ACLS and WebServers... - VMS

This is a discussion on ACLS and WebServers... - VMS ; In article , "Paul Raulerson" writes: > > >> -----Original Message----- >> From: Tom Linden [mailto:tom@kednos.company] >> Sent: Saturday, August 25, 2007 8:38 PM >> To: Info-VAX@Mvb.Saic.Com >> Subject: Re: ACLS and WebServers... >> >> On Sat, 25 Aug 2007 ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 24 of 24

Thread: ACLS and WebServers...

  1. RE: ACLS and WebServers...

    In article <001501c7e793$774f6850$65ee38f0$@com>, "Paul Raulerson" writes:
    >
    >
    >> -----Original Message-----
    >> From: Tom Linden [mailto:tom@kednos.company]
    >> Sent: Saturday, August 25, 2007 8:38 PM
    >> To: Info-VAX@Mvb.Saic.Com
    >> Subject: Re: ACLS and WebServers...
    >>
    >> On Sat, 25 Aug 2007 09:16:45 -0700, Larry Kilgallen
    >> wrote:
    >>
    >> > In article <002501c7e72f$e4060f30$ac122d90$@com>, "Paul Raulerson"
    >> > writes:
    >> >
    >> >> That's something definitely in the cards. What is WASD exactly?
    >> >
    >> > WASD is a web server that runs on VMS.
    >> >
    >> > http://wasd.vsm.com.au/

    >>
    >> WASD was specifically written for VMS whereas Apache was ported from a
    >> UNIX environment.
    >> Do yourself a favor, if you are going to run a web server, it is WASD
    >>
    >>
    >> --
    >> PL/I for OpenVMS
    >> www.kednos.com

    >
    >Downloaded and starting to read the documentation on it. Apache is up and
    >running so ... to bring
    >up and configure WASD means I either need to IPL from another volume, or
    >figure out how to *uninstall*
    >Apache...


    Actually, you don't need to do either of those. Just configure WASD to run on
    some other port than you've got Apache running on. (On my home VMS box - which
    is where I'm sitting as I type this, DECnetted into my work machine - I'm
    running OSU, Apache, and WASD simultaneously.) The various logical names and
    account names they require don't overlap.

    (One hint: If you're going to give the web server ACL-based access to things,
    don't do it by the username of the account (eg, APACHE$WWW). Instead, make up
    another identifier (I use WEB_DAEMON) and give *that* the read access to your
    web directories. YOu can grant that id to APACHE$WWW, or the accounts for WASD
    or OSU, rather than having to rework everything.)

    -- Alan


  2. Re: (Persona services came out in VMS 6.2) Re: ACLS and WebServers...

    In article , "Richard Maher" writes:

    >
    >As far as the OP's question goes, can someone tell me if you still need that
    >APACHE$WWW ACE if the WORLD has read access to the files? Not that's it's
    >important, but just for curiosity's sake I'm wondering if what is being
    >achieved is a regime where every bloke and a dog with a browser can view the
    >files but there's just no way we'll let local VMS users see them.
    >

    Nope, the APACHE$WWW ACE isn't required for files that are W:R.

    (Of course, there tend to be fewer and fewer local VMS users who actually log
    in, get an interactive session, and do stuff.)

    -- Alan

  3. Re: ACLS and WebServers...

    Alan Winston - SSRL Central Computing wrote:

    > In article <001501c7e793$774f6850$65ee38f0$@com>, "Paul Raulerson" writes:


    >> Apache is up and running so ... to bring
    >> up and configure WASD means I either need to
    >> IPL from another volume, or figure out how to *uninstall*
    >> Apache...

    >
    > Actually, you don't need to do either of those. Just configure WASD to run on
    > some other port than you've got Apache running on. (On my home VMS box - which
    > is where I'm sitting as I type this, DECnetted into my work machine - I'm
    > running OSU, Apache, and WASD simultaneously.) The various logical names and
    > account names they require don't overlap.


    Just as i have three copies of OSU running on an system where
    port 80 is the the prod server, 81 is test and 82 is the dev web
    server.

    All running OSU but separate installs, could be (maybe are, don't
    remember) different versions...

    It's actualy setup so the logical names for the test and dev
    servers are search lists ending with the prod directories, so
    when testing something only the files needing changes are moved
    physicaly to the dev/test directories. The other files are
    using the copy in the prod envir. Works as a charm, as expected
    on VMS...

    Jan-Erik.

  4. Re: (Persona services came out in VMS 6.2) Re: ACLS and WebServers...

    Richard Maher wrote:
    > Hi John,
    >
    >
    >>When did you look? There is a DECC feature to enable that check.

    >
    >
    > Is it a "DEC"C specific and non-portable extension? In which case I'd like
    > to ask why you wouldn't choose instead to deploy sys$check_access et al? Is
    > "access() for "files" only and doesn't handle access checks to Queues,
    > Mailboxes and so on?


    access() should be for all objects.

    The use is in porting applications written from UNIX to VMS, as what
    Martin was writing about.

    On the UNIX systems that support ACLs, on only some of them does access
    actually report what the status really is.

    And sys$check_access() is not the same in some cases.

    With UNIX, the delete permission on a file is a suggestion that is
    optionally followed by the "rm" or other UNIX utilities. It is not
    enforced by the unlink()/delete()/erase()/rmdir() system calls.

    So programs that wish to obey the delete permission need to call
    access() to see if they should proceed with a delete.

    On UNIX, it is write permission to the directory that the file is in
    that enforces if the file actually can be deleted.

    > "John E. Malmberg" wrote in message
    > news:CD5Ai.76110$Fc.8267@attbi_s21...
    >
    >>Martin Vorlaender wrote:
    >>
    >>>In fact, when porting some *ix software, I noticed that the C RTL
    >>>routine access() only looks at the protection mask, and doesn't honor
    >>>ACLs. So I had to expand it (not going all the way through the flowchart
    >>>though).

    >>
    >>When did you look? There is a DECC feature to enable that check. I do
    >>not know what version it was added in.
    >>

    -John
    wb8tyw@qsl.network
    Personal Opinion Only


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2