System administrators are welcome to edit this page to their own needs, for instance to change the hyperlinks for local user to the URL location of the CD Rom contents, or include a link returning to the home page of their organization.
"... There is nothing special about the technique we used to restrict access. Any WWW sys admin could do it, but each site will require some time for testing within their own environment."
Anyone can access the first page as:
http://www-inst.eecs.berkeley.edu/~wirelessThat is, any file in the
~wireless/public_html
directory can be read
by the world. The WWW server automatically converts the above request
into
http://www-inst.eecs.berkeley.edu/~wireless/public_html/welcome.htmFrom this welcome page, the EECS user can access pages in the subdirectory
~wireless/public_html/eecs_only
.
Here files
can be read only from computers on EECS and CS subnets.
In all cases, the files and directories must be world-readble for the httpd server to display them at all. To made files and directories world-readable, use the commands:
for a file: chmod ugo+r filen ame for a directory: chmod ugo+rx directoryn ameThe "ugo" part means "user, group, other". These permissions have been set on all the files under
~wireless/public_html
.
Note: The URL is in fact http://www-inst.eecs.berkeley.edu/~ee290i
instead of .
http://www-inst.eecs.berkeley.edu/~wireless
. EE290i is the catalogue number
of the wireless course.
~wireless/public_html/eecs_only
. The eecs_only directory
will be entered into the access config file for access from
the "cs" and "eecs" nets only.
To test he set-up they copied just one file to eecs_only;
when restricted access appeared to work, all files except
the index.html file wre copied into the directory.
They have changed the permissions of
~wireless/public_html ~wireless/public_html/index.htm ~wireless/public_html/eecs_only ~wireless/public_html/eecs_only/welcome.htmto be world-readble. Everything else is NOT world readable so nobody can access those files via the WWW.
They found that in order for changes to our server configuration to take effect immediately on our HP system, they had to kill ALL processes that the server had started and then restart the server, rather than just restarting the single server process. That was the only caveat.
Berkeley uses the public domain http server from NCSA, available via
anonymous ftp (no password required) from ftp.ncsa.uiuc.edu
and also through http://hoohoo.ncsa.uiuc.edu
.
To restrict access for certain directories within the file space
that the httpd server can read, the file conf/access.conf is
modified. Here is an excerpt from that file, showing the lines
that limit access to the ~wireless/public_html/eecs_only
directory
to EECS and CS subnets only:
#===================================================================== # NCSA HTTPd (comments, questions to httpd@ncsa.uiuc.edu) #===================================================================== # This is the gloabal access configuration file. # Documentation for NCSA HTTPd is available from # http://hoohoo.ncsa.uiuc.edu/ # Documentation specific to this file is at # http://hoohoo.ncsa.uiuc.edu/docs/setup/access/Overview.html # http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html # # NCSA takes no responsibilty for any problems that result from the use # of this server. See the COPYRIGHT statement that came with this # distribution. #===================================================================== ### .... some data omitted for brevity ... <Directory /home/n/wireless/public_html/eecs_only> Options Indexes FollowSymLinks AllowOverride All <Limit GET> order deny,allow deny from all allow from cs eecs </Limit> </Directory>Other sys admins will need to be sure this correct for whatever httpd they might be using. Older servers may not support this feature.
Thanks to Kevin Mullally
Manager, EECS Instructional Support