OpenVMS help!

Troubleshooting with your custom scripts/programs installed on Polarhome.

Moderator: Moderators

Postby h3rald » Wed Jun 23, 2004 9:41 am

I'm currently using smarftp windows client to connect to my openvms account (alpha)... all went amazingly fine, except that I can't chmod files!! gh!

here's what I get:

SITE CHMOD 777 HOUSEDB.TXT;1
504 SITE Unknown type.

Any idea? Any suggested ftp client for windows more compatible with openvms? thanks
h3rald
 

Postby miker_alpha » Wed Jun 23, 2004 12:28 pm

To change the protection on a file the command would be:
$ SET FILE/PROT=W:RW file.ext
(where W is one of S,O,G,W and RW stands for Read,Write.
Try HELP SET PROT)

The bad news is that AFAIK you *cannot* do this via FTP.
- Try HELP/REMOTE to see whiche remote commands are available, generally by using QUOTE in FTP

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby h3rald » Wed Jun 23, 2004 12:47 pm

Thanks... unfortunately I don't have a shell account there, so things don't seem that easy... the "QUOTE" command is not implemented, or at least that's what I get when I input it from command like... any other ideas? Only the SITE command can be used to execute commands like "CHMOD" or stuff like that (I know chmod wouldn't work in this environment anyway...)?
h3rald
 

Postby miker_alpha » Wed Jun 23, 2004 1:31 pm

OK, so what is the original problem you are trying to solve?
Anything you put in [.Public_html] is readable by the Apache server.
Anything _not_ under [.Public_html] is not reachable by the Apache server.
All other files under your SYS$LOGIN directory are accessable only with _your_ username/password combination (excluding access by privileged users.)
I gather that CHMOD 777 will allow any access by anyone - is that what you want?

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby h3rald » Wed Jun 23, 2004 1:48 pm

Well, for a script I require some files' permissions to be set to 777, yes, within the PUBLIC_HTML directory. Can I protect directories using the .htaccess/.htpasswd files?
h3rald
 

Postby miker_alpha » Wed Jun 23, 2004 1:50 pm

I apologize for following my own post.

If in your LOGIN.COM file on OpenVMS you put a line
$ SET PROTECTION=(W:RE) /DEFAULT !(for example)
all files you PUT from then on will have the protection you have set as default. If you want to change/create only a specific file this would be a cumbersome way of doing this, but possible...

Again: What is it you are trying to do?

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby miker_alpha » Wed Jun 23, 2004 2:42 pm

Well, for a script I require some files' permissions to be set to 777, yes, within the PUBLIC_HTML directory. Can I protect directories using the .htaccess/.htpasswd files?

Who or what, besides Apache or yourself, can access these files - or would want to?
The [.Public_html] directory is meant for files that are to be served to the web, therefore an ACL (access control list) is set up allowing access by whatever user the web-server runs under.

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby jagar_freebsd » Thu Jun 24, 2004 5:52 am

:D Win
Internet Explorer can change the permission. No need to use clients.
login <a href='ftp://h3lard@www.polarhome.com:761/' target='_blank'>ftp://h3lard@www.polarhome.com:761/</a>
It works fine with freebsd and debian. Same for you. GL ;)
PS: And Sure you can use htpasswd, but i didn't succeed on polarhome.
My problem was **pointing to htpasswd** and didn't recognize those hash passwords, Report it if your works okay.
Here is example:(.htaccess)
--------------------------------------
AuthType Basic
AuthName "Admin"
AuthUserFile private/users <<< here is htpasswd
Order allow,deny
Require user
Require group
Allow from 1.1.*
Deny from 127.0.*
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|png|mp3|mpg|avi|mov)$ - [F]
RewriteCond %{HTTP_HOST} ^www\.[^.]+\.domain\.com$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^www\.([^.]+)\.domain\.com(.*) /home$1$2
RewriteCond %{HTTP_USER_AGENT} Wget [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerSE [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerElite [OR]
RewriteCond %{HTTP_USER_AGENT} EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ExtractorPro
RewriteRule ^.*$ deny.html [L]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} US [NC]
RewriteRule ^index\.php$ index.us.php [L]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[345].*Gecko*
RewriteRule ^index\.php$ netindex.php [L]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[345].*MSIE*
RewriteRule ^index\.php$ IEindex.php [L]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[12].* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Lynx/*
RewriteRule ^index\.php$ Lynxindex.php [L]

RewriteRule ^index\.php$ index.php [L]

RewriteRule (.*) /$1 [PT]
ErrorDocument 400
ErrorDocument 401
ErrorDocument 403
ErrorDocument 404
ErrorDocument 500
DirectoryIndex admin.php
-------------------------------------------
knock your self out :)
>>>Laugh<<< is a life energy.
User avatar
jagar_freebsd
Advanced Member
 
Posts: 58
Joined: Mon Nov 24, 2003 4:40 am
Location: Missouri, US

Postby miker_alpha » Thu Jun 24, 2004 8:31 pm

How to setup password file authentification in an .htaccess file
---------------------------------------------------------------

To find out how Basic authorization works, go to:
Code: Select all
http://www.polarhome.com:763/manual/howto/auth.html#basic


and then in your .htaccess file have a line such as
Code: Select all
AuthUserFile .httpassword  
;        must point to the password file you've created

Unfortunately to create the .htpassword on an Alpha you will need:
1. Shell access
2. access to APACHE$ROOT:[000000]HTPASSWD.EXE_ALPHA
3. sufficient privilege to run the program.

On Alpha.Polarhome it does NOT work:

$htpassword :== $APACHE$ROOT:[000000]HTPASSWD.EXE_ALPHA
$htpassword  -c .htpasswd miker
%DCL-W-ACTIMAGE, error activating image APACHE$ROOT:[000000]HTPASSWD.EXE_ALPHA
-CLI-E-IMGNAME, image file ALPHA$DKA0:[SYS0.SYSCOMMON.APACHE.][000000]HTPASSWD.EXE_ALPHA;
-RMS-E-PRV, insufficient privilege or file protection violation



Possibly a password file copied from a different system would work...

Note that adding password protection would limit access to your directory, not allow added access. Is this what you want?

MikeR

P.S. I have access to an account on an Alpha, and could create such a file for you, but then I would know your chosen password. *Bad security*!!
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby jagar_freebsd » Fri Jun 25, 2004 6:04 am

Will see many generator pages online. . . :)
Here is one example : <a href='http://www.euronet.nl/~arnow/htpasswd/' target='_blank'>htpasswd generator</a>
also htaccess : <a href='http://www.bitesizeinc.net/project/htaccesser' target='_blank'>download web based htaccess generator</a>
>>>Laugh<<< is a life energy.
User avatar
jagar_freebsd
Advanced Member
 
Posts: 58
Joined: Mon Nov 24, 2003 4:40 am
Location: Missouri, US

Postby miker_alpha » Fri Jun 25, 2004 7:00 am

Well the line in .htaccess for me (username MikeR) would be:
Code: Select all
AuthUserFile /dka200/home/m/miker/public_html/.htpassword

if I put the password file in my [.Public_HTML] directory. I imagine you should change the 'm' to the first letter of your username, and change 'miker' to your username, of course.

As a default, Apache is defined not to show .ht* files, so that should be safe...

For a sample .htpassword file, try
Code: Select all
aladin:LgpeHXALVaZ7I

Username: aladin (lowecase)
password: SESAME (uppercase)

and a sample entry in .htaccess:
Code: Select all
AuthType Basic
AuthName "Testing...Try: aladin (lowercase)"
AuthUserFile /dka???/username/public_html/.htpasswd
Require valid-user


both copied from a working Alpha OpenVMS example, only the
'/dka???/username/' changed to protect the guilty ;)

HTH
MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby miker_alpha » Fri Jun 25, 2004 9:42 am

Once again folowing on to my own post:

I created a subdirectory ( [.Public_HTML.Test]) under my own user on Alpha.Polarhome, but was *not* able to access it until I created an INDEX.HTML file in the subdirectory; i.e. file listings are not enabled.

The .HTACCESS and .HTPASSWORD file still do not work. I think the reason is as follows:

On a system where the .HTPASSWORD file works, in the server configuration, I see:
    <Directory /dka0/*/public_html>
      AllowOverride FileInfo AuthConfig Limit
      Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    </Directory>


Note: DKA0 is the relevant disk.

Whereas on Alpha.Polarhome I see:
    <Directory /home/*/*/public_html>
      AllowOverride FileInfo AuthConfig Limit
      Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    </Directory>


I think it should be:
Code: Select all
<Directory /dka200/home/*/*/public_html>


To Zoli (or alpha webmaster) : Is this correct, and is this the desired effect?

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby DenisF » Fri Jun 25, 2004 9:48 am

File listings are always checked prior to .htaccess files. [afaik]

add "Options +Indexes" in .htaccess and you should get the password prompt prior to getting the dir listing.
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby miker_alpha » Fri Jun 25, 2004 10:05 am

@DenisF:
add "Options +Indexes" in .htaccess and you should get the password prompt prior to getting the dir listing.


Tried that; With existing INDEX.HTML, I just saw the INDEX page (i.e. the minimal INDEX.HTML) When I renamed INDEX.HTML to INDEX.TXT I got a 403 error (forbidden...)

The .HTACCESS file now looks like:
Code: Select all
Options +Indexes
AuthType Basic
AuthName "Testing...Try: aladin / SESAME"
AuthUserFile /dka200/home/m/miker/public_html/test/.htpasswd
Require valid-user

but no cigar, yet.

I will do some tests on the Alpha I have access to. Unfortunately I am not allowed to open it to outside access. Pity...

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby DenisF » Fri Jun 25, 2004 10:11 am

Hm weird, maybe httpd.conf is overriding the +Indexes?

BTW
@hp.com email.. heh.. i'm impressed :)
If i may ask, are you doing some kind of official work for them?

ow and your website url in your sig is pointing to "www ... :763:/~miker/" (note the extra ":")
just an FYI :)
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby miker_alpha » Fri Jun 25, 2004 10:26 am

maybe httpd.conf is overriding the +Indexes?

As I understand it, the configuration in HTTPD.CONF is:
    <Directory />
      Options FollowSymLinks
      AllowOverride None
    </Directory>

which sets the defaults for the entire webserver tree (from "/" on down) and because of the missing "/dka200" in
    </Directory>
    <Directory /home/*/*/public_html>
      AllowOverride FileInfo AuthConfig Limit
      Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    </Directory>

the AllowOverride directive does not take effect.

Yep, I work for HP in Ra'anana - OpenVMS support. Some Apache, also, but not terribly complicated.
(DenisF: maybe we could just phone :D)
I'll look for the .hp addy on the page, and change it - the page is a partial copy of something I have at work :kwasny:

Hopefully I fixed the sig URL. Thanks for noticing.

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby miker_alpha » Fri Jun 25, 2004 11:56 am

To add to my last reply:

I checked on an OpenVMS Alpha server running Apache :

When I put <Directory /*/public_html> (equivalent to the current line on Alpha.Polarhome) I saw the same effects: Did'nt require a password.
Whan I had <Directory /dka0/*/public_html> it worked as expected.

I guess it's up to Zoli or whoever plays webmaster on the alpha to make the change, and then do:
@SYS$STARTUP:APACHE$STARTUP RESTART
This should cause the webserver software to re-read configuration files.

And to the O.P. SOL... meanwhile.

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby DenisF » Fri Jun 25, 2004 8:27 pm

Damn.. you're good.. real good..

i'll try to get Z to take a look here, he's kinda busy right now [can't disclose details, pardon] but that looks like something that needs to be taken care of :)
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby miker_alpha » Fri Jun 25, 2004 10:14 pm

/me takes a bashful bow...
Its in my job description: problem solving... :rolleyes:

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby miker_alpha » Wed Jun 30, 2004 4:16 pm

more manifestations of (I think) the same problem:
go to:
Code: Select all
http://www.polarhome.com:763/~miker/cgi-bin/seeacc.com


Note for non-VMS users: Under VMS the extention .COM is the equivalent of a shell script.

This is a script that works on a few (four, IIRC) different Apache OpenVMS webservers. Here, instead of the script's output, I see the code.
Admittedly, on those Apache servers I have privilege, so I put the script in APACHE$ROOT:[CGI-BIN] - but the behaviour should be the same...

As I said: I <span style='color:red'>THINK</span> this is because subdirectory [.CGI-BIN] is not defined as a Script directory;
Or maybe (specifically for OpenVMS Apache:

Code: Select all
AddHandler cgi-script   .com


Has anyone managed to access an executable/script/whatever in their [.CGI-BIN] subdirectory on Alpha.Polarhome?

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Next

Return to Troubleshooting

Who is online

Users browsing this forum: No registered users and 10 guests

cron