Date: 20 Jul 2002 11:04:43 +0100 From: Stacey Roberts <sroberts@dsl.pipex.com> To: Steve Mazerski <smazerski@yahoo.co.jp> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Win2K Frontpage clients unable to connect to apache with Frontpage extensions Message-ID: <1027159485.55073.144.camel@Demon.vickiandstacey.com> In-Reply-To: <200207201152.50093.smazerski@yahoo.co.jp> References: <1027155376.55073.134.camel@Demon.vickiandstacey.com> <200207201152.50093.smazerski@yahoo.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-VQR+BBUWTefHhNONGpJR Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Steve, Thanks for getting back to me. I checked the permissions on the file and dir, and here's what I get: /usr/local/www $ ls -la total 10 drwxr-xr-x 6 root wheel 512 Jun 22 18:43 ./ drwxr-xr-x 19 root wheel 512 Jul 19 22:36 ../ lrwxr-xr-x 1 root wheel 27 Jun 22 18:43 cgi-bin@ -> /usr/local/www/cgi-bin-dist drwxr-xr-x 2 root wheel 512 Jun 22 18:43 cgi-bin-dist/ lrwxr-xr-x 1 root wheel 24 Jun 22 18:43 data@ -> /usr/local/www/data-dist drwxr-xr-x 10 www www 1536 Jul 20 10:17 data-dist/ drwxr-xr-x 3 root wheel 3584 Jun 22 18:43 icons/ drwxr-xr-x 2 www www 512 Jun 22 18:43 proxy/ /usr/local/www $=20 As for the file itself, well here's something funny: /usr/local/www $ ls -la /usr/local/www/data/_vti_bin/shtml.exe ls: /usr/local/www/data/_vti_bin/shtml.exe: No such file or directory /usr/local/www $=20 Huh????? Seems I can't find this file anywhere: /usr/local/www/data/_vti_bin $ ls -la * _vti_adm: total 3 drwxrwxr-x 2 www www 512 Jul 20 01:02 ./ drwxrwxr-x 4 www www 512 Jul 20 01:02 ../ -rw-rw-r-- 1 www www 345 Jul 20 01:02 .htaccess _vti_aut: total 3 drwxrwxr-x 2 www www 512 Jul 20 01:02 ./ drwxrwxr-x 4 www www 512 Jul 20 01:02 ../ -rw-rw-r-- 1 www www 353 Jul 20 01:02 .htaccess /usr/local/www/data/_vti_bin $=20 Oh Man.., I don't know what the heck is going on here.., Any ideas?=20 Stacey On Sat, 2002-07-20 at 10:52, Steve Mazerski wrote: > On Saturday 20 July 2002 10:56, Stacey Roberts wrote: > > Hello, > > I've just setup my apache webserver with Frontpage server extensio= n > > support, but I am unable to connect to apache from the Win2K clients on > > the lan. > > > > Here's what appears in /var/log/messages: > > > > [Sat Jul 20 09:46:23 2002] [error] [client lan PC IP] web root owned by > > privileged user: /usr/local/www/data/_vti_bin/shtml.exe > > /usr/local/etc/apache $ >=20 > I know nothing of the Frontpage extensions (but boy do I see lot of > requests in my Apache logs for that kind of file ;-) ) but it looks like = a > permissions problem. >=20 > Speculation: the exectuable file is being run as a privileged user (root?= ),=20 > which is rightly regarded as a security problem. >=20 > What are the permissions on the file and the directory it's in? > What user does Apache run as? >=20 > S.Mazerski --=20 Stacey Roberts B.Sc. (HONS) Computer Science Network Systems Engineer --=-VQR+BBUWTefHhNONGpJR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Steve, Thanks for getting back to me. I checked the permissions on the file and dir, and here's what I get: /usr/local/www $ ls -la total 10 drwxr-xr-x 6 root wheel 512 Jun 22 18:43 ./ drwxr-xr-x 19 root wheel 512 Jul 19 22:36 ../ lrwxr-xr-x 1 root wheel 27 Jun 22 18:43 cgi-bin@ -> /usr/local/www/cgi-bin-dist drwxr-xr-x 2 root wheel 512 Jun 22 18:43 cgi-bin-dist/ lrwxr-xr-x 1 root wheel 24 Jun 22 18:43 data@ -> /usr/local/www/data-dist drwxr-xr-x 10 www www 1536 Jul 20 10:17 data-dist/ drwxr-xr-x 3 root wheel 3584 Jun 22 18:43 icons/ drwxr-xr-x 2 www www 512 Jun 22 18:43 proxy/ /usr/local/www $=20 As for the file itself, well here's something funny: /usr/local/www $ ls -la /usr/local/www/data/_vti_bin/shtml.exe ls: /usr/local/www/data/_vti_bin/shtml.exe: No such file or directory /usr/local/www $=20 Huh????? Seems I can't find this file anywhere: /usr/local/www/data/_vti_bin $ ls -la * _vti_adm: total 3 drwxrwxr-x 2 www www 512 Jul 20 01:02 ./ drwxrwxr-x 4 www www 512 Jul 20 01:02 ../ - -rw-rw-r-- 1 www www 345 Jul 20 01:02 .htaccess _vti_aut: total 3 drwxrwxr-x 2 www www 512 Jul 20 01:02 ./ drwxrwxr-x 4 www www 512 Jul 20 01:02 ../ - -rw-rw-r-- 1 www www 353 Jul 20 01:02 .htaccess /usr/local/www/data/_vti_bin $=20 Oh Man.., I don't know what the heck is going on here.., Any ideas?=20 Stacey On Sat, 2002-07-20 at 10:52, Steve Mazerski wrote: > On Saturday 20 July 2002 10:56, Stacey Roberts wrote: > > Hello, > > I've just setup my apache webserver with Frontpage server extensio= n > > support, but I am unable to connect to apache from the Win2K clients on > > the lan. > > > > Here's what appears in /var/log/messages: > > > > [Sat Jul 20 09:46:23 2002] [error] [client lan PC IP] web root owned by > > privileged user: /usr/local/www/data/_vti_bin/shtml.exe > > /usr/local/etc/apache $ >=20 > I know nothing of the Frontpage extensions (but boy do I see lot of > requests in my Apache logs for that kind of file ;-) ) but it looks like = a > permissions problem. >=20 > Speculation: the exectuable file is being run as a privileged user (root?= ),=20 > which is rightly regarded as a security problem. >=20 > What are the permissions on the file and the directory it's in? > What user does Apache run as? >=20 > S.Mazerski - --=20 Stacey Roberts B.Sc. (HONS) Computer Science Network Systems Engineer -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBPTk1t/dn4A8qiCO5EQIXjQCeJpKz+CfSHViSSL3a2Wxm1ccCUGMAn3KD GRUWWr/2VsnqxjJEHjyceHot =m6Zr -----END PGP SIGNATURE----- --=-VQR+BBUWTefHhNONGpJR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1027159485.55073.144.camel>