From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/password/README |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/plugins/password/README b/plugins/password/README
index b883211..88cc849 100644
--- a/plugins/password/README
+++ b/plugins/password/README
@@ -46,6 +46,7 @@
  2.20. Plesk (Plesk RPC-API)
  2.21. Kpasswd
  3. Driver API
+ 4. Sudo setup
 
 
  1. Configuration
@@ -348,3 +349,17 @@
  PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
  Extended result (as a hash-array with 'message' and 'code' items) can be returned
  too. See existing drivers in drivers/ directory for examples.
+
+ 4. Sudo setup
+ -------------
+
+ Some drivers that execute system commands (like chpasswd) require use of sudo command.
+ Here's a sample for CentOS 7:
+
+ # cat <<END >/etc/sudoers.d/99-roundcubemail
+ apache ALL=NOPASSWD:/usr/sbin/chpasswd
+ Defaults:apache !requiretty
+ <<END
+
+ Note: on different systems the username (here 'apache') may be different, e.g. www.
+ Note: on some systems the disabling tty line may not be needed.

--
Gitblit v1.9.1