HP3000-L Archives

October 2002, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Apache/Unix security question
From:
Danny van Delft <[log in to unmask]>
Reply To:
Danny van Delft <[log in to unmask]>
Date:
Wed, 16 Oct 2002 02:31:35 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (205 lines) 
 In article <[log in to unmask]>, "Richard Barker"
<[log in to unmask]> wrote:

> Thanks for the help, but still the same problem.
>
> If you will notice the file CRAP, has the correct security, identical to
> the others, yet I can't access that either.  Basically any new files
> that I have generated.  Obviously something must have changed, but
> according to Pos/ix and MPE the files have no extra security, when
> compared to the others.
>
> Also, if I copy one of the valid files in the MPE or Pos/ix, I am able
> to access it.  If I copy one of the blocked files, again I am blocked,
> so there must be some hidden security on the files, that I just can't
> see.
>

Have you checked the "security" settings on the files (listfile,3)? Might
be that all the accessible files are "release"d. To make it interesting,
security on/off isn't always revealed with "ls -l" nor "listfile,acd".



>
>
> -----Original Message-----
> From: Mark Bixby [mailto:[log in to unmask]] Sent: 15 October 2002 22:40 To:
> Richard Barker
> Cc: [log in to unmask]
> Subject: Re: Apache/Unix security question
>
>
> I'm guessing you need to have the $OWNER, $GROUP_MASK, and $GROUP ACD
> entries
> set up for these files.  Now *why* you are missing those entries for the
> 3 particular files I have no idea.
>
> The easiest way to create those POSIX ACD entries is to use the POSIX
> chmod command (aka /bin/chmod or /SYS/HPBIN/CHMOD), i.e.:
>
>         chmod 777 SEP02.DOC
>
> - Mark B.
>
> Richard Barker wrote:
>
>> [Mon Oct 14 06:46:16 2002] [error] [client 10.1.201.20]
>> (48)Implementation-defined error: file permissions deny server access:
>> /APACHE/PUB/htdocs/BILLING/81202166/2002/SEP02.DOC
>>
>>
>>
>> -----Original Message-----
>> From: Mark Bixby [mailto:[log in to unmask]] Sent: 14 October 2002 22:59
>> To: Richard Barker
>> Cc: [log in to unmask]
>> Subject: Re: Apache/Unix security question
>>
>>
>> What does the Apache error_log file have to say?
>>
>> - Mark B.
>>
>> Richard Barker wrote:
>>
>>
>>>Under Apache I have a number of DOC's that people can access, for some
>>>reason I can access all of them, but one or two, that I have generated
>>>recently.
>>>
>>>Under Pos/iX the security is all the same, but under MPE there is a
>>>slight difference:
>>>
>>> ------------ACD ENTRIES-------------- FILENAME
>>>
>>> $OWNER             : R,W,X,RACD       APR01.DOC $GROUP_MASK        :
>>> R,W,X,RACD
>>> $GROUP             : R,W,X,RACD
>>> @.@                : R,W,X,RACD
>>> $OWNER             : R,W,X,RACD       AUG01.DOC $GROUP_MASK        :
>>> R,W,X,RACD
>>> $GROUP             : R,W,X,RACD
>>> @.@                : R,W,X,RACD
>>> $OWNER             : R,W,X,RACD       CRAP.DOC $GROUP_MASK        :
>>> R,W,X,RACD
>>> $GROUP             : R,W,X,RACD
>>> @.@                : R,W,X,RACD
>>> $OWNER             : R,W,X,RACD       MAY02.DOC $GROUP_MASK        :
>>> R,W,X,RACD
>>> $GROUP             : R,W,X,RACD
>>> @.@                : R,W,X,RACD
>>> @.@                : R,W,X,A,L,RACD   SEP02.DOC @.@                :
>>> R,W,X,A,L,RACD   SEPXX.DOC
>>>
>>>
>>>drwxrwxrwx   2 MGR.VIRGIN        APACHE      1280 Oct 14 15:00 .
>>>drwxrwxrwx   3 MGR.VIRGIN        APACHE       416 Feb 20  2002 ..
>>>-rwxrwxrwx   1 ACCT.VIRGIN       APACHE      7600 Apr 18 13:04
>>>APR01.DOC -rwxrwxrwx   1 MGR.VIRGIN        APACHE     11800 Sep 26
>>>10:29 AUG01.DOC -rwxrwxrwx   1 MGR.VIRGIN        APACHE     12200 Oct
>>>14 14:02 CRAP.DOC -rwxrwxrwx   1 MGR.VIRGIN        APACHE      7980 Feb
>>>20  2002 FEB01.DOC -rwxrwxrwx   1 ACCT.VIRGIN       APACHE      7980
>>>Mar  4  2002 FEB02.DOC -rwxrwxrwx   1 MGR.VIRGIN        APACHE 11800
>>>Aug  6 12:29 JULY02.DOC -rwxrwxrwx   1 ACCT.VIRGIN       APACHE
>>>   7790 Apr  4  2002 MAR02.DOC -rwxrwxrwx   1 BILLING.VIRGIN    APACHE
>>>    8740 May 17 18:14 MAY01.DOC -rwxrwxrwx   1 ACCT.VIRGIN       APACHE
>>>     7600 Jun  6 17:44 MAY02.DOC -rwxrwxrwx   1 MGR.VIRGIN
>>>APACHE     12200 Oct 14 14:51 SEP02.DOC -rwxrwxrwx   1 MGR.VIRGIN
>>> APACHE     12200 Oct 14 15:00 SEPXX.DOC
>>>
>>>
>>>
>>>
>>>Now for some reason, via Apache, I can't access SEPXX, SEP02 and also
>>>
>> CRAP,
>>
>>>yet I can access all the others:
>>>
>>>Forbidden
>>>You don't have permission to access /BILLING/81202166/2002/SEPXX.DOC on
>>>
>> this
>>
>>>server.
>>>
>>>
>>>
>>>
>>>
> ----------------------------------------------------------------------------
>>
>>>----
>>>
>>>Apache/1.3.14 Server at 10.1.3.200 Port 80
>>>
>>>
>> --
>> [log in to unmask]
>> Remainder of .sig suppressed to conserve expensive California
>> electrons...
>>
>>
>>
>> ==================================
>> This message contains confidential information and is intended solely
>> for the use of the individual or entity to whom it is addressed. If you
>> are
> not
>> the named addressee you should not disseminate, distribute or copy this
>> email. Please inform the sender immediately if you have received this
> e-mail
>> by mistake and delete this email from your system. Email transmission
> cannot
>> be guaranteed to be secure or error-free as information could be
>> intercepted, corrupted, lost, destroyed, arrive late or be incomplete.
>> The sender therefore does not accept liability for any errors or
>> omissions in the contents of this message, which arise as a result of
>> email
> transmission.
>> If verification is required please request a hard copy version. No
> contracts
>> may be concluded on behalf of Virgin Express SA/NV by means of email
>> communication. Finally, the recipient should check this e-mail and any
>> attachments for the presence of viruses. The company accepts no
>> liability for any damage caused by any virus transmitted by this email.
>> ==================================
>>
>> * To join/leave the list, search archives, change list settings, * *
>> etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>>
>>
>>
>>
>>
> --
> [log in to unmask]
> Remainder of .sig suppressed to conserve expensive California
> electrons...
>
>
>
> ==================================
> This message contains confidential information and is intended solely
> for the use of the individual or entity to whom it is addressed. If you
> are not the named addressee you should not disseminate, distribute or
> copy this email. Please inform the sender immediately if you have
> received this e-mail by mistake and delete this email from your system.
> Email transmission cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive
> late or be incomplete. The sender therefore does not accept liability
> for any errors or omissions in the contents of this message, which arise
> as a result of email transmission. If verification is required please
> request a hard copy version. No contracts may be concluded on behalf of
> Virgin Express SA/NV by means of email communication. Finally, the
> recipient should check this e-mail and any attachments for the presence
> of viruses. The company accepts no liability for any damage caused by
> any virus transmitted by this email. ==================================
>
> * To join/leave the list, search archives, change list settings, * *
> etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2