Solved

change username on server.

Posted on 1997-10-08
1
159 Views
Last Modified: 2013-12-25
I am using Netscape Enterprise Server 2.01 and am trying to implement some restrictions on directorys on the server.



I have three users; guest, pilot, and staff.

I have a directory hierarchy :-

           db_bin
             |
   +---------+----+----+
   |         |         |
index.cgi   html    cgi-bin
             |         |
          +++++++   ++++++++++++-------+---------+
          some      lots of cgi        |         |
          html      scripts        index.cgi   secure
          files                                  |
                                               ++++++
                                               some more
                                               cgi scripts

The security I'm after is :-

None on db_bin so that the index.cgi scripts can be accessed by anyone.

Any of the users (guest, pilot, staff) on cgi-bin, causing a
Username/password prompt from the link off db_bin/index.cgi to
db_bin/cgi-bin/index.cgi.

Only user staff may run cgi's in db_bin/cgi-bin/secure.

To implement this security, I set the server as described.

I was hoping that, if, after logging in a guest to access
db_bin/cgi-bin/index.cgi, the user tries to access scripts in
db_bin/cgi-bin/secure (accessable only to user staff), they would be
prompted for a Username/password again.

This does not happen. The browser is sent the 'Not Found' page.

WRT the problem I posted and your suggestion, I came across the same
problem. I created a symboloc link db_bin/staff that pointed to
db_bin/cgi-bin, hoping that, when I accessed this link, I would be
prompted for Username and password since I was trying to access
db_bin/staff/index.cgi, which only staff may access. This did not
happen. If I logged in as staff, it would work, otherwise, I got the
'Not Found' page.

Have you any suggestions/clues that you can give me to help solve these
problems.
0
Comment
Question by:dwater
1 Comment
 
LVL 4

Accepted Solution

by:
unicorntech earned 50 total points
ID: 1855262
I feel that the answer to the problem would be not in changing permissions or the dir structure - it is more likely to be the fact that enterprise server will return a certain error message for different situation. And rather than presenting a forbidden message or the promt it has been configured to return 400 - not found to all errors. If you run a bad cgi script does the server return this same error code? If so then you need to change the error response code configs. Let me know if this helps,

Regards,

Jason
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
The viewer will learn how to dynamically set the form action using jQuery.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question