 | ||
|
| ||
| ||
|
| ||
Microsoft Corporation
Updated April 15, 1999
Using the Fpsrvadm utility, you can change the execute permissions of the server extensions executable files to SUID/SGID (Set User ID/Set Group ID). This forces the server extensions to be executed with the file-system permissions of the owner of shtml.exe, author.exe, and admin.exe. When suitable permissions for each customer's content area are applied, the Microsoft® FrontPage® Server Extensions (and any other CGI scripts) for one customer are prevented from writing to the content areas of other customers.
Setting the server extensions to SUID/SGID for the owner of each FrontPage-extended web is the recommended configuration for the FrontPage Server Extensions on UNIX servers. Existing installations of the FrontPage Server Extensions earlier than version 3.0 should be upgraded to use SUID/SGID operation of the server extensions and unique ownership of the Web content. New installations of the FrontPage Server Extensions that are performed with the Fpsrvadm utility or the fp_install.sh installation script will automatically prompt you to configure the server extensions for SUID/SGID operation.
The FrontPage Server Extensions do not require root access at any time. However, the Fpsrvadm utility and the fp_install.sh installation script should be run as "root," because they set execute privileges of the extensions to SUID. Because fp_install.sh is written as a shell script, you can review it before running it on the Web server.
Note that, even if you do not force the FrontPage Server Extensions to run SUID, the server extensions are secure because they will still prevent users from writing to FrontPage-extended webs for which they do not have authoring or administrative permissions. However, SUID has two benefits:
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Back to top