From dfdaf8d80e63ae4c30dfca34140ed3328e949f17 Mon Sep 17 00:00:00 2001
From: Maksim Usmanov | Maks <skamasle@gmail.com>
Date: Thu, 16 Feb 2017 22:11:29 +0100
Subject: [PATCH] Fix permissions issue ( security )

Same issue happen in debian, in my centos 6 installs always get /etc/roundcubemail/config.inc.php whit 644 whit roundcube password exposed.

In centos bad user:group is asigned so also fixed

This will be fixed in general update in current installed vestacp servers.
---
 install/vst-install-rhel.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh
index 7b8e4d85..dd3a12d3 100755
--- a/install/vst-install-rhel.sh
+++ b/install/vst-install-rhel.sh
@@ -1171,6 +1171,8 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
     mysql -e "CREATE DATABASE roundcube"
     mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'"
     sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php
+    chmod 640 /etc/roundcubemail/config.inc.php
+    chown root:apache /etc/roundcubemail/config.inc.php
     if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then
         mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql
     else