change username on server.

I am using Netscape Enterprise Server 2.01 and am trying to implement some restrictions on directorys on the server.



I have three users; guest, pilot, and staff.

I have a directory hierarchy :-

           db_bin
             |
   +---------+----+----+
   |         |         |
index.cgi   html    cgi-bin
             |         |
          +++++++   ++++++++++++-------+---------+
          some      lots of cgi        |         |
          html      scripts        index.cgi   secure
          files                                  |
                                               ++++++
                                               some more
                                               cgi scripts

The security I'm after is :-

None on db_bin so that the index.cgi scripts can be accessed by anyone.

Any of the users (guest, pilot, staff) on cgi-bin, causing a
Username/password prompt from the link off db_bin/index.cgi to
db_bin/cgi-bin/index.cgi.

Only user staff may run cgi's in db_bin/cgi-bin/secure.

To implement this security, I set the server as described.

I was hoping that, if, after logging in a guest to access
db_bin/cgi-bin/index.cgi, the user tries to access scripts in
db_bin/cgi-bin/secure (accessable only to user staff), they would be
prompted for a Username/password again.

This does not happen. The browser is sent the 'Not Found' page.

WRT the problem I posted and your suggestion, I came across the same
problem. I created a symboloc link db_bin/staff that pointed to
db_bin/cgi-bin, hoping that, when I accessed this link, I would be
prompted for Username and password since I was trying to access
db_bin/staff/index.cgi, which only staff may access. This did not
happen. If I logged in as staff, it would work, otherwise, I got the
'Not Found' page.

Have you any suggestions/clues that you can give me to help solve these
problems.
dwaterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

unicorntechCommented:
I feel that the answer to the problem would be not in changing permissions or the dir structure - it is more likely to be the fact that enterprise server will return a certain error message for different situation. And rather than presenting a forbidden message or the promt it has been configured to return 400 - not found to all errors. If you run a bad cgi script does the server return this same error code? If so then you need to change the error response code configs. Let me know if this helps,

Regards,

Jason
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.