ORACLE在HP-UX下的系列問題處理(30)
2024-08-29 13:40:04
供稿:網友
HP-UX Netscape FastTrackServer with ACL: 拒絕訪問 cgi 文件問題描述
我想通過設置用戶和密碼來限制訪問我的cgi-bin 目錄中的一個特定的cgi 腳本。我試著為cgi腳本向URL中設置了訪問控制,但是仍然是所有的客戶都能訪問該腳本。我應該怎樣能夠限制對這個資源的訪問呢?
我配置了用戶并設置了一個ACL (access control list訪問控制列表),其中有兩個條目:
1. 拒絕任何人訪問cgi 腳本
而且 2.答應特定的用戶訪問cgi,這要在用戶登錄時使用提示符進行提示。
在適當的地方使用訪問控制,可以拒絕所有的用戶的訪問。
但是,當拒絕客戶訪問該資源時,檢查/opt/ns-ftrack/httpd-default/logs/errors 文件,會發現其中顯示了這些錯誤:
[29/APR/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
getter failed to get user
[NSACL4330] ACL_GetAttribute: attr getter failed to get
isvalid-passWord
[NSACL5850] ldap password check: couldn't initialize connection to LDAP.
Reason: Couldn't initialize connection to the local ldap Directory
[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
/cgi-bin/test.cgi
acl-state reports: access of
/opt/docs/cgi-bin/test.cgi denied by ACL path
=/opt/docs/cgi-bin/test.cgi directive 2
我應該怎樣配置服務器使七能夠實現這一點呢?
配置信息
操作系統 - HPUX
版本 - 10.20
硬件系統 - HP 9000
系列 -K460
解決方法
產生這個問題,原因在于對于服務器上的用戶(www/other)來說, userdb 目錄,子目錄和文件的訪問權限錯誤。
請確保/opt/ns-ftrack 中的下列目錄具有下面列出的權限:
dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
而且db 中的文件的權限應該是: -rw-rw---- 1 www other
.........following with all English text ....
HP-UX Netscape FastTrackServer with ACL: denying access to a cgi fileProblem Description
I would like to restrict access to particular cgi script in my cgi-bin directory by user/password. I have tried to set up access
control to the URL for the cgi script, but all clients still have access to the script. How can I restrict access to this resource?
I configured users, and set up an ACL (access control list) with two entries:
1. Deny everyone access to the cgi script, and
2.Allow specific users access to the cgi by authenticating with a prompt for a user login and prompt. With the Access control in place, all users are denied access.
A check of the /opt/ns-ftrack/httpd-default/logs/errors file shows
these errors when the client is denied access to the resource:
[29/Apr/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
getter failed to get user
[NSACL4330] ACL_GetAttribute: attr getter failed to get
isvalid-password
[NSACL5850] ldap password check: couldn't initialize connection
to LDAP.
Reason: Couldn't initialize connection to the local ldap directory
[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
/cgi-bin/test.cgi, acl-state reports: access of
/opt/docs/cgi-bin/test.cgi denied by ACL path
=/opt/docs/cgi-bin/test.cgi directive 2
How can I configure the server for this to work?
Configuration Info
Operating System - HPUX
Version - 10.20
Hardware System - HP 9000
Series - K460
Solution
The problem is caused by improper access permissions to the userdb directory, subdirectories and files by the server user (www/other).
Make sure the following directories under /opt/ns-ftrack have the following permissions:
dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
and files under db should be: -rw-rw-- 1 www other
