On Chili!Soft ASP 3.6 for Linux, Cobalt, and UNIX-based systems, you can configure the Chili!Soft ASP Server to run under either Defined User Security mode or Inherit User Security mode. The appropriate mode depends on your Web-hosting environment and has important security implications for your server. Be sure to read "Important Security Information" later in this topic, particularly if you are running a Zeus or Netscape Web server.
· Inherit User Security mode is available only for Chili!Soft ASP running with Apache Web Server. This mode is useful in shared Web hosting environments because the ASP Server runs with the permissions of the user defined for the Apache Web Server. In a Web hosting environment using virtual hosts, the ASP Server runs as the user configured for the virtual host. For example, if the Web server is configured to run as user "john," when someone accesses the virtual server www.johns-site.com, the ASP Server runs under the account "john" when processing ASP page requests for www.johns-site.com. You can enable this mode from the Chili!Soft ASP Administration Console, as described later in this topic.
· Defined User Security mode is appropriate for most corporate or dedicated Web-hosting environments. In this mode, the ASP Server runs with the permissions of the user and group defined in the Chili!Soft ASP configuration file, casp.cnfg. The user and group account the ASP Server is configured to run under should have access rights to all *.asp and *.asa pages and should also have rights to Chili!Soft ASP configuration files, such as casp.cnfg and ODBC.INI. You enable this mode by setting Inherit User Security to no in the Administration Console and then specifying a user and group in the casp.cnfg file, as described later in this topic.
Note
Even if a user or group is specified in casp.cnfg, as long as Inherit User Security is selected in the Administration Console, the ASP Server runs under Inherit User Security mode.
Important Security Information
- If you set Inherit User Security to no and do not specify a user and group in the casp.cnfg file, the ASP Server runs as root. This can compromise the security of your server.
- Netscape and Zeus Web Servers do not support Inherit User Security mode. When running Chili!Soft ASP with one of these Web servers, to protect the security of your server, you should set Inherit User Security to no and then define a user or group in the casp.cnfg file. For more information about adding users and groups to casp.cnfg, see "Editing the Chili!Soft ASP Configuration File" in this chapter.
To set the ASP Server security mode, use the following procedure.
To set the ASP Server security mode
1. If necessary, open the Chili!Soft ASP Administration Console by using the following URL:
where [HOSTNAME] is the hostname of your Web server and [PORT] is the port on which the Administration Console is running (5100 by default).
2. On the ASP Server tab of the Server Management page (the first page to appear when you open the Administration Console), click Settings.
The Server Settings page displays.
3. In the Inherit user security drop-down list, select yes to run under Inherited User Security mode, or no to run under Defined User Security mode. If you select no, you should edit the casp.cnfg file to add a user or group for the ASP Server to run under, as described in " Editing the Chili!Soft ASP Configuration File" in this chapter. If you do not, the ASP Server runs as root, which can compromise the security of your server. You should always run Web servers other than Apache Web Server under Defined User Security Mode.
4. Click Save to save your changes.
– or –
Click Cancel to revert to the last settings that were saved.
The Server Management page displays.
5. To put your changes into effect, restart the ASP Server by clicking Restart.
Note
Restarting the ASP Server resets all Session and Application variables.
See also:
Configuring File System Access in this chapter
Copyright 2001 Sun Microsystems, Inc. All rights reserved. Legal Notice.