1. After the Installation

1.1 Security

At this moment in the installation process, SyndeoCMS is not secure! Both Windows and Linux users should remove the contents of the ./starnet/install directory. If this is not done, someone can do a new installation and ruin your site!
The remainder of this section is only applicable to Linux users or those users who host their schoolsite at an ISP (Internet Service Provider) that uses a *nix server.

Possible file permisssions table

Permission
SyndeoCMS directory
File upload SyndeoCMS Visible on web FTP/Plesk
view directory
FTP/Plesk
file delete
File
permision
0700 yes yes no no 644
0750 yes yes no no 644
0755 yes yes yes no 644
0770 yes yes no no 644
0777 yes yes yes yes 644

Plesk = Multi-platform control panel for service providers, often used by users to manage their website.
FTP = File Transfer Protocol

Now, let's be practical. After a successfull installation, as a minimum you have to secure the /starnet/configurationn/database.inc.php file. During the installation this file's permissions were set to 0777. This means that everyone can see the loginname and password of your database.
To ensure the file is not world readable, change its permissions to 0400 (best) or 0640.
As root, go to the ./starnet/configuration/ directory and perform the following command:

# chmod 0400 database.inc.php

Check if your file has the right permissions with the 'ls -l' command. Here are some examples:

-rw-rw-rw-    1 www www     416 2004-10-28 20:13 database.inc.php

This is VERY INSECURE! The content of the database.inc.php file is world readable. A cracker can find yor database password and do bad things.

-r--------     1 www www     416 2004-10-28 20:13 database.inc.php

This is secure. The file where the username and password of the database are kept cannot be seen by the outside world. The permission 0400 indicates that the file is only readable by the user 'www'.
If SyndeoCMS does not function with this tight permission, set it to 0640 and try again.

When you have SyndeoCMS hosted at an ISP, ask them for the securest permissions. By now you we assume you will have understand that a permissions ending on 7, 6, or 4 are absolutely unacceptable for the file database.inc.php. Acceptable are 0640 or 0660.

More security is needed. However, other files and directories need less tight permissions in order to upload files etcetera.
As root, go the document root and perform the following commands:

# chmod -R 0755 ./starnet/*  
# chmod -R 0755 index.php

This will give all SyndeoCMS files and directories the reasonalble thight permissions.

To end we give a few tips to get thighter permissions.

NOTICE: It's a good idea to check the ownership of the httpd root directory 'htdocs' for example. It should have 0750 permissions and be owned by the webserver.

Do not forget to delete the contents of the /starnet/install directory.
And, last but not least, as a final check it's a good idea to run /starnet/syndeo_check.php. See SyndeoCMS check.

1.2 PHP Mail function

On some servers the PHP mail function can be disabled. You can check this by running the syndeo_check script see: SyndeoCMS check below. At the bottom of the page you find an email send option. You can send the email to yourself to check if sending emails works properly.

If the mailing doesn't work you can use SMTP , then you need to change the file /starnet/core/class.phpmailer.php with the following:

line 109:	var $Mailer      = "smtp"; 
line 142: var $Hostname = "syndeo.user";
line 156: var $Host = "mail.ourserver.org";
line 174: var $SMTPAuth = true;
line 180: var $Username = "john"; // SMTP username
line 186: var $Password = "secret"; // SMTP password

Change the values of $Host, $Username and $Password according to your site , you may have to contact your provider/server administrator.