In article <[log in to unmask]>, "Richard Barker"
<[log in to unmask]> wrote:
> Thanks for the help, but still the same problem.
>
> If you will notice the file CRAP, has the correct security, identical to
> the others, yet I can't access that either. Basically any new files
> that I have generated. Obviously something must have changed, but
> according to Pos/ix and MPE the files have no extra security, when
> compared to the others.
>
> Also, if I copy one of the valid files in the MPE or Pos/ix, I am able
> to access it. If I copy one of the blocked files, again I am blocked,
> so there must be some hidden security on the files, that I just can't
> see.
>
Have you checked the "security" settings on the files (listfile,3)? Might
be that all the accessible files are "release"d. To make it interesting,
security on/off isn't always revealed with "ls -l" nor "listfile,acd".
>
>
> -----Original Message-----
> From: Mark Bixby [mailto:[log in to unmask]] Sent: 15 October 2002 22:40 To:
> Richard Barker
> Cc: [log in to unmask]
> Subject: Re: Apache/Unix security question
>
>
> I'm guessing you need to have the $OWNER, $GROUP_MASK, and $GROUP ACD
> entries
> set up for these files. Now *why* you are missing those entries for the
> 3 particular files I have no idea.
>
> The easiest way to create those POSIX ACD entries is to use the POSIX
> chmod command (aka /bin/chmod or /SYS/HPBIN/CHMOD), i.e.:
>
> chmod 777 SEP02.DOC
>
> - Mark B.
>
> Richard Barker wrote:
>
>> [Mon Oct 14 06:46:16 2002] [error] [client 10.1.201.20]
>> (48)Implementation-defined error: file permissions deny server access:
>> /APACHE/PUB/htdocs/BILLING/81202166/2002/SEP02.DOC
>>
>>
>>
>> -----Original Message-----
>> From: Mark Bixby [mailto:[log in to unmask]] Sent: 14 October 2002 22:59
>> To: Richard Barker
>> Cc: [log in to unmask]
>> Subject: Re: Apache/Unix security question
>>
>>
>> What does the Apache error_log file have to say?
>>
>> - Mark B.
>>
>> Richard Barker wrote:
>>
>>
>>>Under Apache I have a number of DOC's that people can access, for some
>>>reason I can access all of them, but one or two, that I have generated
>>>recently.
>>>
>>>Under Pos/iX the security is all the same, but under MPE there is a
>>>slight difference:
>>>
>>> ------------ACD ENTRIES-------------- FILENAME
>>>
>>> $OWNER : R,W,X,RACD APR01.DOC $GROUP_MASK :
>>> R,W,X,RACD
>>> $GROUP : R,W,X,RACD
>>> @.@ : R,W,X,RACD
>>> $OWNER : R,W,X,RACD AUG01.DOC $GROUP_MASK :
>>> R,W,X,RACD
>>> $GROUP : R,W,X,RACD
>>> @.@ : R,W,X,RACD
>>> $OWNER : R,W,X,RACD CRAP.DOC $GROUP_MASK :
>>> R,W,X,RACD
>>> $GROUP : R,W,X,RACD
>>> @.@ : R,W,X,RACD
>>> $OWNER : R,W,X,RACD MAY02.DOC $GROUP_MASK :
>>> R,W,X,RACD
>>> $GROUP : R,W,X,RACD
>>> @.@ : R,W,X,RACD
>>> @.@ : R,W,X,A,L,RACD SEP02.DOC @.@ :
>>> R,W,X,A,L,RACD SEPXX.DOC
>>>
>>>
>>>drwxrwxrwx 2 MGR.VIRGIN APACHE 1280 Oct 14 15:00 .
>>>drwxrwxrwx 3 MGR.VIRGIN APACHE 416 Feb 20 2002 ..
>>>-rwxrwxrwx 1 ACCT.VIRGIN APACHE 7600 Apr 18 13:04
>>>APR01.DOC -rwxrwxrwx 1 MGR.VIRGIN APACHE 11800 Sep 26
>>>10:29 AUG01.DOC -rwxrwxrwx 1 MGR.VIRGIN APACHE 12200 Oct
>>>14 14:02 CRAP.DOC -rwxrwxrwx 1 MGR.VIRGIN APACHE 7980 Feb
>>>20 2002 FEB01.DOC -rwxrwxrwx 1 ACCT.VIRGIN APACHE 7980
>>>Mar 4 2002 FEB02.DOC -rwxrwxrwx 1 MGR.VIRGIN APACHE 11800
>>>Aug 6 12:29 JULY02.DOC -rwxrwxrwx 1 ACCT.VIRGIN APACHE
>>> 7790 Apr 4 2002 MAR02.DOC -rwxrwxrwx 1 BILLING.VIRGIN APACHE
>>> 8740 May 17 18:14 MAY01.DOC -rwxrwxrwx 1 ACCT.VIRGIN APACHE
>>> 7600 Jun 6 17:44 MAY02.DOC -rwxrwxrwx 1 MGR.VIRGIN
>>>APACHE 12200 Oct 14 14:51 SEP02.DOC -rwxrwxrwx 1 MGR.VIRGIN
>>> APACHE 12200 Oct 14 15:00 SEPXX.DOC
>>>
>>>
>>>
>>>
>>>Now for some reason, via Apache, I can't access SEPXX, SEP02 and also
>>>
>> CRAP,
>>
>>>yet I can access all the others:
>>>
>>>Forbidden
>>>You don't have permission to access /BILLING/81202166/2002/SEPXX.DOC on
>>>
>> this
>>
>>>server.
>>>
>>>
>>>
>>>
>>>
> ----------------------------------------------------------------------------
>>
>>>----
>>>
>>>Apache/1.3.14 Server at 10.1.3.200 Port 80
>>>
>>>
>> --
>> [log in to unmask]
>> Remainder of .sig suppressed to conserve expensive California
>> electrons...
>>
>>
>>
>> ==================================
>> This message contains confidential information and is intended solely
>> for the use of the individual or entity to whom it is addressed. If you
>> are
> not
>> the named addressee you should not disseminate, distribute or copy this
>> email. Please inform the sender immediately if you have received this
> e-mail
>> by mistake and delete this email from your system. Email transmission
> cannot
>> be guaranteed to be secure or error-free as information could be
>> intercepted, corrupted, lost, destroyed, arrive late or be incomplete.
>> The sender therefore does not accept liability for any errors or
>> omissions in the contents of this message, which arise as a result of
>> email
> transmission.
>> If verification is required please request a hard copy version. No
> contracts
>> may be concluded on behalf of Virgin Express SA/NV by means of email
>> communication. Finally, the recipient should check this e-mail and any
>> attachments for the presence of viruses. The company accepts no
>> liability for any damage caused by any virus transmitted by this email.
>> ==================================
>>
>> * To join/leave the list, search archives, change list settings, * *
>> etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>>
>>
>>
>>
>>
> --
> [log in to unmask]
> Remainder of .sig suppressed to conserve expensive California
> electrons...
>
>
>
> ==================================
> This message contains confidential information and is intended solely
> for the use of the individual or entity to whom it is addressed. If you
> are not the named addressee you should not disseminate, distribute or
> copy this email. Please inform the sender immediately if you have
> received this e-mail by mistake and delete this email from your system.
> Email transmission cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive
> late or be incomplete. The sender therefore does not accept liability
> for any errors or omissions in the contents of this message, which arise
> as a result of email transmission. If verification is required please
> request a hard copy version. No contracts may be concluded on behalf of
> Virgin Express SA/NV by means of email communication. Finally, the
> recipient should check this e-mail and any attachments for the presence
> of viruses. The company accepts no liability for any damage caused by
> any virus transmitted by this email. ==================================
>
> * To join/leave the list, search archives, change list settings, * *
> etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|