Microsoft Home Microsoft Home
Microsoft FrontPage 2000 Server Extensions Resource Kit

Security on UNIX


 7 of 12     The FrontPage Apache Patch

On some Web servers, such as NCSA and Apache, the FrontPage Server Extensions need to modify the Web server's configuration file to mark directories containing the server extensions as executable. (The FrontPage Server Extensions also read the Web server's configuration file to learn what virtual servers there are, where the content roots are, and what directories are marked as executable.)

Because creating a subweb using the FrontPage client requires the client to write to the Web server's configuration file on NCSA and Apache Web servers, administrators cannot create FrontPage subwebs in this way. (If FrontPage allowed this, the Web server's configuration file would need to be owned by "www" or, possibly, the authors of the FrontPage-extended web, which would compromise the host system's security.) On these servers, the Fpsrvadm utility must be manually run as "root" on the host computer to modify the Web server's configuration file and create subwebs.

For the Apache Web server, FrontPage supplies an optional patch to overcome this limitation. With this patch, copies of the FrontPage Server Extensions executable files are not stored in each FrontPage-extended web, but are stored in one centralized location. This makes it unnecessary to mark directories in each Web as executable, and makes it possible for the FrontPage client to create new FrontPage-extended webs without modifying server configuration files.

The patch to the Apache Web server intercepts each call that the FrontPage client makes to the server extensions executable files. It then performs security checks, sets user ID to the owner of the Web site (thus requiring SUID/SGID operation of the server extensions and the Web content), and invokes a centralized copy of the server extensions executable files.

Note that use of the FrontPage Apache patch is optional, and the FrontPage Server Extensions will function in the Apache environment without it. Without the patch, however, users of the FrontPage client will not be able to create new subwebs.

The FrontPage 2000 Apache patch supersedes the FrontPage 98 Apache patch. While the FrontPage 2000 Server Extensions continue to support the FrontPage 98 Apache patch, the recommended configuration for increased security of the FrontPage 2000 Server Extensions on an Apache server is to use the FrontPage 2000 Apache patch.

Security

   7 of 12      TOP
 
  Last Updated June 1999
©1999 Microsoft Corporation. All rights reserved. Terms of Use. Disclaimer