[Novalug] Apache permissions help

Jay Hart jhart@kevla.org
Sun Aug 8 15:15:53 EDT 2010


Ok, need some help, big time!!!

Running OpenBSD 4.7, Apache 1.3, Squirrelmail 1.4.21, Mysql 5.1.42, and PHP5
5.2.12.

1. When I start Apache using “httpd –u”  #to disable chroot functionality
and run the Squirrelmail Configtest script, I get the below response:

SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration
and point you to errors whereever it can find them. You need to go run conf.pl
in the config/ directory first before you run this script.
SquirrelMail version:	1.4.21
Config file version:	1.4.0
Config file last modified:	08 August 2010 10:49:10
Checking PHP configuration...
    PHP version 5.2.12 OK.
    Running as www(67) / www(67)
    display_errors:
    error_reporting: 6143
    variables_order OK: GPCS.
    PHP extensions OK. Dynamic loading is enabled.
Checking paths...
    Data dir OK.
    Attachment dir OK.
    Plugins OK.
    Themes OK.
    Default language OK.
    Base URL detected as: http://192.168.1.99/sqmail/src (location base
autodetected)
Checking outgoing mail service....
    SMTP server OK (220 omail.kevla.org ESMTP Postfix)
Checking IMAP service....
    IMAP server ready (* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION]
Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING
for distribution information.)
    Capabilities: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
Checking internationalization (i18n) settings...
     gettext - Gettext functions are available. On some systems you must have
appropriate system locales compiled.
     mbstring - Mbstring functions are available.
     recode - Recode functions are unavailable.
     iconv - Iconv functions are available.
     timezone - Webmail users can change their time zone settings.
Checking database functions...
    not using database functionality.
Congratulations, your SquirrelMail setup looks fine to me!

So everything fine.  I can log into squirrelmail and access mail.

2.	Problem is, this results in only plain text logins which is what I’m trying
to correct, via https login.

3.	When I enable https, via the command “httpd –DSSL”  #(command line command
is apachectl start), which puts Apache in the chroot and allows me to use
https, I get the following response when running the same configtest script
for squirrelmail:

SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration
and point you to errors whereever it can find them. You need to go run conf.pl
in the config/ directory first before you run this script.
SquirrelMail version:	1.4.21
Config file version:	1.4.0
Config file last modified:	08 August 2010 10:49:10
Checking PHP configuration...
    PHP version 5.2.12 OK.
    Running as N/A(67) / N/A(67)
    display_errors:
    error_reporting: 6143
    variables_order OK: GPCS.
    PHP extensions OK. Dynamic loading is enabled.
Checking paths...
    ERROR: Data dir (/var/www/squirrelmail/data/) does not exist!

4.	Clearly, the permissions are not set right, so here are some parameters:

Server name is: omail.kevla.org (not a registered DNS name)

IP address: 192.168.1.99 (for testing purposes, but will live on this subnet
behind my firewall/router)

Apache ServerRoot = /var/www/

Apache DocumentRoot = /var/www/htdocs

Squirrelmail resides at /var/www/htdocs/sqmail

Apache runs as www:www

Sqmail directory ownership is www:www  (all dirs also www:www, including files)

Squirrelmail Data & Attachment directories reside at /var/www/squirrelmail,
user:group is www:www (tried several different combos to fix permission error)

5. I need to fix this, and I’m looking for the following help:
   a.	help fixing the virtualhost section of httpd.conf, (weak area for me)
   b.	help fixing permissions (as shown by the results above)
   c.	etc, etc, etc

I would like to work offlist fixing these if possible, will post final results
back to list.

Thanks in advance,

Jay





More information about the Novalug mailing list