From owner-freebsd-questions  Sat Jul 20  3: 4: 1 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3CBD37B400
	for <freebsd-questions@freebsd.org>; Sat, 20 Jul 2002 03:03:51 -0700 (PDT)
Received: from shockwave.systems.pipex.net (shockwave.systems.pipex.net [62.190.223.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B851843E3B
	for <freebsd-questions@freebsd.org>; Sat, 20 Jul 2002 03:03:50 -0700 (PDT)
	(envelope-from sroberts@dsl.pipex.com)
Received: from Demon.vickiandstacey.com (81-86-129-77.dsl.pipex.com [81.86.129.77])
	by shockwave.systems.pipex.net (Postfix) with ESMTP
	id CC3E4160009C6; Sat, 20 Jul 2002 11:03:46 +0100 (BST)
Subject: Re: Win2K Frontpage clients unable to connect to apache with
	Frontpage extensions
From: Stacey Roberts <sroberts@dsl.pipex.com>
Reply-To: sroberts@dsl.pipex.com
To: Steve Mazerski <smazerski@yahoo.co.jp>
Cc: FreeBSD-Questions <freebsd-questions@freebsd.org>
In-Reply-To: <200207201152.50093.smazerski@yahoo.co.jp>
References: <1027155376.55073.134.camel@Demon.vickiandstacey.com> 
	<200207201152.50093.smazerski@yahoo.co.jp>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-VQR+BBUWTefHhNONGpJR"
X-Mailer: Ximian Evolution 1.0.8 
Date: 20 Jul 2002 11:04:43 +0100
Message-Id: <1027159485.55073.144.camel@Demon.vickiandstacey.com>
Mime-Version: 1.0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--=-VQR+BBUWTefHhNONGpJR
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi Steve,
   Thanks for getting back to me. I checked the permissions on the file
and dir, and here's what I get:


/usr/local/www $ ls -la
total 10
drwxr-xr-x   6 root  wheel   512 Jun 22 18:43 ./
drwxr-xr-x  19 root  wheel   512 Jul 19 22:36 ../
lrwxr-xr-x   1 root  wheel    27 Jun 22 18:43 cgi-bin@ ->
/usr/local/www/cgi-bin-dist
drwxr-xr-x   2 root  wheel   512 Jun 22 18:43 cgi-bin-dist/
lrwxr-xr-x   1 root  wheel    24 Jun 22 18:43 data@ ->
/usr/local/www/data-dist
drwxr-xr-x  10 www   www    1536 Jul 20 10:17 data-dist/
drwxr-xr-x   3 root  wheel  3584 Jun 22 18:43 icons/
drwxr-xr-x   2 www   www     512 Jun 22 18:43 proxy/
/usr/local/www $=20

As for the file itself, well here's something funny:
/usr/local/www $ ls -la /usr/local/www/data/_vti_bin/shtml.exe
ls: /usr/local/www/data/_vti_bin/shtml.exe: No such file or directory
/usr/local/www $=20

Huh?????

Seems I can't find this file anywhere:
/usr/local/www/data/_vti_bin $ ls -la *
_vti_adm:
total 3
drwxrwxr-x  2 www  www  512 Jul 20 01:02 ./
drwxrwxr-x  4 www  www  512 Jul 20 01:02 ../
-rw-rw-r--  1 www  www  345 Jul 20 01:02 .htaccess

_vti_aut:
total 3
drwxrwxr-x  2 www  www  512 Jul 20 01:02 ./
drwxrwxr-x  4 www  www  512 Jul 20 01:02 ../
-rw-rw-r--  1 www  www  353 Jul 20 01:02 .htaccess
/usr/local/www/data/_vti_bin $=20

Oh Man.., I don't know what the heck is going on here.., Any ideas?=20

Stacey

On Sat, 2002-07-20 at 10:52, Steve Mazerski wrote:
> On Saturday 20 July 2002 10:56, Stacey Roberts wrote:
> > Hello,
> >      I've just setup my apache webserver with Frontpage server extensio=
n
> > support, but I am unable to connect to apache from the Win2K clients on
> > the lan.
> >
> > Here's what appears in /var/log/messages:
> >
> > [Sat Jul 20 09:46:23 2002] [error] [client lan PC IP] web root owned by
> > privileged user: /usr/local/www/data/_vti_bin/shtml.exe
> > /usr/local/etc/apache $
>=20
> I know nothing of the Frontpage extensions (but boy do I see  lot of
> requests in my Apache logs for that kind of file ;-) ) but it looks like =
a
> permissions problem.
>=20
> Speculation: the exectuable file is being run as a privileged user (root?=
),=20
> which is rightly regarded as a security problem.
>=20
> What are the permissions on the file and the directory it's in?
> What user does Apache run as?
>=20
> S.Mazerski
--=20
Stacey Roberts B.Sc. (HONS) Computer Science
Network Systems Engineer

--=-VQR+BBUWTefHhNONGpJR
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi Steve,
   Thanks for getting back to me. I checked the permissions on the file
and dir, and here's what I get:


/usr/local/www $ ls -la
total 10
drwxr-xr-x   6 root  wheel   512 Jun 22 18:43 ./
drwxr-xr-x  19 root  wheel   512 Jul 19 22:36 ../
lrwxr-xr-x   1 root  wheel    27 Jun 22 18:43 cgi-bin@ ->
/usr/local/www/cgi-bin-dist
drwxr-xr-x   2 root  wheel   512 Jun 22 18:43 cgi-bin-dist/
lrwxr-xr-x   1 root  wheel    24 Jun 22 18:43 data@ ->
/usr/local/www/data-dist
drwxr-xr-x  10 www   www    1536 Jul 20 10:17 data-dist/
drwxr-xr-x   3 root  wheel  3584 Jun 22 18:43 icons/
drwxr-xr-x   2 www   www     512 Jun 22 18:43 proxy/
/usr/local/www $=20

As for the file itself, well here's something funny:
/usr/local/www $ ls -la /usr/local/www/data/_vti_bin/shtml.exe
ls: /usr/local/www/data/_vti_bin/shtml.exe: No such file or directory
/usr/local/www $=20

Huh?????

Seems I can't find this file anywhere:
/usr/local/www/data/_vti_bin $ ls -la *
_vti_adm:
total 3
drwxrwxr-x  2 www  www  512 Jul 20 01:02 ./
drwxrwxr-x  4 www  www  512 Jul 20 01:02 ../
- -rw-rw-r--  1 www  www  345 Jul 20 01:02 .htaccess

_vti_aut:
total 3
drwxrwxr-x  2 www  www  512 Jul 20 01:02 ./
drwxrwxr-x  4 www  www  512 Jul 20 01:02 ../
- -rw-rw-r--  1 www  www  353 Jul 20 01:02 .htaccess
/usr/local/www/data/_vti_bin $=20

Oh Man.., I don't know what the heck is going on here.., Any ideas?=20

Stacey

On Sat, 2002-07-20 at 10:52, Steve Mazerski wrote:
> On Saturday 20 July 2002 10:56, Stacey Roberts wrote:
> > Hello,
> >      I've just setup my apache webserver with Frontpage server extensio=
n
> > support, but I am unable to connect to apache from the Win2K clients on
> > the lan.
> >
> > Here's what appears in /var/log/messages:
> >
> > [Sat Jul 20 09:46:23 2002] [error] [client lan PC IP] web root owned by
> > privileged user: /usr/local/www/data/_vti_bin/shtml.exe
> > /usr/local/etc/apache $
>=20
> I know nothing of the Frontpage extensions (but boy do I see  lot of
> requests in my Apache logs for that kind of file ;-) ) but it looks like =
a
> permissions problem.
>=20
> Speculation: the exectuable file is being run as a privileged user (root?=
),=20
> which is rightly regarded as a security problem.
>=20
> What are the permissions on the file and the directory it's in?
> What user does Apache run as?
>=20
> S.Mazerski
- --=20
Stacey Roberts B.Sc. (HONS) Computer Science
Network Systems Engineer

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPTk1t/dn4A8qiCO5EQIXjQCeJpKz+CfSHViSSL3a2Wxm1ccCUGMAn3KD
GRUWWr/2VsnqxjJEHjyceHot
=m6Zr
-----END PGP SIGNATURE-----

--=-VQR+BBUWTefHhNONGpJR--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message