Security on UNIX

 ^{3 of 10}     Setting UNIX Permissions on Web Content

Setting secure access modes for files and directories in a customer's content directory is a key to maintaining your Web-server security. All files and directories should be owned by the customer's user identifier/group identifier. Suggested UNIX permission settings are shown in the following table.

Permissions for customers with multiple UNIX accounts per customer also apply to an organization that has several UNIX accounts that are part of the same UNIX group. Shared write access allows any members of the group to write to all shared Web documents.

The Fpsrvadm utility can be used to automatically chown and chmod existing content files in a FrontPage-extended web to be owned by a given user. Automatic chown and chmod can be performed when you install the server extensions (using fpsrvadm -operation install) or later (using fpsrvadm -operation chown). These operations set the content to be owned by the user, and they set the FrontPage Server Extensions stub executable files to be SUID.

By default, a 022 umask is used when the server extensions are installed or chowned. To set a custom umask, you must edit and recompile the FrontPage Server Extensions stub executable file, /usr/local/frontpage/version4.0/srcs/fp.suid.c. To do this, open the file and edit the line umask(022). Then save it as each of the stub executable files, as listed in the fp.suid.c source file. (These stub executable files are propagated to each content area as new FrontPage-extended webs are created.)

For example, to create the administrative stub executable file, copy the file
/usr/local/frontpage/version4.0/srcs/fp.suid.c

to
/usr/local/frontpage/version4.0/srcs/admin.exe

Edit the umask line, and then compile /usr/local/frontpage/version4.0/srcs/admin.exe