ORACLE在HP-UX下的系列问题处理(30)

　　HP-UX Netscape FastTrackServer with ACL: 拒绝访问 cgi 文件问题描述
　　
　　我想通过设置用户和密码来限制访问我的cgi-bin 目录中的一个特定的cgi 脚本。我试着为cgi脚本向URL中设置了访问控制，但是仍然是所有的客户都能访问该脚本。我应该怎样能够限制对这个资源的访问呢?
　　
　　我配置了用户并设置了一个ACL (Access control list访问控制列表)，其中有两个条目:
　　1. 拒绝任何人访问cgi 脚本
　　而且 2.答应特定的用户访问cgi，这要在用户登录时使用提示符进行提示。
　　在适当的地方使用访问控制，可以拒绝所有的用户的访问。
　　但是，当拒绝客户访问该资源时，检查/opt/ns-ftrack/httpd-default/logs/errors 文件，会发现其中显示了这些错误:
　　
　　[29/Apr/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
　　getter failed to get user
　　[NSACL4330] ACL_GetAttribute: attr getter failed to get
　　isvalid-passWord
　　[NSACL5850] ldap password check: couldn't initialize connection to LDAP.
　　Reason: Couldn't initialize connection to the local ldap Directory
　　[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
　　/cgi-bin/test.cgi
　　acl-state reports: access of
　　/opt/docs/cgi-bin/test.cgi denied by ACL path
　　=/opt/docs/cgi-bin/test.cgi directive 2
　　
　　我应该怎样配置服务器使七能够实现这一点呢?
　　
　　配置信息
　　
　　操作系统 - HPUX
　　版本 - 10.20
　　硬件系统 - HP 9000
　　系列 -K460
　　
　　解决方法
　　
　　产生这个问题，原因在于对于服务器上的用户(www/other)来说， userdb 目录，子目录和文件的访问权限错误。
　　请确保/opt/ns-ftrack 中的下列目录具有下面列出的权限:
　　
　　dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
　　dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
　　dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
　　
　　而且db 中的文件的权限应该是: -rw-rw---- 1 www other
　　
　　.........following with all English text ....
　　HP-UX Netscape FastTrackServer with ACL: denying access to a cgi fileProblem Description
　　
　　I would like to restrict access to particular cgi script in my cgi-bin directory by user/password. I have tried to set up access
　　control to the URL for the cgi script, but all clients still have access to the script. How can I restrict access to this resource?
　　
　　I configured users, and set up an ACL (access control list) with two entries:
　　1. Deny everyone access to the cgi script, and
　　2.Allow specific users access to the cgi by authenticating with a prompt for a user login and prompt. With the Access control in place, all users are denied access.
　　
　　A check of the /opt/ns-ftrack/httpd-default/logs/errors file shows
　　these errors when the client is denied access to the resource:
　　
　　[29/Apr/1998:15:13:51] security: [NSACL4330] ACL_GetAttribute: attr
　　getter failed to get user
　　[NSACL4330] ACL_GetAttribute: attr getter failed to get
　　isvalid-password
　　[NSACL5850] ldap password check: couldn't initialize connection
　　to LDAP.
　　Reason: Couldn't initialize connection to the local ldap directory
　　[29/Apr/1998:15:13:51] security: for host 15.3.32.18 trying to GET
　　/cgi-bin/test.cgi, acl-state reports: access of
　　/opt/docs/cgi-bin/test.cgi denied by ACL path
　　=/opt/docs/cgi-bin/test.cgi directive 2
　　
　　How can I configure the server for this to work?

　　
　　Configuration Info
　　
　　Operating System - HPUX
　　Version - 10.20
　　Hardware System - HP 9000
　　Series - K460
　　
　　Solution
　　
　　The problem is caused by improper access permissions to the userdb directory, subdirectories and files by the server user (www/other).
　　Make sure the following directories under /opt/ns-ftrack have the following permissions:
　　
　　dr-xr-xr-x 3 bin other 1024 Apr 29 13:57 userdb
　　dr-xr-xr-x 5 bin other 1024 Apr 29 13:57 ldap
　　dr-xr-s--- 2 bin other 1024 Apr 29 14:24 db
　　
　　and files under db should be: -rw-rw-- 1 www other