From 9aed954068a73eaaab38e3c9c261b9cde01c655d Mon Sep 17 00:00:00 2001 From: Maksim Usmanov | Maks Date: Thu, 16 Feb 2017 22:13:48 +0100 Subject: [PATCH] Fix permission ( security issue ) In my debian 8 installs always /etc/roundcube/debian-db-roundcube.php has 644 /etc/roundcube/config.inc.php its ok But both files has roundcube mysql passwords and any one can read it. I not know why are two files whit passwords one have correct permisions but fix bot I apply also for debian 7 but not sure if is affected --- install/vst-install-debian.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index f0080ba3..4237f4f5 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1088,6 +1088,9 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then fi wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + chmod 640 /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/config.inc.php + chown root:www-data /etc/roundcube/debian-db-roundcube.php wget $vestacp/roundcube/vesta.php -O \ /usr/share/roundcube/plugins/password/drivers/vesta.php wget $vestacp/roundcube/config.inc.php -O \ @@ -1102,7 +1105,9 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$release" -eq 8 ]; then mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php - + chmod 640 /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/config.inc.php + chown root:www-data /etc/roundcube/debian-db-roundcube.php # RoundCube tinyMCE fix tinymceFixArchiveURL=$vestacp/roundcube/roundcube-tinymce.tar.gz tinymceParentFolder=/usr/share/roundcube/program/js