We help IT Professionals succeed at work.

change username on server.

dwater
dwater asked
on
Medium Priority
181 Views
Last Modified: 2013-12-25
I am using Netscape Enterprise Server 2.01 and am trying to implement some restrictions on directorys on the server.



I have three users; guest, pilot, and staff.

I have a directory hierarchy :-

           db_bin
             |
   +---------+----+----+
   |         |         |
index.cgi   html    cgi-bin
             |         |
          +++++++   ++++++++++++-------+---------+
          some      lots of cgi        |         |
          html      scripts        index.cgi   secure
          files                                  |
                                               ++++++
                                               some more
                                               cgi scripts

The security I'm after is :-

None on db_bin so that the index.cgi scripts can be accessed by anyone.

Any of the users (guest, pilot, staff) on cgi-bin, causing a
Username/password prompt from the link off db_bin/index.cgi to
db_bin/cgi-bin/index.cgi.

Only user staff may run cgi's in db_bin/cgi-bin/secure.

To implement this security, I set the server as described.

I was hoping that, if, after logging in a guest to access
db_bin/cgi-bin/index.cgi, the user tries to access scripts in
db_bin/cgi-bin/secure (accessable only to user staff), they would be
prompted for a Username/password again.

This does not happen. The browser is sent the 'Not Found' page.

WRT the problem I posted and your suggestion, I came across the same
problem. I created a symboloc link db_bin/staff that pointed to
db_bin/cgi-bin, hoping that, when I accessed this link, I would be
prompted for Username and password since I was trying to access
db_bin/staff/index.cgi, which only staff may access. This did not
happen. If I logged in as staff, it would work, otherwise, I got the
'Not Found' page.

Have you any suggestions/clues that you can give me to help solve these
problems.
Comment
Watch Question

I feel that the answer to the problem would be not in changing permissions or the dir structure - it is more likely to be the fact that enterprise server will return a certain error message for different situation. And rather than presenting a forbidden message or the promt it has been configured to return 400 - not found to all errors. If you run a bad cgi script does the server return this same error code? If so then you need to change the error response code configs. Let me know if this helps,

Regards,

Jason

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.