Controlling access to your server

ou can restrict access to your entire server or any part of it. You can specify that only certain people can see certain files, or that everyone except those people can see certain files. Note that this access restriction applies only to files and directories that your server can send to a client. It does not have anything to do with allowing people to administer your server.

For example, suppose you keep confidential employee records on your server, and you want to allow only the Personnel department to see them. You could keep all these records in a directory called records and specify that only a group of people you call Personnel can see the files in that directory. When someone tries to access a restricted document, they are prompted for a name and password. If they enter a name and password that correspond to a name-password pair in your private list of people in Personnel, they are allowed to see the requested document. Otherwise, they are told they didn't enter a valid name and/or password.

If your server has SSL enabled, the user's name and password are sent encrypted. Otherwise, names and passwords are sent openly, and can be intercepted.

When changing access control on files or directories on your server, you usually follow this process:

  1. Create a user database if needed.
  2. Enter one or more users into the appropriate user database (discussed on page 72).
  3. Choose the files and/or directories whose accessibility you want to change (discussed on page 80).
  4. Specify the default access (everyone allowed or everyone denied) for that resource (discussed on page 80).
  5. Specify which users are exceptions to the default access (discussed on page 80).

Creating, removing, and editing databases

The users and groups that you specify when setting access control are all stored in one or more databases. A database is a list of users and groups.

Netscape servers use a high-speed database format called DBM. This format can search a large database with one file system read (normal files search the database linearly).

Important
Although Netscape servers support multiple databases, you might need only one database for all your users. The main reason for maintaining multiple databases is if you have different servers installed on the same computer. A mail server might have a completely different database than a news server or a web server.

If you're only maintaining one server on your computer, however, you'll find it's easier to keep track of your users if they're all in the same database. If you need to separate your users, use the grouping features described on page 75. (Netscape servers support multiple databases because older server programs did not have grouping capabilities.)

The server stores its databases in the directory userdb, off of the root server directory. When specifying a database, use only its name, not its directory path.

Using the Manage User Databases form, you can perform three tasks with databases:

Creating a database

To create a user database for your server,

  1. In the Server Manager choose Access Control|Manage User Databases. The Manage User Databases form appears.
  2. Click the New Database radio button.
  3. In the New Database field, type a name for the database. Don't type a path because all databases are stored in /userdb. The database name can be up to 256 characters.
  4. If you don't want to protect this database with a password, click the No Password radio button. If you do want to require that a password be used when editing this database, click the Password button, and type a password in the field. To ensure accuracy, repeat the password in the field below. The password can be up to 8 characters.
  5. Click the Create New Database button, and confirm your changes.

Removing a database

To remove a user database,

  1. In the Server Manager choose Access Control|Manage User Databases. The Manage User Databases form appears.
  2. Click the This Database radio button.
  3. Choose the database from the drop-down list to the right.
  4. Type the database's password in the Existing Database Password field.
  5. Click the Remove Database button, and confirm your changes.

Changing a database's password

  1. In the Server Manager choose Access Control|Manage User Databases. The Manage User Databases form appears.
  2. Click the This Database radio button.
  3. Choose the database from the drop-down list to the right.
  4. Type the database's current password in the Existing Database Password field.
  5. If you don't want to protect this database with a password, click the No Password radio button. If you do want to require that a password be used when editing this database, click the Password button, and type a password in the field. To ensure accuracy, repeat the password in the field below. The password can be up to 8 characters.
  6. Click the Change Database Password button, and confirm your changes.

Creating, removing, and editing users

There are two types of users that you deal with in access control: users specifically entered into a database you maintain, and users from specified domains or IP addresses. This section deals with the first kind--users in a database you maintain. For more information on controlling access based on domain or IP address, see "Denying access to a resource" on page 80, and "Allowing access to a resource" on page 81.

You can have any number of users in your database, and you can put them into as many groups as you like. For example, you might want to separate your users into a Personnel group and a Sales group. You can put a user into more than one group.

You can also maintain multiple databases, but it's much easier to keep track of your users if they're in one database. (Multiple databases are remnants of older server programs that did not have grouping capabilities.)

You can create users, remove them, or change their passwords. You can also list all the users in your database.

Creating a user

To import users from an existing database, see "Importing users" on page 78. To add a user manually,

  1. In the Server Manager, choose Access Control|Create User. The Create User form appears.
  2. If needed, choose the database you want to add the user to, and type the password for the database. (Usually, you will add users to your default database, and not need to change this setting, so these fields are at the bottom of the form.)
  3. In the Login Name field, type the login name the user will use. This is the name the user will type when prompted for a name by the server. It can be up to 254 characters.
  4. In the Full Name field, type the user's full name. The user never sees this. It is to help you keep track of your users.
  5. In the Password field, type a password for the user. It can be up to 8 characters. Type it again in the next text field to ensure accuracy. The user will type this password when prompted by the server.
  6. Choose which group to place the user into. If you don't want the user in a group, choose None. When you create a user, you can only place them in one group. To add the user to another group, see "Editing a group" on page 77.
  7. Click the OK button. Confirm your changes, and the information is added to the selected database.

Removing a user

To remove users from a database,

  1. In the Server Manager, choose Access Control|Remove User. The Remove User form appears. Or choose List Users, and choose the Remove User link for the user you want to remove. (For more detailed information about the List Users form, see page 74.)
  2. In the Login Name field, type the login name of the user you want to delete.
  3. Choose the database that contains the user that you want to remove.
  4. Type the password for that database file.
  5. Click the OK button. Confirm your changes.

Editing a user

To change any of a user's information,

  1. In the Server Manager, choose Access Control|Edit User. The Edit User form appears. Or choose List Users, and choose the Edit User link for the user you want to edit. (For more detailed information about the List Users form, see page 74.)
  2. Choose the database containing the user you want to edit, and type the password for the database. (Usually, you will keep all your users in your default database, and not need to change this setting, so these fields are at the bottom of the form.)
  3. In the Edit User field, type the login name of the user you want to edit.
  4. Click the Get User Data button. The information about that user appears in the appropriate fields of the form.
  5. Change any of the information in the fields. If you want to change the password, make sure to type the new one in twice.
  6. Click the OK button. Confirm your changes.

Listing users

When you want to remove or edit a user, it's often easier to select that user from a list than to type in their exact login name. To see a list of users in a database,

  1. In the Server Manager, choose Access Control|List Users. The List Users form appears.
  2. Choose the database you want to list the users of. Type that database's password.
  3. In the Filter field, type any wildcard pattern you want to use as a filter for user names in the database. For example, if you only want to list users whose login names begin with "D", type d* into the Filter field. For more information on wildcard patterns, refer to "Understanding wildcard patterns" on page 39.

  4. Click the Show Users button. The user list appears in the form. To the right of each login name are two links: Edit User, and Remove User.
  5. To edit a user, click the Edit User link beside its login name. The Edit User form appears.
  6. To remove a user, click the Remove User link beside its login name. The Remove User form appears.

Creating, removing, and editing groups

A group is a collection of users. Using groups saves time when you set access control for parts of your server. Since you can specify that a named group is allowed or denied access, you don't have to go through the tedious process of adding each individual user to an access control list (see page 81). For example, say you have several directories on your server that you want the Sales department to see, but not the Marketing department. You create a group for each department, and specify that only the group Sales has access to the directories. Now, if someone moves from Marketing to Sales, you only have to take them out of one group and put them into the other. You don't have to change any of the access control specifications.

To save even more time, you can also put other groups into a group. For example, your Sales and Marketing groups could both be part of the group Business. A group may belong to multiple other groups.

The members of a group must all be within the same database. It's recommended that you use only one database for all your users, since your users are easier to keep track of that way, and you can more fully exploit the power of grouping. Also, user databases are shared across all servers that are installed (web servers, mail servers, news servers, and so on.), so you may want to have a different database for each server to avoid confusion.

If you need to separate your users, use the grouping features. (Netscape servers support multiple databases because older server programs did not have grouping capabilities.)

You can create or remove groups, or edit their contents. You can also list the contents of groups.

Creating a group

To create a group,

  1. In the Server Manager, choose Access Control|Create Group. The Create Group form appears.
  2. Choose the database that you want the group to be a part of, and type the password for the database. (Usually, you will keep all your users and groups in your default database, and not need to change this setting, so these fields are at the bottom of the form.)
  3. In the New Group field, type the name of the new group.
  4. If you want this new group to be a part of another group, choose that other group from the list of groups. Otherwise, choose None.
  5. Click OK. Confirm your changes. Once you have created a group, you can add a user to it by editing that user. (See page 74.)

Removing a group

Removing a group does not remove the individual users in the group from the database. To remove a group from a database,

  1. In the Server Manager, choose Access Control|Remove Group. The Remove Group form appears. Or choose List Groups, and choose the Remove Group link for the group you want to remove. (For more detailed information about the List Groups form, see page 78.)
  2. In the Group field, type the name of the group you want to remove.
  3. Choose the database that contains the group you want to remove.
  4. Type the password for that database file.
  5. Click the OK button. Confirm your changes.

Editing a group

To change a group's members,

  1. In the Server Manager, choose Access Control|Edit Group. The Edit Group form appears. Or choose List Groups, and choose the Edit Group link for the group you want to edit. (For more detailed information about the List Groups form, see page 78.)
  2. Choose the database containing the group you want to edit, and type the password for the database.
  3. From the Group drop-down list, choose the group you want to edit.
  4. Click the Get Group Data button. The information about that group appears in the appropriate fields of the form.
  5. You can change what other groups are part of this group, and what users are part of this group. To change any of the information in the lists, reselect differerent names.
    Note!
    The groups and users are not selected unless they are highlighted.

  6. Click the OK button. Save and apply your changes.

Listing groups

When you want to remove or edit a group, it's often easier to select that group from a list than to type in its exact name. To see a list of groups in a database,

  1. In the Server Manager, choose Access Control|List Group. The List Groups form appears.
  2. Choose the database you want to list the groups of. Type that database's password.
  3. In the Filter field, type any wildcard pattern you want to use as a filter for user names in the database. For example, if you only want to list groups whose login names begin with "S", type s* into the Filter field. For more information on wildcard patterns, see "Understanding wildcard patterns" on page 39.

  4. Click the List Groups button. The group list appears in the form. To the right of each login name are two links: Edit Group, and Remove Group.
  5. To edit a group, click the Edit Group link beside its login name. The Edit Group form appears.
  6. To remove a user, click the Remove Group link beside its login name. The Remove Group form appears.

Importing users

Instead of entering users manually one at a time, you can import users from an existing database into your server's user database. Your existing database must be in one of two formats: text, or NCSA-style. The difference between the two styles is that the passwords in the NCSA-style database are encrypted. No matter which file type, the format of the file should be something like this:

user1:password1
user2:password2
user3:password3
To import users from an existing file,

  1. From the Import Into Database drop-down list, choose the database you want to import the new users into.
  2. Type that database's password in the Database Password field.
  3. In the Import From Text File field, type the path and name of the file you're importing from. This file can reside locally, or on any network drive your computer can access.
  4. Netscape server user databases can store the users' passwords in encrypted form. If you want to have the new users' passwords stored encrypted, click the Yes button under the Encrypt the Passwords heading.
  5. If the database you're importing from includes users' full names, you have this information imported also, by click the Yes button under the Extract Full User Names heading.
  6. Sometimes a user in the destination database has the same login name as a user in the file you're importing from. If you want to replace such users in the destination database, click the Yes button under the Overwrite Existing Users heading. If you don't want to import users with duplicate names, click No.

Restricting access

After you have created the users you want to use in access control (see "Creating, removing, and editing users" on page 72), you use the Restrict Access form to restrict users' access to specified files. For example, say you have created two groups: Sales and Marketing. You want the Sales group to be able to see and change all the files in a directory called contacts. You don't want Marketing (or anyone else) to see the files. Using your server's access control, you specify that by default, the contacts directory is not available for any kind of access to anyone. Then you specify that the Sales group is an exception to the default access. You further specify that not only can they read the files in that directory, but they can also change them.

To change the access control for part of your server,

  1. Choose Access Control|Restrict Access. The Restrict Access form appears.
  2. Using the Resource Picker, specify the part of the server to change access control for.
  3. Turn access control on or off for the specified files by clicking the button named either Turn off access control or Turn on access control.
  4. For each type of access--read and write, set the default accessibility--Allow or Deny. Read access allows a user only to view the file. Write access allows the user to change or delete the file, assuming they also have access to the file through your server computer's operating system. (Technically, Read includes these http methods: . Write includes these: .)

    When you set these access defaults, they will apply to everyone attempting to read or write to the files or directories you specified earlier.

  5. Specify which users are the exceptions to the default accessibility for each access type by clicking the appropriate Permissions button. If the default access is Allow, the Deny Access to a Resource form appears (see page 80). If the default access is Deny, the Allow Access to a Resource form appears (see page 81). After using those forms, the server manager returns you to this form in the state you left it.
  6. Choose the response a client will see when access is denied. Under the Access Denied Response heading, click the Respond "Not Found" button to send a message to the client saying the requested file was not found. Alternatively, you can click the Respond with this text file button, and specify absolute path and filename of a text or HTML file to send instead. Whether you specify a file or not, the server also sends the HTTP error code 401 Unauthorized.
  7. Click the OK button and confirm your changes.

Denying access to a resource

In the Restrict Access form described on page 79, you set the default read and write access of a resource (a directory or group of files). If you set read or write access to allow all access by default, you can specify exceptions by clicking the Permissions button. The Deny Access to a Resource form appears.

When determining the exceptions who are denied access, you can specify users from specified hostnames or IP addresses.

First you must specify how hostnames are processed. If you want to deny users from only the exact hostnames you'll specify below, click Include specified names only. However, if you also want to deny users from alias domains of your specified hostnames, click Include aliases of specified names.

To deny users from specific hostnames or IP addresses, enter a wildcard pattern of hostnames or IP addresses in text fields. Restricting by hostname is more flexible than by IP address--if a user's IP address changes, you won't have to update this list. But on the other hand, restricting by IP address is more reliable--if a DNS lookup fails for a connected client, hostname restriction cannot be used.

Remember that the hostname and IP addresses should be specified with either a wildcard pattern, or a comma-separated list, but not both. Also, your wildcard pattern should have no nested parentheses in the expression.

Allowing access to a resource

In the Restrict Access form described on page 79, you set the default read and write access of a resource (a directory or group of files). If you set read or write access to deny all access by default, you can specify exceptions by clicking the Permissions button. The Allow Access to a Resource form appears.

When determining the exceptions who are allowed access, you can specify two types of users:

  1. Is the client's hostname automatically allowed?
  2. Is the client's IP address automatically allowed?
  3. Is the client's hostname allowed if they have the correct login and password?
  4. Is the client's IP address allowed if they have the correct login and password?
  5. Is the client's certificate valid?
  6. Are the client's login name and password valid? When a request comes in for a document, the server knows the IP address that the request is coming from. Once it has this address, it uses DNS to look up the hostname that corresponds to that IP address.

    After this step, the server tries to match the incoming host name with any hostnames specified in this form. If the client passes, the document is served. If the client fails the test, the server then checks its IP address against the restriction IP addresses. If it passes, the document is served. If it fails, then the server sends the message specified in the Restrict Access form (see page 79).

    If you will be specifying hostnames to allow users from, decide how you want the hostnames processed. If you want to allow only users from the exact hostnames you'll specify below, click Include specified names only. However, if you also want to accept users from alias domains of your specified hostnames, click Include aliases of specified names.

    To allow users from specific hostnames or IP addresses, enter a wildcard pattern of hostnames or IP addresses in text fields. Restricting by hostname is more flexible than by IP address--if a user's IP address changes, you won't have to update this list. But on the other hand, restricting by IP address is more reliable--if a DNS lookup fails for a connected client, hostname restriction cannot be used.

    Remember that the hostname and IP addresses should be specified with either a wildcard pattern, or a comma-separated list, but not both. Also be sure your wildcard pattern is not recursive--there should only be one level of parentheses in the expression.

    If someone is allowed access by virtue of their hostname or IP address, they are not prompted for a login name and password. All other users are asked for that information. To allow access to the users listed in your database, follow these steps.

  7. Choose the user database containing the users you want.
  8. Choose whether to allow everyone from that database, or only certain groups and users.
  9. Using wildcard patterns or a comma-separated list, specify the groups in the Groups field, and/or the users in the Users field. For example, if your database contained Bob, Fred, Mary, and Joe but you only wanted Bob and Mary to have access to this section, you could use a wildcard pattern of (Bob|Mary). If you leave this entry blank, all users from the database are allowed access.
  10. To further restrict access, specify any additional hostnames or IP addresses the users in the database must connect from. These Hostnames and IP Addresses fields can be left blank if your database users can be from any hostnames or IP addresses.
  11. Specify the message that a user sees when asked for a login name and password by typing it in the Login Prompt field.