Difference between revisions of "Network Questions"

From CS Support
Jump to navigation Jump to search
(rework headers, fix old urls, add header and anchor link for transient storage)
Line 82: Line 82:
 
<li>Your script must be stored in your home directory in the subdirectory named <code>public_html/cgi-bin</code>. You cannot place your scripts anywhere else.</li>
 
<li>Your script must be stored in your home directory in the subdirectory named <code>public_html/cgi-bin</code>. You cannot place your scripts anywhere else.</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and the <code>cgi-bin</code> directory are not group or other writable:</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and the <code>cgi-bin</code> directory are not group or other writable:</li>
<code>
 
 
  chmod 755 ~
 
  chmod 755 ~
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html/cgi-bin
 
  chmod 755 ~/public_html/cgi-bin
</code>
 
 
<li> Finally, you must make sure your scripts are executable, but not group or other writable:</li>
 
<li> Finally, you must make sure your scripts are executable, but not group or other writable:</li>
<code>
 
 
  chmod 755 ~/public_html/cgi-bin/my-script.cgi
 
  chmod 755 ~/public_html/cgi-bin/my-script.cgi
</code>
 
 
<li> If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
 
<li> If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
<code>
 
 
  tail -f /web/logs/error_log /web/logs/suexec_log
 
  tail -f /web/logs/error_log /web/logs/suexec_log
</code>
 
 
</ol>
 
</ol>
  
Line 102: Line 96:
 
<li>Your script must be stored in your home directory under the directory named <code>public_html</code> or a subdirectory of that directory.</li>
 
<li>Your script must be stored in your home directory under the directory named <code>public_html</code> or a subdirectory of that directory.</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and every directory above your PHP script is accessible but not group or other writable:</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and every directory above your PHP script is accessible but not group or other writable:</li>
<code>
 
 
  chmod 755 ~
 
  chmod 755 ~
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html/otherdir
 
  chmod 755 ~/public_html/otherdir
</code>
 
 
<li>Finally, you must make sure your scripts are readable, but not group or other writable:</li>
 
<li>Finally, you must make sure your scripts are readable, but not group or other writable:</li>
<code>
 
 
  chmod 644 ~/public_html/index.php
 
  chmod 644 ~/public_html/index.php
 
  chmod 644 ~/public_html/otherdir/index.php
 
  chmod 644 ~/public_html/otherdir/index.php
</code>
 
 
<li>If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
 
<li>If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
<code>
 
 
  tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log
 
  tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log
</code>
 
 
</ol>
 
</ol>
  

Revision as of 10:41, 29 January 2020

What network storage is available to me?

All CIS users have home directory on the department file server to store files. Anything you place in your home directory is backed up nightly, with revisions stored going back six months.

Linux Systems

On department linux systems, your home directory is automatically mounted as $HOME. The full path of your home directory can be found using the finger command on any linux host.

finger testacct
Login: testacct       			Name: Testing Tester
Directory: /home/t/testacct         	Shell: /bin/bash
Never logged in.
No mail.
No Plan.

In this case, testacct's home directory is /home/t/testacct.

Windows Systems

On department Windows systems, your home directory should be mounted as the U:\ drive. If you are manually mounting a drive, use the URI \\files.cs.ksu.edu\<username> where <username> is your eID.

Transient Storage

If you need a large amount of space temporarily, you can request space in the transient volume (send an email to help@cis.ksu.edu). There are no quotas on directories in this volume, but there are also no backups made of files here. Support staff may also ask you to clean files out periodically to make room for others. On department linux systems, your transient directory will be found in /transient/<username>. On department Windows systems, you can mount the share \\files.cs.ksu.edu\transient\<username> to a drive letter of your choosing.

How do I setup CGI on my web page?

Please see the page on Personal Web Pages.

Why don't you have an FTP server?

FTP is a very old protocol. It was designed before security considerations were a major part of protocol design. As such, passwords to the FTP server are sent in plain text---any clever user on the network can snoop your packets and steal your password. This would allow that user to gain access to your account, which is an unacceptable violation of our security.

If you need to access your home directory from a remote location, there are two different methods for doing so. See the documentation in the CIS Systems UserGuide for Remote Access or in the FrequentlyAskedQuestions about how to access your home directory from a non-CIS computer.

How do I use HTTP authentication?

To setup password authentication for a directory in your personal web space follow these steps from a linux shell (you will want to change passwordProtectedDir to whatever name you want and use your own usernames). <your_home_dir_path> is the full path to your home directory. If you don't know what this is, use the finger command from the command prompt of any linux host ("finger <eid>", where <eid> is your eID).

cd ~/public_html/
mkdir passwordProtectedDir
cd passwordProtectedDir
htpasswd -c .htpasswd user_who_gets_access
htpasswd .htpasswd other_user
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
EOF

Now create any files you want in the directory and set permissions appropriately.

chmod o+rx ~/public_html/passwordProtectedDir
chmod o+r ~/public_html/passwordProtectedDir/*.*

If you would like your files to only be password protected off-campus, use this command to make your htaccess file.

cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
Order Allow,Deny
# This restricts access without a password to the KSU network
Allow from 12# 130.0.0/16
# This restricts access without a password to the CIS network
#Allow from 12# 130.8.0/22
Satisfy any
EOF

Why am I getting 500 Interal Server Error on all my scripts?

We use programs named suexec and suphp to make sure that all of your scripts run as you. This allows your scripts to access files that would normally be private and inaccessible by the web server. However, for security these programs will not allow your scripts to run unless the permissions set on your files and on the directories containing them are safe.

For CGI scripts, you must make sure the following are true:

  1. Your script must be stored in your home directory in the subdirectory named public_html/cgi-bin. You cannot place your scripts anywhere else.
  2. You must make sure that your home directory, the public_html directory, and the cgi-bin directory are not group or other writable:
  3. chmod 755 ~ chmod 755 ~/public_html chmod 755 ~/public_html/cgi-bin
  4. Finally, you must make sure your scripts are executable, but not group or other writable:
  5. chmod 755 ~/public_html/cgi-bin/my-script.cgi
  6. If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:
  7. tail -f /web/logs/error_log /web/logs/suexec_log

For PHP scripts, you must make sure the following are true:

  1. Your script must be stored in your home directory under the directory named public_html or a subdirectory of that directory.
  2. You must make sure that your home directory, the public_html directory, and every directory above your PHP script is accessible but not group or other writable:
  3. chmod 755 ~ chmod 755 ~/public_html chmod 755 ~/public_html/otherdir
  4. Finally, you must make sure your scripts are readable, but not group or other writable:
  5. chmod 644 ~/public_html/index.php chmod 644 ~/public_html/otherdir/index.php
  6. If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:
  7. tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log

How do I setup ssh keys?

To setup ssh keys for authentication between CIS Linux and Solaris hosts, follow these steps

chmod go-w ~
cd ~/.ssh/
chmod 700 .
ssh-keygen -t dsa
cat id_dsa.pub >> authorized_keys
chmod 600 *

How do I access the campus VPN?

See Access Through Campus VPN

How do I login remotely to CIS resources?

See Remote Access