LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: List Archive Web Site security problem

Michael Smith <[log in to unmask]>

Fri, 5 Jun 1998 07:45:00 -0400

text/plain (76 lines)

     Ben,

     I updated the security for the three folders (checking "replace
     security on files" and "replace security on subdirectories"), but I'm
     still get the same error when I click the [Search] button.

     I don't have a similar account for "LISTSERV" though. In the Services
     control panel "ListServer" is set to login as the "SYSTEM" account.
     It's always been that way.

     Mike

______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: List Archive Web Site security problem
Author:  [log in to unmask] (Ben Parker) at Internet
Date:    6/5/98 12:42 AM


On Thu, 4 Jun 1998 13:18:52 -0400, [log in to unmask] (Michael Smith)
wrote:

>   > SHOW LICENSE
>     License type:    Graduated
>     Expiration date: 28 Oct 1998
>     Version:         1.8c
>     Build date:      28 Mar 1997
>
>     wa.exe - 2/23/97, 10:55am
>
>     I should add that this used to work. It wasn't until I started playing
>     with user permissions that the problem started.
>
>     Current "Permission" settings:
>
>     \LISTSERV
>          Administrator            Full (All) (All)
>          Create Owner             Full (All) (All)
>          System                   Full (All) (All)
>          Everyone                 Change (RWXD) (RWXD)
>          Network                  Special (R) (RX)
>          Interactive              Special (R) (RX)
>          IUSR_LISTSERVER          Read (RX) (RX)
>
>     WWWRoot\
>          Administrator            Special (RWXD) (RWXD)
>          Administrators (group)   Full (All) (All)
>          Everyone                 Full (All) (All)
>          System                   Full (All) (All)
>
>     WWWRoot\Archives\
>          Administrator            Special (RWXD) (RWXD)
>          Administrators (group)   Full (All) (All)
>          Everyone                 Read (RX) (RX)
>          System                   Full (All) (All)
>          Interactive              Full (All) (All)
>          IUSR_LISTSERVER          Full (All) (All)
>
My system is this way:

\LISTSERV  Adminstrators            Full (all) (all)
           IUSR_xxx                 Special (R) (R)
           LISTSERV (System user acct) Full (all) (all)
           SYSTEM                   Full (all)  (all)

\WWWROOT   Adminstrators            Full (all) (all)
 (Tree)    IUSR_xxx                 Special (RX) (R)
           SYSTEM                   Full (all)  (all)

\SCRIPTS   Adminstrators            Full (all) (all)
           IUSR_xxx                 Special (RX) (RX)
           SYSTEM                   Full (all)  (all)

Note the 'everyone' account is gone entirely as a security risk.  since the
'LISTSERV' account is a System level user, it can access the wwwroot
directories as necessary as 'SYSTEM' to write its index files.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM