Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5999
Added Files:
adminserver10to101.patch
Log Message:
patch file to convert admin server version 1.0 files to version 1.0.1
adminserver10to101.patch:
--- NEW FILE adminserver10to101.patch ---
--- admin-serv/config/httpd.conf 3 Nov 2005 23:20:49 -0000 1.6
+++ admin-serv/config/httpd.conf 7 Dec 2005 04:11:38 -0000
@@ -243,19 +243,20 @@
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
-#
- Order allow,deny
- Allow from all
+# By default, no one may access anything
+# Access must be explicitly granted in admserv.conf
+ Order deny,allow
+ Deny from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
--- admin-serv/config/admserv.conf 19 Nov 2005 00:43:02 -0000 1.11
+++ admin-serv/config/admserv.conf 6 Dec 2005 18:38:57 -0000
@@ -20,24 +20,63 @@
#
# To get the Admin Express working properly, add the following to
# apache, either directly or thru an Include /path/to/this.conf
SetEnv NETSITE_ROOT /opt/fedora-ds
SetEnv ADMSERV_ROOT /opt/fedora-ds/admin-serv/config/
ADMCacheLifeTime 600
-ADMServerVersionString "Fedora-Administrator/1.0"
+ADMServerVersionString "Fedora-Administrator/1.0.1"
ScriptAlias /clients/orgchart/bin/ "/opt/fedora-ds/clients/orgchart/bin/"
ScriptAlias /clients/dsgw/bin/ "/opt/fedora-ds/clients/dsgw/bin/"
ScriptAlias /bin/admin/admin/bin/ "/opt/fedora-ds/bin/admin/admin/bin/"
ScriptAlias /dist/ "/opt/fedora-ds/dist/"
ScriptAlias /manual/help/ /opt/fedora-ds/manual/help/
+# all access is explicitly denied by default in httpd.conf
+# the following Directory directives turn on access for specific
+# directories
+<Directory "/opt/fedora-ds/java/">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+<Directory "/opt/fedora-ds/manual/">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+<Directory "/opt/fedora-ds/clients/*/*html/">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+<Directory "/opt/fedora-ds/clients/dsgw/*config/">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+<Directory "/opt/fedora-ds/bin/admin/admin/icons/">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+# enable access for CGI progs/scripts
<Directory "/opt/fedora-ds/clients/orgchart/bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory "/opt/fedora-ds/clients/dsgw/bin/">
@@ -64,52 +103,62 @@
# Handle the initial login
<Location /admin-serv/authenticate>
SetHandler user-auth
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
+ Order allow,deny
+ Allow from all
</Location>
# Handle Other Console tasks
<LocationMatch /*/[tT]asks/[Oo]peration/*>
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
AdminSDK on
Options +ExecCGI
+ Order allow,deny
+ Allow from all
</LocationMatch>
# Handle Admin Express
<LocationMatch /*/[tT]asks/[Cc]onfiguration/*>
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
AdminSDK on
NESCompatEnv on
Options +ExecCGI
+ Order allow,deny
+ Allow from all
</LocationMatch>
# Handle internal commands
<LocationMatch /admin-serv/commands/*>
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
+ Order allow,deny
+ Allow from all
</LocationMatch>
# Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd
# need to add instance creation because you may want to create an instance
# of DS on a low port, and instance creation starts the instance as well
<LocationMatch
/*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create)$>
AuthUserFile /home/rich/72srv/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
## turn off the password pipe when using mod_restartd
AdminSDK off
Options +ExecCGI
RetainPerms on
+ Order allow,deny
+ Allow from all
</LocationMatch>
Show replies by date