Access File Settings

Security on UNIX

^{5 of 12} Access File Settings

FrontPage relies on access files to add FrontPage-extended web administrators, authors, and browsers (site visitors) with the proper permissions to the Web server's account list, and to protect content and programs in FrontPage-extended webs.

FrontPage creates a directory named _vti_pvt for the root web and for each subweb. In each FrontPage-extended web with unique permissions, the _vti_pvt directory contains the following two files:

service.pwd contains the list of users and encrypted passwords for the FrontPage-extended web.
service.grp contains the list of groups (one group for authors and one for administrators), and the users within each group.

On Netscape servers, there are no service.pwd or service.grp files. The Netscape password files are:

administrators.pwd for administrators.
authors.pwd for authors and administrators.
users.pwd for site visitors, authors, and administrators.

An access file in the _vti_bin directory controls access to the browse-time FrontPage program, shtml.exe. If all users have browse permission, this is set in the access file. Otherwise, the access file points to a list of users and groups with browse access. A separate access file in the _vti_adm directory sets POST permissions for the administrative program, admin.exe. A third access file in the _vti_aut directory sets the POST permissions on the authoring program, author.exe.

When you use the Permissions or Security command in the FrontPage client to give a user browse access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the single service.pwd file (or, on Netscape servers, users.pwd) pointed to from the _vti_bin directory's access file. Also, when an IP address restriction is set on browse access to a FrontPage-extended web, this restriction is added to the _vti_bin directory's access file.

When you give a user authoring access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the service.pwd file and to the Authors group in the service.grp file pointed to from the access files stored in the _vti_bin and _vti_aut directories. This enables the user to send HTTP POST requests to author.exe and use the browse-time program, shtml.exe. (On Netscape servers, the process is similar.)

When you give a user administrative access to a FrontPage-extended web, the user is given an account on the Web server. This is done by adding the user's name and password to the service.pwd file and to the Administrators group in the service.grp file pointed to from the access files stored in the _vti_bin , _vti_aut, and _vti_adm directories. This enables the user to send HTTP POST requests to admin.exe, author.exe, and shtml.exe. (On Netscape servers, the process is similar.)

The set of access files for a FrontPage-extended web is illustrated in the following two tables.

Table 1 Access Files and UNIX File Permissions for the Content of a FrontPage-Extended Web

Web directories or content	Access list
root web Example: \	Root Web Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
root directory content files Example: default.htm logo.gif guestbook.htm etc.	Default Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
subdirectory and content files Example: \subdir1 content.htm other.gif etc.	Default Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
executable sub-directory and contents files Example: \executable-subdir1 program.exe etc.	Executable Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
results directory and content files Example: \guestbook_results form_results.htm	Results Directory Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid

Table 2 Access Files and UNIX File Permissions for the _vti Directories Created by FrontPage

Web directories or content	Access list
root web	Runtime Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
\_vti_bin shtml.exe	Runtime Access List site visitors (GET, POST) authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
\_vti_bin\_vti_aut author.exe	Authors Access List no site visitors authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
\_vti_bin\_vti_adm admin.exe	Administrators Access List no site visitors no authors administrators (GET, POST) UNIX: rwxr-xr-x uid/gid
\_vti_log authoring logs \_vti_txt text index \_vti_pvt configuration	Miscellaneous Access List no site visitors authors (GET, POST) administrators (GET, POST) UNIX: rwxr-xr-x uid/gid

	^{5 of 12}	TOP

	Last Updated June 1999 ©1999 Microsoft Corporation. All rights reserved. Terms of Use. Disclaimer