|GETTING STARTED WITH APACHE WEB SERVER|
A web server is set up for CMPT 470 in 2001-1. It is Apache 1.3.11 and runs on the CSIL Sun server gemini.csil.sfu.ca:8080, port 8080. It is capable of running servlets.
Your web directory and URL
Your web directory is accessible if you are logged on to gemini.csil.sfu.ca:
The URL to use to access your area is:
If your userid is 'qyang', for example, then your web area would be:
If you are working in a group, you may choose to use the web area of one member of the group. This is not required - every student in CPMT 470 can make a web area under this server and reference web content in the area of your group members (more below on sharing files and file permissions).
Restrictions on access to gemini
CSIL is restricted from IP communications with non-SFU machines. Therefore you cannot connect to the gemini web server with a web browser running on a non-SFU computer. Here are some ideas about connecting to the gemini server when you are not actually in CSIL.
You can use the non-graphical browser lynx on any CSIL Sun to browse the gemini server. lynx does not render tables or images. However, you can use the -source option to dump the html page and transfer it to your home computer. e.g.:
You could then transfer the file tmp.html to fraser/your home computer for viewing. If you log on to the campus modems, your computer becomes an SFU computer as long as you are connected. To check something briefly, you can use the ACS express modems (but beware! if you overuse the express modems, ACS suspends your account).
If you have x-server software on your home computer, you can run netscape on fraser (which is allowed to talk to gemini and to the outside world) and x-display it to your hoe coputer. If you run linux or some other unix variant, chances are you have X. There used to be free x-server software for Windows, but not any longer, it seems. If anyone finds one, please let csilop know.
Sharing files/file permissions
Typically in unix files are shared via group permissions. A unix group for each project group is not possible, as ACS controls the NIS groups, so we recommend that you instead use the ACL (access control list) feature of Solaris. The commands to check and set ACL permissions are getfacl and setfacl (analogous to chmod).
The man pages are dense, to say the least. A short but reasonable tutorial is available at
ACLs are most easily set from a file. Two sample files are available on gemini in:
providing a typical set of ACL permissions for your directory and for your files.
If your userid is 'qyang', and your group members are 'hsiao' and 'sumo', to give them permissions on your web directory and files, do the following:
set up templates with the ACL permissions you'll need.
Edit the files, replacing "partner1" and "partner2" with your partners' userids, in this case, 'hsiao' and 'sumo'. The settings in those files include rwx permissions for you and your group partners, as well as access for the user 'nobody', the userid the web server runs under.
Give your partners rwx permissions on the directory, and give nobody (the user for the web server) permission to retrieve files:
To check that the permissions were set:
Use this method to set permissions on any subdirectories you need to share with your group. The default entries for directories coming from the ACLdir file should set group-friendly permissions on files created in your directory, but for files copied from elsewhere or whose permissions get messed up, you can use the tempalte in ACLfile to reset the permissions:
Note: The tutorial says you must set your umask to 0 (man umask) while working in an ACL protected directory, so that your umask does not override the ACL settings. Experimenting, we did not encounter the bad effects they describe from having a non-zero umask, so in the examples we do not do it.
However, below we show starting a subshell (csh), setting the umask to 0 in that subshell, setting the permissions, then exiting the subshell back to the original shell.
The umask would be normal in the original shell.
Password protection on web server
Regarding password protection on the apache web server. this can be done in a fixed manner in the configuration file, or on an as-needed user-controlled per-directory basis, by anyone who can create files in the directory.
In the user-controlled case the required items are a file called .htaccess in the directory to be protected (all subdirectories are protected also) and a password file. a sample .htaccess file is:
#-------------------------------------------------------------------- AuthUserFile /dir1/dir2/dir3/.htpwd AuthGroupFile /dir1/dir2/dir3/.htgrp AuthName "my project" AuthType Basic