Re: [WEB400] Apache at V5R3 - Access to IFS object denied

["Brad Stone" <brad@xxxxxxxxxxxx>]

I experienced similar issues when moving to apache from
classic with authorities.

With Classic, QTMHHTP1 only needed authority to CGI
libraries, and objects.  When I used Apache I couldn't for
the life of me figure out why they wouldn't work.  Turned
out I also needed to grant authority to QTMHHTTP.

Anyhow, QTMHHTTP would need RX authority to the folder
simply because it's the HTTP server that is serving the
download.  I would almost find it odd if it worked without
it.

Brad
www.bvstools.com

On Fri, 13 Aug 2004 13:42:12 +0930
 Derek Butler <DerekB@xxxxxxxxxxxxx> wrote:
> Hi,
> 
> I have an AS400 set up at V5R3 with Apache and am trying
> to download an
> object from the IFS using IE5.5 or greater.
> The user is required to have authority to the folder
> containing the object
> and is prompted for an AS400 userid and password.
> 
> The equivalent scenario works correctly on a non-Apache
> HTTP server at V4R5
> and V5R1.
> 
> When trying to access a file on the IFS via the web I am
> receiving the
> following message
> in the error log for the Apache Sever:
> 
>  (3401)Permission denied.: ZSRV_MSG064B: access to
> /download/download1/test.zip denied.
> 
> The test.zip object has public access permissions.
> The "download1" folder containing the object does not
> have public read/write
> execute permissions on it but does have these 
> permissions for another user profile. In the server
> confguration file, the
> download folder is password protected as follows:
> 
> <Directory /download/download1/>
> AllowOverride None
> AuthName download
> ProfileToken off
> AuthType Basic
> order allow,deny
> allow from all
> UserID %%CLIENT%%
> PasswdFile %%SYSTEM%%
> require valid-user
> </Directory>
> 
> The desired functionality is that when the user enters
> the url
> http://hostname/download/download1/test.zip 
> 
> The user is prompted for a username and password. This
> username is used to
> check the folder's permissions
> before allowing access to the file.
> 
> If I add QTMHHTTP to the list of users with execute
> permission for the
> download1 folder, the problem seems to be resolved.
> 
> Why does V5R3 (with Apache) seem to require QTMHHTTP to
> be specified on an
> IFS folder in order for the 
> above Apache configuration to come into effect?
> 
> Is the access to the IFS folder take precedence over the
> protection setup in
> the Apache Server configuration file?
> 
> Has security been modified in this respect?
> 
> Regards
> Derek Butler
> Analyst/Programmer
> Neller Software
> Tel: +61 (08) 8139 1859
> email:derekb@xxxxxxxxxxxxx
> 
> 
> 
> 
> 
>
****************************************************************************
> ***
>  This email and any files transmitted with it are
> confidential and are
> intended solely for the use of the individual or entity
> to whom they are
> addressed. This communication represents the originator's
> personal views and
> opinions, which do not necessarily reflect those of
> Neller Software. If you
> are not the original recipient or the person responsible
> for delivering the
> email to the intended recipient, be advised that you have
> received this
> email in error, and that any use, dissemination,
> forwarding, printing, or
> copying of this email is strictly prohibited. If you
> received this email in
> error, please immediately notify postmaster@xxxxxxxxxxxxx
> and destroy the
> original message. 
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400)
> mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/web400.
> 

Bradley V. Stone
BVS.Tools
www.bvstools.com