From 3556e4bfda21ad451467ce06f22e52a7c7a5b427 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 31 Jul 2011 23:15:41 +0000 Subject: [PATCH] SUPERADMIN.txt: - replace SQL instructions to create a superadmin with a note about setup.php SECURITY.txt: - add a note about permissions needed by setup.php - add note about templates_c directory git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1157 a1433add-5e2c-0410-b055-b7f2511e0802 --- DOCUMENTS/SECURITY.txt | 9 ++++++++- DOCUMENTS/SUPERADMIN.txt | 29 ++++------------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/DOCUMENTS/SECURITY.txt b/DOCUMENTS/SECURITY.txt index 4188dc33..f3f86861 100644 --- a/DOCUMENTS/SECURITY.txt +++ b/DOCUMENTS/SECURITY.txt @@ -23,6 +23,11 @@ You may wish to consider the following : the vacation_notification table (and read alias and vacation). 3. PostfixAdmin itself needs to be able to READ and WRITE to all the tables. + 4. PostfixAdmin's setup.php additionally needs permissions to CREATE + and ALTER tables in the PostfixAdmin database. For PostgreSQL, also + permissions for CREATE FUNCTION and CREATE TRIGGER are needed. + In other words: setup.php needs all permissions on the PostfixAdmin + database. Using the above, you can improve security by creating separate database user accounts for each of the above roles, and limit @@ -33,5 +38,7 @@ FILE SYSTEM SECURITY -------------------- PostfixAdmin does not require write support on the underlying -filesystem - aside from PHP creating session files. +filesystem with the following exceptions: +- the templates_c directory where Smarty caches the templates +- PHP's session.save_path to store session files diff --git a/DOCUMENTS/SUPERADMIN.txt b/DOCUMENTS/SUPERADMIN.txt index 876b3ad9..0022553f 100644 --- a/DOCUMENTS/SUPERADMIN.txt +++ b/DOCUMENTS/SUPERADMIN.txt @@ -9,29 +9,8 @@ With that login you can create new superadmins (and you should delete or change password of admin@domain.tld). If that user is no longer there or you didn't use the .TXT files, you could add another manually from the database. -(The example uses MySQL, the syntax will be similar for PostgreSQL) +In case you forgot your superadmin username or password, you can create a new +superadmin account using setup.php. -# mysql -Welcome to the MySQL monitor. Commands end with ; or \g. -Your MySQL connection id is 8186 to server version: 5.0.27 - -Type 'help;' or '\h' for help. Type '\c' to clear the buffer. - -mysql> use postfix -Reading table information for completion of table and column names -You can turn off this feature to get a quicker startup with -A - -Database changed -mysql> INSERT INTO domain_admins (username, domain, active) VALUES ('new@domain.tld','ALL','1'); -Query OK, 1 row affected (0.00 sec) - -mysql> INSERT INTO admin (username, password, active) VALUES ('new@domain.tld','$1$0fec9189$bgI6ncWrldPOsXnkUBIjl1','1'); -Query OK, 1 row affected (0.00 sec) - -mysql> exit -Bye - -Then you can log in as new@domain.tld, password: admin - - -(The domain 'ALL' should already exist in the domain table; if not you'll need to recreate it) +If you also have forgotten your setup password, you can use setup.php to configure +a new setup password.