|
Thanks for all of your help!! ________________________________ From: web400-bounces@xxxxxxxxxxxx on behalf of Wilt, Charles Sent: Tue 7/18/2006 2:58 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Don, For a program to be "adopting authority" of its owner, you'd see the following User profile . . . . . . . . . . . . . . . . . : *OWNER So your program isn't adopting authority, since it has *USER. Now the second line: Use adopted authority . . . . . . . . . . . . : *YES Means that if PGM1 has USRPRF(*OWNER) and say PGM1's owner is QSECOFR, and PGM1 calls PGM2 where PGM2 has USRPRF(*USER), USRADPAUT(*YES). Then PGM2 while not adopting authority itself will make use of the QSECOFR authority adopted by PGM1. Make sense? I don't think adopted authority is your problem. Instead, it's the *USE authority on the OUTQs. Here's a nice explanation of spool file security: http://www.itjungle.com/fhg/fhg063004-story02.html HTH, Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121
-----Original Message----- From: web400-bounces+cwilt=meaa.mea.com@xxxxxxxxxxxx [mailto:web400-bounces+cwilt=meaa.mea.com@xxxxxxxxxxxx] On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 3:16 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache "Adopted authority adds the authority of a program owner to the authority of the user running the program." Yes, that is the API being used here. Looks like all of my *OUTQs have at least *USE authority! Is that the problem ? The owner of the program is SSA (this is BPCS ERP), and has *JOBCTL. What if I just change the owner of the program? -----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Wilt, Charles Sent: Tuesday, July 18, 2006 2:03 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache How does the program get the information it outputs? If using the List Spooled Files (QUSLSPL) API, then the following applies: The requester is authorized to the output queue if one or more of the following conditions are met: * The requester has *SPLCTL authority. * The requester has *JOBCTL authority, and the output queue is specified as OPRCTL(*YES). * The requester has *READ authority to the output queue. You've considered option 1, what about 2 & 3? Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121-----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 2:56 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Charles - The users have *NONE, the program does show Adopted Authority Program creation information: Program creation date/time . . . . . . . . . . : 07/14/06 08:38:32 Type of program . . . . . . . . . . . . . . . : ILE Program entry procedure module . . . . . . . . : WRKCGISPLF Library . . . . . . . . . . . . . . . . . . : BPCSCDUSR Activation group attribute . . . . . . . . . . : QILE Shared activation group . . . . . . . . . . . : *NO User profile . . . . . . . . . . . . . . . . . : *USER Use adopted authority . . . . . . . . . . . . : *YES Coded character set identifier . . . . . . . . : 65535 Number of modules . . . . . . . . . . . . . . : 1 -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Wilt, Charles Sent: Tuesday, July 18, 2006 1:53 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Don, Do your general user profiles specify *SPLCTL? Does the program use adopted authority? Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121-----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 2:22 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache I turned the Special Authorities back to *NONE for QTMHHTP1. When I run with UserID %%SERVER%% (my original setting),no one canaccess any of the spool file info which the WRKCGISPLF loads up. When I run with UserID %%CLIENT%%, anyone can access any ofthe spoolfiles which come up. A general user ID can get the QSECOFR spool files to display. This may be inherent in the design of this program ?? -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Wilt, Charles Sent: Tuesday, July 18, 2006 12:42 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Sounds like the system isn't using the user name being supplied. What's your config file look like? Here's the relevantlines out ofmine. 34 <Location /melcgip/protected> 35 AuthName "Protected - iSeries Username required" 36 AuthType Basic 37 PasswdFile %%SYSTEM%% 38 UserID %%CLIENT%% 39 Require valid-user 40 </Location> Line #38 is what tells Apache to run the CGI program under the provided user name. HTH, Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121-----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 1:00 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Charles - I do have AS400 authentication enabled, but nomatter who Isigned in as, I was not able to access ANY spooled file (inthe sampleprogram WRKCGISPLF), until I changed the QTMHHTP1 profile(which Idon't like either - as you say). When I entered *all in the user id of the Browser prompt,all spoolfiles on the system show! That would not be a problem ifwhen theuser clicks on one which WAS NOT THEIRS, then access wouldbe denied.However, I was not able to access any of them - evenusing qsecofrvalidation?? -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Wilt, Charles Sent: Tuesday, July 18, 2006 11:40 AM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Probably not the solution you want to use. Now anybody who can get to the web server can access allyour spoolfiles. Instead, you can configure Apache to ask for a usersiSeries user IDand password, then the CGI job will switch over to thatprofile to dothe work it needs to. The CGIDEV2 documentation shows how to do it. If you needmore helpjust ask. Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121-----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 11:49 AM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache Thanks, I gave Spool Control Special Authority accessfor thatprofile, and that did it! -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Matt.Haas@xxxxxxxxxxx Sent: Tuesday, July 18, 2006 10:20 AM To: web400@xxxxxxxxxxxx Subject: Re: [WEB400] Apache Unless you changed the defaults, it's QTMHHTP1. Matt -----Original Message----- From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx [mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx]On BehalfOf Don Cavaiani Sent: Tuesday, July 18, 2006 11:16 AM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache The job log of QZSRCCGI shows Not authorized to spooledfile. I'm notsure what user profile is "in effect" here? -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Matt.Haas@xxxxxxxxxxx Sent: Tuesday, July 18, 2006 10:09 AM To: web400@xxxxxxxxxxxx Subject: Re: [WEB400] Apache You're missing the last ")" in the command but now that theprogram isgetting called, you should be able to start a service jobon the jobrunning the CGI program and debug it like you normally would. Matt -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 11:04 AM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] Apache That did it Matt, thanks. Now the program loads up fine,but I get anaccess error: Cannot Access Spooled File Error incommand: CPYSPLFFILE(QPRINT) TOFILE(QTEMP/SPLOUTPUT) JOB(110888/TEST/STEPBYSTEP) SPLNBR(000001) MBROPT(*REPLACE) CTLCHAR(*PRTCTL -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Matt.Haas@xxxxxxxxxxx Sent: Tuesday, July 18, 2006 9:44 AM To: web400@xxxxxxxxxxxx Subject: Re: [WEB400] Apache I think you just need to add .pgm to the end of the URL. Ithink youcan also add *.PGM to the end of the ScriptAlias to achievethe samething (I'm not 100% sure on that) but try adding .pgmin the URLfirst. Matt -----Original Message----- From: web400-bounces@xxxxxxxxxxxx[mailto:web400-bounces@xxxxxxxxxxxx]On Behalf Of Don Cavaiani Sent: Tuesday, July 18, 2006 10:15 AM To: web400@xxxxxxxxxxxx Subject: [WEB400] Apache Greetings, I am trying to get my first CGI (WRKCGISPLF) to execute. Here is my configuration below: I have compiled theWRKCGISPLF intothe library named DONC. When I run http://amereqip.com/cgi-bin/wrkcgisplf, I get "page cannot be found". Top of Form 1 Display Configuration File HTTP server: APACHE3 Selected file: /www/apache3/conf/httpd.conf 1 # Configuration originally created by ApacheSetup Wizard WedJan 19 18:49:23 GMT+00:00 2005 2 LogFormat "%h %l %u %t \"%r\" %>s %b" common 3 CustomLog logs/access_log common 4 ErrorLog logs/error_log 5 LogMaint logs/error_log 8 0 6 LogMaint logs/access_log 8 0 7 Listen *:80 8 MaxKeepAliveRequests 5 9 TimeOut 120 10 KeepAliveTimeout 4 11 DocumentRoot /web 12 ServerRoot /www/apache3 13 Options -ExecCGI -FollowSymLinks-SymLinksIfOwnerMatch -Includes-IncludesNoExec -Indexes -MultiViews 14 SetEnvIf "User-Agent" "Mozilla/2" nokeepalive 15 SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 16 SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 17 SetEnvIf "User-Agent" "RealPlayer 4\.0"force-response-1.018 SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive 19 SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 20 <Location /> 21 AuthName AS400 22 AuthType Basic 23 PasswdFile %%SYSTEM%% 24 UserID %%SERVER%% 25 Require valid-user 26 </Location> 27 ScriptAlias /db2www/ /QSYS.LIB/DONC.LIB/DB2WWW.PGM/ 28 ScriptAlias /cgi-bin/ /QSYS.LIB/DONC.LIB/ 29 Alias /doc /web/intranet 30 Alias /nd /web/cgibin 31 <Directory /> 32 deny From all 33 </Directory> 34 <Directory /web/intranet/testjava> 35 Allow From all 36 </Directory> 37 <Directory /web/intranet> 38 Allow From all 39 </Directory> 40 <Directory /web/cgibin> 41 Allow From all 42 </Directory> 43 <Directory /web> 44 Allow From all 45 </Directory> 46 <Directory /qsys.lib/donc.lib> 47 Allow From all 48 </Directory> 49 <Directory /qntc/ntserver1/groups/mis> 50 Allow From all 51 </Directory> Bottom of Form 1 Don F. Cavaiani IT Manager Amerequip Corp. 920-894-7063 'Treat every person with kindness and respect, even thosewho are rudeto you. Remember that you show compassion to others notbecause of whothey are but because of who you are.'--Andrew T. Somers "When faced with the choice of being 'right' or being'kind', choosethe kind option every time." -- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting,please take amoment to review the archives athttp://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400. -- This is the Web Enabling the AS400 / iSeries (WEB400)mailing list Topost a message email: WEB400@xxxxxxxxxxxx To subscribe,unsubscribe,or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.-- This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400. -- This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.
-- This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.