[0001] [0002] [0003] [0004] [0005] [0006] [0007] [0008] [0009] [0010] [0011] [0012] [0013] [0014] [0015] [0016] [0017] [0018] [0019] [0020] [0021] [0022] [0023] [0024] [0025] [0026] [0027] [0028] [0029] [0030] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0039] [0040] [0041] [0042] [0043] [0044] [0045] [0046] [0047] [0048] [0049] [0050] [0051] [0052] [0053] [0054] [0055] [0056] [0057] [0058] [0059] [0060] [0061] [0062] [0063] [0064] [0065] [0066] [0067] [0068] [0069] [0070] [0071] [0072] [0073] [0074] [0075] [0076] [0077] [0078] [0079] [0080] [0081] [0082] [0083] [0084] [0085] [0086] [0087]
|1Web Document |*Upd||ate|| |^ The |*Upd||ate facility allows Web documents and file environments to be administered from a standard browser. This facility is available to Web administrator and user alike. Availability and capability depends on the authorization environment within the server. |^ It |*should be stressed|| that this is not designed as a full web administration or authoring tool, and for document preparation relies on the editing capabilities of the "<textarea>" widget of the user's browser. It does however, allow |*ad-hoc changes|| to be made to documents fairly easily, as well as allowing documents to be deleted, and directories to be created and deleted. |^ Consult the |link%|/httpd/-/updhelp.html|current |*Upd||ate documentation| for usage detail. |^ And depending on site configuration |link%|/upd/wasd_root/| an example of the interface. |0Update Access Permission|| |^ Of course, the user must have write (POST/PUT) access to the document or area on the server (i.e. the |/path||) and the server account have file system permission to write into the |_parent directory||. |^ Contact the Web Administrator for further information on the availablility of authentication and authorization permissions to do online updates of Web paths. |^ The server will report "Insufficient privilege or object protection violation ... /path/" if it does not have file system permission to write into a directory. |^ Write access by the server into VMS directories (using the POST or PUT HTTP methods) is controlled using VMS ACLs. |*This is in addition to the path authorization of the server itself of course!| The requirement to have an ACL on the directory prevents inadvertant mapping/authorization of a path resulting in the ability to write somewhere not intended. |^ Two different ACLs implement two grades of access. |number| |item| If the ACL grants |*CONTROL| access to the server account then only VMS-authenticated usernames with security profiles can potentially write to the directory. Only potentially, because a further check is made to assess whether that VMS account in particular has write access. |^ This example shows a suitable ACL that applies only to the original directory: |code| $ SET SECURITY directory.DIR - /ACL=(IDENT=HTTP$SERVER,ACCESS=READ+CONTROL) |!code| This example shows setting an ACL that will propagate to created files and importantly, subdirectories: |code| $ SET SECURITY directory.DIR - /ACL=((IDENT=HTTP$SERVER,OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE+CONTROL), - (IDENT=HTTP$SERVER,ACCESS=READ+WRITE+DELETE+CONTROL)) |!code| |item| If the ACL grants |*WRITE| access then the directory can be written into by any authenticated username for the authorized path. |^ This example shows a suitable ACL that applies only to the original directory: |code| $ SET SECURITY directory.DIR - /ACL=(IDENT=HTTP$SERVER,ACCESS=READ+WRITE) |!code| This example shows setting an ACL that will propagate to created files and importantly, subdirectories: |code| $ SET SECURITY directory.DIR - /ACL=((IDENT=HTTP$SERVER,OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE), - (IDENT=HTTP$SERVER,ACCESS=READ+WRITE+DELETE)) |!code| |!number|