HP-UX Netscape FastTrackServer with ACL: 拒绝访问 cgi 文件问题描述
我想通过设置用户和密码来限制访问我的cgi-bin 目录中的一个特定的cgi 脚本。我试着为cgi脚本向URL中设置了访问控制,但是仍然是所有的客户都能访问该脚本。我应该怎样能够限制对这个资源的访问呢?
我配置了用户并设置了一个ACL (access control list访问控制列表),其中有两个条目:
1. 拒绝任何人访问cgi 脚本
而且 2.允许特定的用户访问cgi,这要在用户登录时使用提示符进行提示。
在适当的地方使用访问控制,可以拒绝所有的用户的访问。
但是,当拒绝客户访问该资源时,检查/opt/ns-ftrack/httpd-default/logs/errors 文件,会发现其中显示了这些错误:
[29/Apr/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
getter failed to get user
[NSACL4330] ACL_GetAttribute: attr getter failed to get
isvalid-password
[NSACL5850] ldap password check: couldn't initialize connection to LDAP.
Reason: Couldn't initialize connection to the local ldap directory
[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
/cgi-bin/test.cgi
acl-state reports: access of
/opt/docs/cgi-bin/test.cgi denied by ACL path
=/opt/docs/cgi-bin/test.cgi directive 2
我应该怎样配置服务器使七能够实现这一点呢?
配置信息
操作系统 - HPUX
版本 - 10.20
硬件系统 - HP 9000
系列 -K460
解决方法
产生这个问题,原因在于对于服务器上的用户(www/other)来说, userdb 目录,子目录和文件的访问权限错误。
请确保/opt/ns-ftrack 中的下列目录具有下面列出的权限:
dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
而且db 中的文件的权限应该是: -rw-rw---- 1 www other
.........following with all English text ....
HP-UX Netscape FastTrackServer with ACL: denying access to a cgi fileProblem Description
I would like to restrict access to particular cgi script in my cgi-bin directory by user/password. I have tried to set up access
control to the URL for the cgi script, but all clients still have access to the script. How can I restrict access to this resource?
I configured users, and set up an ACL (access control list) with two entries:
1. Deny everyone access to the cgi script, and
2.Allow specific users access to the cgi by authenticating with a prompt for a user login and prompt. With the Access control in place, all users are denied access.
A check of the /opt/ns-ftrack/httpd-default/logs/errors file shows
these errors when the client is denied access to the resource:
[29/Apr/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
getter failed to get user
[NSACL4330] ACL_GetAttribute: attr getter failed to get
isvalid-password
[NSACL5850] ldap password check: couldn't initialize connection
to LDAP.
Reason: Couldn't initialize connection to the local ldap directory
[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
/cgi-bin/test.cgi, acl-state reports: access of
/opt/docs/cgi-bin/test.cgi denied by ACL path
=/opt/docs/cgi-bin/test.cgi directive 2
How can I configure the server for this to work?
Configuration Info
Operating System - HPUX
Version - 10.20
Hardware System - HP 9000
Series - K460
Solution
The problem is caused by improper access permissions to the userdb directory, subdirectories and files by the server user (www/other).
Make sure the following directories under /opt/ns-ftrack have the following permissions:
dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
and files under db should be: -rw-rw-- 1 www other