tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add boxes around security warnings

Browse Source
This commit is contained in:
Unrud 2020-04-18 16:57:10 +02:00
parent 49aa033b1b
commit 215d2c4cd3
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
DOCUMENTATION.md
View File

@ -179,9 +179,10 @@ be changed with the following configuration:
filesystem_folder = /path/to/storage filesystem_folder = /path/to/storage
``` ```
**Security:** The storage folder should not be readable by unauthorized users. > **Security:** The storage folder should not be readable by unauthorized users.
Otherwise, they can read the calendar data and lock the storage. > Otherwise, they can read the calendar data and lock the storage.
You can find OS dependent instructions in the **Running as a service** section. > You can find OS dependent instructions in the
> [Running as a service](#tutorials/running-as-a-service) section.
### Limits ### Limits
@ -217,8 +218,8 @@ The storage folder must be writable by **radicale**. (Run
`mkdir -p /var/lib/radicale/collections && chown -R radicale:radicale /var/lib/radicale/collections` `mkdir -p /var/lib/radicale/collections && chown -R radicale:radicale /var/lib/radicale/collections`
as root.) as root.)
**Security:** The storage should not be readable by others. > **Security:** The storage should not be readable by others.
(Run `chmod -R o= /var/lib/radicale/collections` as root.) > (Run `chmod -R o= /var/lib/radicale/collections` as root.)
Create the file `/etc/systemd/system/radicale.service`: Create the file `/etc/systemd/system/radicale.service`:
@ -308,10 +309,10 @@ prompt. Apply the following configuration:
* I/O redirection * I/O redirection
* Error: `C:\Path\To\Radicale.log` * Error: `C:\Path\To\Radicale.log`
**Security:** Be aware that the service runs in the local system account, > **Security:** Be aware that the service runs in the local system account,
you might want to change this. Managing user accounts is beyond the scope of > you might want to change this. Managing user accounts is beyond the scope of
this manual. Also make sure that the storage folder and log file is not > this manual. Also make sure that the storage folder and log file is not
readable by unauthorized users. > readable by unauthorized users.
The log file might grow very big over time, you can configure file rotation The log file might grow very big over time, you can configure file rotation
in **NSSM** to prevent this. in **NSSM** to prevent this.
@ -393,8 +394,8 @@ RewriteRule ^/radicale$ /radicale/ [R,L]
</Location> </Location>
``` ```
**Security:** Untrusted clients should not be able to access the Radicale > **Security:** Untrusted clients should not be able to access the Radicale
server directly. Otherwise, they can authenticate as any user. > server directly. Otherwise, they can authenticate as any user.
### Secure connection between Radicale and the reverse proxy ### Secure connection between Radicale and the reverse proxy
@ -444,8 +445,8 @@ configuration is used.
Be reminded that Radicale's default configuration enforces limits on the Be reminded that Radicale's default configuration enforces limits on the
maximum upload file size. maximum upload file size.
**Security:** The `None` authentication type disables all rights checking. > **Security:** The `None` authentication type disables all rights checking.
Don't use it with `REMOTE_USER`. Use `remote_user` instead. > Don't use it with `REMOTE_USER`. Use `remote_user` instead.
Example **uWSGI** configuration: Example **uWSGI** configuration: