Thanks Richard. I had set the directories (under the WWW.WWW group) to 775
(rwxrwxr-x), but still have the problem. I've now eliminated the symbolic
link
and built a "real" structure with NO symbolic links. Below is a listing of
the
security on the account/group/directories:
CDA9:listfile /WWW,4
*****************************************
FILE: /WWW/
ACCOUNT ------ READ : ANY
WRITE : ANY
APPEND : ANY
LOCK : ANY
EXECUTE : ANY
GROUP -------- READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
SAVE :
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : NO ACDS
LOCK :
EXECUTE :
FOR MGR.WWW: TD, RD, CD, DD
CDA9:listfile /WWW/WWW,4
*****************************************
FILE: /WWW/WWW/
ACCOUNT ------ READ : ANY
WRITE : ANY
APPEND : ANY
LOCK : ANY
EXECUTE : ANY
GROUP -------- READ : ANY
WRITE : AC
APPEND : AC
LOCK : ANY
EXECUTE : ANY
SAVE : AC
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : NO ACDS
LOCK :
EXECUTE :
FOR MGR.WWW: TD, RD, CD, DD
CDA9:listfile /WWW/WWW/httpd_1.3,4
*****************************************
FILE: /WWW/WWW/httpd_1.3/
ACCOUNT ------ READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
GROUP -------- READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
SAVE :
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : ACD EXISTS
LOCK :
EXECUTE :
FOR MGR.WWW: RACD, TD, RD, CD, DD
CDA9:listfile /WWW/WWW/httpd_1.3,-2
PATH= /WWW/WWW/
------------ACD ENTRIES-------------- FILENAME
$OWNER : TD,RD,CD,DD,RACD httpd_1.3/
$GROUP_MASK : TD,RD,CD,DD,RACD
$GROUP : TD,RD,CD,DD,RACD
@.@ : TD,RD,RACD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs,4
*****************************************
FILE: /WWW/WWW/httpd_1.3/htdocs/
ACCOUNT ------ READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
GROUP -------- READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
SAVE :
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : ACD EXISTS
LOCK :
EXECUTE :
FOR MGR.WWW: RACD, TD, RD, CD, DD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs,-2
PATH= /WWW/WWW/httpd_1.3/
------------ACD ENTRIES-------------- FILENAME
$OWNER : TD,RD,CD,DD,RACD htdocs/
$GROUP_MASK : TD,RD,CD,DD,RACD
$GROUP : TD,RD,CD,DD,RACD
@.@ : TD,RD,RACD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs/network,4
*****************************************
FILE: /WWW/WWW/httpd_1.3/htdocs/network/
ACCOUNT ------ READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
GROUP -------- READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
SAVE :
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : ACD EXISTS
LOCK :
EXECUTE :
FOR MGR.WWW: RACD, TD, RD, CD, DD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs/network,-2
PATH= /WWW/WWW/httpd_1.3/htdocs/
------------ACD ENTRIES-------------- FILENAME
$OWNER : TD,RD,CD,DD,RACD network/
$GROUP_MASK : TD,RD,CD,DD,RACD
$GROUP : TD,RD,CD,DD,RACD
@.@ : TD,RD,RACD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs/network/gif,4
*****************************************
FILE: /WWW/WWW/httpd_1.3/htdocs/network/gif/
ACCOUNT ------ READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
GROUP -------- READ :
WRITE :
APPEND :
LOCK :
EXECUTE :
SAVE :
FILE --------- READ : FCODE: 0
WRITE : **SECURITY IS ON
APPEND : ACD EXISTS
LOCK :
EXECUTE :
FOR MGR.WWW: RACD, TD, RD, CD, DD
CDA9:listfile /WWW/WWW/httpd_1.3/htdocs/network/gif,-2
PATH= /WWW/WWW/httpd_1.3/htdocs/network/
------------ACD ENTRIES-------------- FILENAME
$OWNER : TD,RD,CD,DD,RACD gif/
$GROUP_MASK : TD,RD,CD,DD,RACD
$GROUP : TD,RD,CD,DD,RACD
@.@ : TD,RD,RACD
CDA9:
Do you see anything I'm missing?
Thanks!
John
At 10/26/98 09:08 AM , Richard Gambrell wrote:
>John Korb wrote:
>> The HP 9000 guru suggested that there may be a "traverse directories"
>> problem, but I wasn't aware that TD was a separate attribute that could be
>> set. I'm under the impression that if you have one of: read, write,
>> execute then you have TD. Is this correct? If not, how is TD specified?
>
>Yes, MPE HFS has Traverse directories. It is the "x" part of a directories'
>permissions in a ls -l.
>You need the "x" in *all* directories under the one your interested in.
>The permissions may look like (in a ls -l):
>r-xr-x--x if you don't want to allow read access to anyone. (This example
>does not allow write access to anyone).
>
>You want *all* directories to have --x--x--x (with the -- being replaced by
>whatever you need for read and write).
>
>This assumes ACDs are not set specially in your enviornment.
>
>--
>Richard Gambrell
>Database Administrator and Consultant to Computing Services
>University of Tennessee at Chattanooga, Dept. 4454
>113 Hunter Hall, 615 McCallie Ave. Chattanooga, TN 37403-2598
>UTC e-mail: [log in to unmask] phone: 423-755-4551
>Home e-mail: [log in to unmask]
>
--------------------------------------------------------------
John Korb email: [log in to unmask]
Innovative Software Solutions, Inc.
The thoughts, comments, and opinions expressed herein are mine
and do not reflect those of my employer(s), or anyone else.
|
