Logo address

Next Step To Do

目次

2006/08/22

This page gives some more informations for those basic installation have finished.

You need not read this page if you don't have files to be authenticated,
and if you need not to have virtual documents.

Supporting Digest Authentication

Directory "/usr/web/etc/nonce" is used for digest authentication. The directory is a database of issued challenges and received responses that prevents replay attack. The data will be accumulated in the directory. Therefore old data must be removed from the database.

A tool called "crob" is provided for this purpose. The usage example is

	crob -1d /usr/web/etc/nonce
which removes old data that elapsed a single day from "/usr/web/etc/nonce".

You will find "crob" at http://plan9.aichi-u.ac.jp/netlib/cmd/.

Then, how to execute "crob" automatically every daty? This is a job suitable for "cron". If you have "/cron/web/cron" on your server "venus" with the content:

0 3 * * * venus /usr/local/bin/386/crob -1d /usr/web/etc/nonce
then "crob" will be executed every day at 3:00 am, where I assumed "crob" is installed in "/usr/local/bin/386/".

Note that the owner of "/cron/web/" must be "web", otherwise the jobs will not be executed. Plan 9 command "cron" has a option "-c" to create user's "cron" under "/cron". Then, how to become user "web"? I have a tool named "su" that works like UNIX "su".

Using "su", you, host owner of the server, can become "web":

	cpu% su web
	su# auth/cron -c
	su# echo '0 3 * * * venus /usr/local/bin/386/crob -1d /usr/web/etc/nonce' >/cron/web/cron
	su#

Configuring authentication

Please look "$web/etc/passwod" for this topic.

Installing CGI tools

Place CGI tools to "/usr/web/bin/386" and "/usr/web/bin/rc". Other directories under "/usr/web/" should be empty (except "/usr/web/etc/nonce/").

Pegasus package contains some CGI tools. Letting "$pegasus" be the installed directory, "$pegasus/cgitools/" is the place. Some of them are:

You will find some more tools at my web site: http://plan9.aichi-u.ac.jp/netlib/cmd/

Directories under $web

Httpd root is denoted by "$web" in the following explanation. "$web" for user alice is (if not specified in "/sys/lib/httpd.rewrite"):
	/usr/alice/web
On the other hand, "$web" for real host and virtual hosts are defined in "/sys/lib/httpd.rewrite". For example "$web" for real host will be "/usr/bob/www" if we define
	/	*/usr/bob/www
in "/sys/lib/httpd.rewrite".

Each "$web" has directories:

	doc
	etc
	bin/386
	bin/rc
where

Configuring CGI hander

A file "$web/etc/handler" defines the relation between requested path and the script invoked by the request. The handler is managed by the person who owns web document.

The role of this file is to pass the request from client to the specified program.
Typical contents of handler is:

# suffix             mimetype  hctl   execpath arg ...
/netlib/*/index.html text/html 	0 	/bin/ftp2html
*.http                  -       1       $target
*.cgi			-	+	$target
*.html               text/html	0       $target
*.tt                 text/html  0       /bin/peep $target
This is what I am using. The first line is a comment. The first field is path pattern of requested path. The "$target" that may appear after fourth field is the path name. A line that contains "*.html" defines files so called CGI. This line says that if a file with extension ".html" and with executable bit for httpd is requested then execute the file. The output format is text/html and ramfs is provided. This means the file extension of CGI is determined not by Pegasus but by user.
Table of "$web/etc/handler" determines action against requested path. Requested file need not be present. See "execution handler" for more more information.

CGI and security

Pegasus allows all users to have CGI environment if host administrator configure "/lib/namespace.httpd" for CGI. Pegasus thinks that CGI should not be served only to administrator.
Pegasus is designed in considering that it should be attack proof against malicious system user. However Pegasus has not been examined in the system with malicious users.