Microsoft Home Microsoft Home
Microsoft FrontPage Server Extensions Resource Kit logo  Microsoft FrontPage 2000 Server Extensions Resource Kit

Security on UNIX

 5 of 10     Access File Settings

FrontPage relies on access files to add FrontPage-extended web administrators, authors, and browsers (site visitors) with the proper permissions to the Web server's account list, and to protect content and programs in FrontPage-extended webs.

FrontPage creates a directory named _vti_pvt for the root web and for each subweb. In each FrontPage-extended web with unique permissions, the _vti_pvt directory contains the following two files:

  • service.pwd contains the list of users and encrypted passwords for the FrontPage-extended web.
  • service.grp contains the list of groups (one group for authors and one for administrators), and the users within each group.

 

On Netscape servers, there are no service.pwd or service.grp files. The Netscape password files are:

  • administrators.pwd for administrators.
  • authors.pwd for authors and administrators.
  • users.pwd for site visitors, authors, and administrators.

 

An access file in the _vti_bin directory controls access to the browse-time FrontPage program, shtml.exe. If all users have browse permission, this is set in the access file. Otherwise, the access file points to a list of users and groups with browse access. A separate access file in the _vti_adm directory sets POST permissions for the administrative program, admin.exe. A third access file in the _vti_aut directory sets the POST permissions on the authoring program, author.exe.

When you use the Permissions or Security command in the FrontPage client to give a user browse access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the single service.pwd file (or, on Netscape servers, users.pwd) pointed to from the _vti_bin directory's access file. Also, when an IP address restriction is set on browse access to a FrontPage-extended web, this restriction is added to the _vti_bin directory's access file.

When you give a user authoring access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the service.pwd file and to the Authors group in the service.grp file pointed to from the access files stored in the _vti_bin and _vti_aut directories. This enables the user to send HTTP POST requests to author.exe and use the browse-time program, shtml.exe. (On Netscape servers, the process is similar.)

When you give a user administrative access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the service.pwd file and to the Administrators group in the service.grp file pointed to from the access files stored in the _vti_bin , _vti_aut, and _vti_adm directories. This enables the user to send HTTP POST requests to admin.exe, author.exe, and shtml.exe. (On Netscape servers, the process is similar.)

The set of access files for a FrontPage-extended web is illustrated in the following two tables.

 

Table 1 Access Files and UNIX File Permissions for the Content of a FrontPage-Extended Web

Web directories or content Access list
root web

Example:
\ 		Root Web Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
root directory content files

Example:
default.htm
logo.gif
guestbook.htm
etc.		 Default Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
subdirectory and content files

Example:
\subdir1
   content.htm
   other.gif
   etc.		 Default Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
executable sub-directory and contents files

Example:
\executable-subdir1
   program.exe
   etc.		 Executable Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
results directory and content files

Example:
\guestbook_results
   form_results.htm		 Results Directory Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid

 

Table 2 Access Files and UNIX File Permissions for the _vti Directories Created by FrontPage

 

Web directories or content Access list
root web Runtime Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
\_vti_bin
  shtml.exe		 Runtime Access List
site visitors (GET, POST)
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
\_vti_bin\_vti_aut
              author.exe		 Authors Access List
no site visitors
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
\_vti_bin\_vti_adm
              admin.exe		 Administrators Access List
no site visitors
no authors
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid
\_vti_log
   authoring logs
\_vti_txt
   text index
\_vti_pvt
   configuration		 Miscellaneous Access List
no site visitors
authors (GET, POST)
administrators (GET, POST)
UNIX: rwxr-xr-x uid/gid

 

 Security section art
Overview               
Security                 
  Introduction
  Security on
  Windows NT
  Security on UNIX
Setup                     
Administration      
Appendixes           
Index                    

   5 of 10      TOP
 
  Last Updated November 1998
©1998 Microsoft Corporation. All rights reserved. Terms of Use.