Solved

change username on server.

Posted on 1997-10-08
1
160 Views
Last Modified: 2013-12-25
I am using Netscape Enterprise Server 2.01 and am trying to implement some restrictions on directorys on the server.



I have three users; guest, pilot, and staff.

I have a directory hierarchy :-

           db_bin
             |
   +---------+----+----+
   |         |         |
index.cgi   html    cgi-bin
             |         |
          +++++++   ++++++++++++-------+---------+
          some      lots of cgi        |         |
          html      scripts        index.cgi   secure
          files                                  |
                                               ++++++
                                               some more
                                               cgi scripts

The security I'm after is :-

None on db_bin so that the index.cgi scripts can be accessed by anyone.

Any of the users (guest, pilot, staff) on cgi-bin, causing a
Username/password prompt from the link off db_bin/index.cgi to
db_bin/cgi-bin/index.cgi.

Only user staff may run cgi's in db_bin/cgi-bin/secure.

To implement this security, I set the server as described.

I was hoping that, if, after logging in a guest to access
db_bin/cgi-bin/index.cgi, the user tries to access scripts in
db_bin/cgi-bin/secure (accessable only to user staff), they would be
prompted for a Username/password again.

This does not happen. The browser is sent the 'Not Found' page.

WRT the problem I posted and your suggestion, I came across the same
problem. I created a symboloc link db_bin/staff that pointed to
db_bin/cgi-bin, hoping that, when I accessed this link, I would be
prompted for Username and password since I was trying to access
db_bin/staff/index.cgi, which only staff may access. This did not
happen. If I logged in as staff, it would work, otherwise, I got the
'Not Found' page.

Have you any suggestions/clues that you can give me to help solve these
problems.
0
Comment
Question by:dwater
1 Comment
 
LVL 4

Accepted Solution

by:
unicorntech earned 50 total points
ID: 1855262
I feel that the answer to the problem would be not in changing permissions or the dir structure - it is more likely to be the fact that enterprise server will return a certain error message for different situation. And rather than presenting a forbidden message or the promt it has been configured to return 400 - not found to all errors. If you run a bad cgi script does the server return this same error code? If so then you need to change the error response code configs. Let me know if this helps,

Regards,

Jason
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question