Problem with sub-web administrator access
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > FrontPage Server Extensions for Unix > Problem with sub-web administrator access




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Problem with sub-web administrator access  
spiker


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
08-16-04 12:53 PM

I was attempting to assist someone who recently converted a FrontPage subweb
on her website to the Verotel payment system.  The web site is on an Apache
server on a Linux/UNIX host.

Verotel works by replacing the .htaccess file in the subweb with one of its
own.  The Verotel .htaccess file points to a .passwd file maintained by
Verotel.  This had an unfortunate side effect.  The subweb had forms, and
those forms relied on an executable in the subweb/_vti_bin directory and
wrote to files in the subweb/_private directory.  These subdirectories of
the subweb contained .htaccess files as well, which, I presume, inherited
their settings from the parent.  As far as I can surmise the GET and POST
methods in those directories is restricted to members of the AuthGroupFile,
which is an artifact of the original FrontPage security, and is unaffected
when Verotel adds new users to its .passwd file.  Therefore new users are
unable to use the forms.

In an attempt to rectify this situation, I suggested resetting the subweb to
use the security of the main web - i.e. unrestricted.  Unfortunately, the
.htaccess file in the main web had been modified and was missing both an
AugtUserFile and an AuthGroupFile record.  We aborted the attempt to reset
the security, but only after some damage was done.  The subweb is now no
longer accessible via the FrontPage administrator's credentials.  I'm
guessing that Frontpage obliterated the service.pwd and the service.grp
files before discovering that there weren't any files to copy from the
parent directory.

I have several questions.

Is there a simple way to fix this?  Barring that...

I have FTP access to the site.  I am using WSFTP to transfer files.  I also
have access to command line FTP in either Windows 2K or Linux.  Apparantly,
there is some mechanism that prevents me from getting or posting files to
several of the "_" hidden FrontPage extensions directories, including the
_vti_pvt directory, although they appear to have the same security
attributes (user, group, and security mask) as the accessible directories.

I suspect that I could rectify the situation if I could get into the
_vti_pvt directory.

Does anyone know what the mechanism is that blocks access to these
directories?   Is there a way for an authorized user with valid FTP
credentials to get into these folders?

Any help would be much appreciated.




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 09:10 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register