With Sun Chili!Soft ASP for Linux, Cobalt, and UNIX-based systems, you can configure the Sun Chili!Soft ASP Server to run under either Defined User Security mode or Inherit User Security mode. The appropriate mode depends on your Web hosting environment, and has important security implications for your server. Be sure to read "Important Security Information" later in this topic, particularly if you are running a Zeus or iPlanet Web server.
· Inherit User Security mode is available only for Sun Chili!Soft ASP running with Apache. This mode is useful in shared Web hosting environments because the ASP Server runs with the permissions of the user defined for the Apache Web server. In a Web hosting environment using virtual hosts, the ASP Server runs as the user configured for the virtual host. For example, if the Web server is configured to run as user "john," when someone accesses the virtual server www.johns-site.com, the ASP Server runs under the account "john" when processing ASP page requests for www.johns-site.com. You can enable this mode from the Sun Chili!Soft ASP Administration Console, as described later in this topic
Note that ADO logging will not be functional if Inherit user security is set to yes. For information about ADO logging, see "Enabling ADO Logging" in this chapter.
· Defined User Security mode is appropriate for most corporate or dedicated Web hosting environments. In this mode, the ASP Server runs with the permissions of the user and group defined in the Sun Chili!Soft ASP configuration file, casp.cnfg. The user and group account under which the ASP Server is configured to run should have access rights to all *.asp and *.asa pages, and should also have rights to Sun Chili!Soft ASP configuration files, such as casp.cnfg and ODBC.INI. You enable this mode by setting Inherit user security to no in the Sun Chili!Soft ASP Administration Console, and then specifying a user and group in the casp.cnfg file, as described later in this topic.
Note that even if a user or group is specified in casp.cnfg, if Inherit user security is set to yes in the Administration Console, the ASP Server runs under Inherit User Security mode.
Important Security Information
If you set Inherit user security to no and do not specify a user and group in the casp.cnfg file, the ASP Server runs as root. This can compromise the security of your server.
IPlanet and Zeus Web servers do not support Inherit User Security mode, even when Inherit user security is set to yes in the Administration Console. To protect the security of your server when running Sun Chili!Soft ASP with these Web servers, you should specify a user or group in the casp.cnfg file, as described in "Editing the Chili!Soft Configuration File" in "Chapter 3: Managing Sun Chili!Soft ASP." The ASP Server then runs with the permissions of that user or group.
To set the ASP Server security mode
1. Open the Administration Console by using the following URL:
where [HOSTNAME] is the hostname of your Web server and [PORT] is the port on which the Administration Console is running (5100 by default).
2. On the ASP Server tab of the Server Management page (the first page to display when you open the Administration Console), click Settings.
The Server Settings page displays.
3. In the Inherit user security drop-down list, select yes to run under Inherit User Security mode, or no to run under Defined User Security mode. If you select no, you should edit the casp.cnfg file to add a user or group for the ASP Server to run under, as described in "Editing the Sun Chili!Soft ASP Configuration File" in this chapter. If you do not make that change, the ASP Server runs as root, which can compromise the security of your server. You should always run Web servers other than Apache under Defined User Security Mode.
4. Click Save to save your changes.
- or -
Click Cancel to revert to the last settings that were saved.
The Server Management page displays.
5. To put your changes into effect, restart the ASP Server by clicking Restart.
Restarting the ASP Server resets all Session and Application variables.
Configuring File System Access in this chapter
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Legal Notice.