|
I don't quite follow. The IBM HTTP server uses user profile QTMHHTTP for serving documents, so this user profile is the only one that needs authority to documents you are making available on the web. I'm not sure if it's different for Domino, but there is probably a user id similar to QTMHHTTP that needs authority for web pages, so you can set up *PUBLIC with *EXCLUDE. People surfing the web are anonymous to the AS/400 web security, so it makes no difference if they are a user or not of your machine. This is the purpose of the QTMHHTTP user profile to act as a "liaison" for people surfing the web. I would strongly suggest getting support from the Domino folks who set it up. If there isn't something similar to the "one user profile for serving HTTP stuff" than there's a serious flaw. But I assume there is such a profile. Brad -----Original Message----- From: Andrei Centea [mailto:acentea@canadelle.com] Sent: Tuesday, March 21, 2000 9:32 AM To: MIDRANGE-L@midrange.com Subject: RE: Protect WEB pages on AS/400 Brad I'm in your fan club ... and a strong user of SPLTOOL & FTPTOOL & CO. Still, CHGAUT doesn't work. On this stage of our application, AS/400 is only hosting the web. The main web and its subwebs, defined in ROOT \ LOTUS \ DOMINO \ DATA \ DOMINO \ HTML \ ... are targeted by all kind of users. Some of them are AS/400 users, others are not and will never be. That makes all references to OS/400 authorities irrelevant, as you cannot refer non-existent users. I defined the links to be portable. Transfering the web structure on an NTFS machine, it works well and restrictions can be applied. On the IFS, it works well except *PUBLIC which is entitled to surf all. Even if I put *PUBLIC *NONE, they can surf in peace. It might be linked to the fact that I don't use IBM's HTTP server but the DOMINO one on the AS/400? Other opinions ? Thx, Andrei Centea Sara Lee Branded Apparel of Canada (Canadelle) 514-723-8428 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Yup... CHGAUT command. First exclude public from dirs and files for the webs. Then grant at least *R to files, dirs used for web pages. How I do it after initial setup is to use FTPTOOL to execute a program after a PUT is done with FTP. This submits a job with a delay of 5 seconds and does a CHGAUT on the file uploaded (which is sent as a parm from FTPTOOL). Works like a charm. FTPTOOL can be downloaded at www.bvstools.com Brad _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ( ... ) I just finished some WEB pages made with FRONT PAGE and have hosted them on AS/400 for our Intranet, on the DOMINO server. All is fine, except their *public authority which is granted by default. So I want to manage permissions / restrictions similar with doing it with Front Page on any NT box. Unfortunately, Front Page can manage the security of webs and subwebs only if they are hosted on an NTFS machine. And OS/400 authorities for the AS/400 objects in IFS cannot be applied here. Has anybody succeeded a workaround? +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.