supposed to read, you can simply use /tmp as you attachments + directory. If a user is aborting a mail but has uploaded some attachments to it the files will be lying around in this directory forever if you do not @@ -143,7 +144,7 @@ b. Setting up directories deletes everything in the attachment directory. Something similar to the following will be good enough: - $ cd /var/attach/directory + $ cd /var/local/squirrelmail/attach $ rm -f * However, this will delete attachments that are currently in use by people @@ -157,7 +158,7 @@ b. Setting up directories attachment directory is the same as your data directory) might look like this: - $ rm `find /var/attach/directory -atime +2 | grep -v "\." | grep -v _` + $ rm `find /var/local/squirrelmail/attach -atime +2 | grep -v "\." | grep -v _` Remember to be careful with whatever method you do use, and to test out the command before it potentially wipes out everyone's preferences. diff --git a/ReleaseNotes b/ReleaseNotes index a0f57fc7..3af0c0d5 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -26,6 +26,16 @@ Major updates as well as a new "save replies to the same folder as the original" option. + +Data directory +============== + +The directory data/ used to be included in our tarball. Since placing this +dir under a web accessible directory is not very wise, we've decided to not +pack it anymore; you need to create it yourself. Please choose a location +that's safe, e.g. somewhere under /var. + + Reporting my favorite SquirrelMail 1.4 bug ========================================== diff --git a/config/conf.pl b/config/conf.pl index 24626032..2236d04b 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1921,9 +1921,10 @@ sub command216 { # Data directory sub command33a { print "Specify the location for your data directory.\n"; + print "You need to create this directory yourself.\n"; print "The path name can be absolute or relative (to the config directory).\n"; - print "It doesn't matter. Here are two examples:\n"; - print " Absolute: /var/lib/squirrelmail/data/\n"; + print "Here are two examples:\n"; + print " Absolute: /var/local/squirrelmail/data/\n"; print " Relative: ../data/\n"; print "Relative paths to directories outside of the SquirrelMail distribution\n"; print "will be converted to their absolute path equivalents in config.php.\n\n"; @@ -1952,9 +1953,9 @@ sub command33a { # Attachment directory sub command33b { print "Path to directory used for storing attachments while a mail is\n"; - print "being sent. The path name can be absolute or relative (to the config directory).\n"; - print "It doesn't matter. Here are two examples:\n"; - print " Absolute: /var/spool/squirrelmail/attach/\n"; + print "being composed. The path name can be absolute or relative (to the\n"; + print "config directory). Here are two examples:\n"; + print " Absolute: /var/local/squirrelmail/attach/\n"; print " Relative: ../attach/\n"; print "Relative paths to directories outside of the SquirrelMail distribution\n"; print "will be converted to their absolute path equivalents in config.php.\n\n"; diff --git a/config/config_default.php b/config/config_default.php index 3941f40e..90e8ede0 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -425,21 +425,24 @@ $noselect_fix_enable = false; /** * Path to the data/ directory * + * You need to create this directory yourself (see INSTALL). + * * It is a possible security hole to have a writable directory * under the web server's root directory (ex: /home/httpd/html). - * For this reason, it is possible to put the data directory - * anywhere you would like. The path name can be absolute or - * relative (to the config directory). It doesn't matter. Here - * are two examples: + * The path name can be absolute or relative (to the config directory). + * Here are two examples: * * Absolute: - * $data_dir = '/usr/local/squirrelmail/data/'; + * $data_dir = '/var/local/squirrelmail/data/'; * * Relative (to main SM directory): * $data_dir = SM_PATH . 'data/'; + * (NOT recommended: you need to secure apache to make sure these + * files are not world readable) + * * @global string $data_dir */ -$data_dir = SM_PATH . 'data/'; +$data_dir = '/var/local/squirrelmail/data'; /** * Attachments directory @@ -452,8 +455,9 @@ $data_dir = SM_PATH . 'data/'; * list files in this directory. Confidential data might be laying * around there. * + Since the webserver is not able to list the files in the content - * is also impossible for the webserver to delete files lying around - * there for too long. + * is also impossible for the webserver to delete files lying around + * there for too long. You should have some script that deletes + * left over temp files. * + It should probably be another directory than data_dir. * @global string $attachment_dir */ @@ -1048,4 +1052,4 @@ $config_use_color = 2; * sent and regular output to begin, which will majorly screw * things up when we try to send more headers later. */ -?> \ No newline at end of file +?> diff --git a/data/.cvsignore b/data/.cvsignore deleted file mode 100644 index 739cc461..00000000 --- a/data/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -*.pref -*.abook -*.sig diff --git a/data/.htaccess b/data/.htaccess deleted file mode 100644 index b63d4018..00000000 --- a/data/.htaccess +++ /dev/null @@ -1 +0,0 @@ -Deny from All diff --git a/data/index.php b/data/index.php deleted file mode 100644 index 1203d5ca..00000000 --- a/data/index.php +++ /dev/null @@ -1,20 +0,0 @@ - \ No newline at end of file -- 2.25.1