Forum OpenACS Q&A: Dumb Newbie Question: Unix Permissions Yet Again

From the installation docs, I checked my installation and found /doc/sql to be wide open from the web, but for /admin ACS required a log in. The permissions on both directories are user:group of nsadmin:nsadmin. I want to lock down doc/sql but think that if I change the permissions AOL won't have access to it.

How does one allow the system access to such things yet also keep it from serving it up to the world? Thanks! Rick

"Now, you need to protect the proper administration directories of the ACS. You decide the policy. Here are the directories to consider protecting:
  • /doc (or at least /doc/sql/ since some AOLserver configurations will allow a user to execute SQL files)
  • /admin
  • any private admin dirs for a module you might have written that are not underneath the /admin directory "
it's not unix permissions; it's acs permissions. :)  Look in tcl/ad-admin.tcl where it does

ns_register_filter preauth GET "/admin/*" ad_restrict_to_administrator