NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhtman |
Interface Stability | Evolving |
The following files are used by the command-line utilities:
Configures a web site's access control lists (ACLs) . Located at site_path/conf/access.conf.
Configures the server administration ACLs. Located at /etc/http/access.conf.
Defines the content variants, encoding types, and directory preferences for a web site. Located at site_path/conf/content.conf.
Tracks all Sun WebServer instances. When htserver creates a new server instance, an entry is added to this file. Located at /etc/http/httpd-instances.httpd.conf.
Contains the web site servlet engine configuration if the servlet engine is not shared. Located at site_path/conf/site_name.site.conf.
Defines the server instance's configuration. When hthost adds a new site, it creates an entry in httpd.conf to define the site_path and web site configuration file. Located at /etc/http/instance_name.httpd.conf.
Creates an alias to a path on the file system or a redirection to a remote URL from a Uniform Resource Identifier (URI) on the host. Located at site_path/conf/map.conf.
Defines realms of user and group information used by access control lists on a Sun WebServer web site. Located at site_path/conf/realms.conf.
Defines each servlet that can be loaded by a web site. Located at site_path/conf/servlets.properties.
access.conf(4), content.conf(4), httpd.conf(4), httpd.cgi.logs(4), httpd.event.logs(4), httpd-instances.httpd.conf(4), httpd.request.logs(4), httpd.servlet.logs(4), httpd.site.conf(4), map.conf(4), realms.conf(4), servlets.properties(4)
Adds or deletes ACLs for resources on a web site. An ACL applies to any token that can be a URI on that site, whether that URI is a directory, file, servlet, CGI, or alias to another resource.
Create or deletes information about the content of resources on a web site. For directories, you can set whether they are available to browse and specify the format for directory listings. For files, you can set preferences for HTTP 1.1 content negotiation. Preferences include character set, language, compression encoding, and media type.
Associates a web site (or virtual host) with system resources, such as the server instance that hosts the site, a configuration directory, a configuration file, and a host name. Activates or shuts down web sites on a running server instance.
Adds and deletes aliases from one URI to another resource on a web site. Redirects a token to nonfile resources such as servlets, CGI scripts, or Sun WebServer GUI.
Changes passwords for users in HTPASSWD
realms. It is provided as a tool that can be incorporated in CGI or other scripts to automate password maintenance. User must be created using htrealm. Once a user is created, any system user can run htpasswd to update passwords (as long as the realm administrator name and password are specified).
Creates, deletes, and lists realm definitions for use with ACLs. It can also be used to manage users and groups in HTPASSWD
realms.
Creates and maintains Sun WebServer server instances. Each server instance is a process associated with a configuration file, and each one hosts one or more web sites. htserver can start, stop, and restart server instances. It can also enable or disable server instances.
Configures the behavior of a servlet engine. Defines and modifies servlet engine runtime, security, and logging properties; adds or removes entries in the servlets.properties file, and loads, reloads, or unloads servlets in running servlet engines.
Server instances can be started or stopped by using the htserver utility, through the Sun WebServer GUI, or executing this script. It is recommended that you use htserver or the Sun WebServer GUI.
If the command is run by root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
NAME | DESCRIPTION | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
htaccess adds or deletes access control lists (ACLs) for resources on a web site. An ACL applies to any token that can be a Uniform Resource Identifier (URI) on that site, whether that URI is a directory, file, servlet, CGI, or alias to another resource.
ACLs can restrict access by the host name or IP address of a client, or by an authenticated user or group name. Users are authenticated against a named realm (see htrealm(1m)), which defines whether passwords are stored in a Sun WebServer specific file (HTPASSWD), the operating system (UNIXSYS), in the Solaris ISP ServerTM environment, an LDAP directory of ISP subscribers (ISP), or in the SunTM Internet Administrator TMfor Solaris ISP Server (ISPADMIN).
The list subcommand can be used to list the current ACLs on a URI.
The check subcommand can be used to check whether a user name and password can access a URI.
Subcommands
The following subcommands are supported:
Adds a new ACL or permission to an existing ACL.
Checks if the specified access is allowed.
Deletes an ACL or permission to an existing ACL.
Displays help on usage.
Lists all ACLs and their permissions for a given URL or specified host.
Displays the version of htaccess.
Options
The following options are supported:
Specifies that the user or group is the administrator. Valid with the add and delete subcommands.
Specifies the group in the realms to which the permissions apply. A group is a group of users defined in the realm. Use the wild card \* to indicate that the permission applies to any group_name. Valid with the add, delete, and check subcommands.
Specifies the name of the virtual host containing the ACL. Valid with all subcommands.
Specifies the IP or domain to which the permissions apply. Internet_host can be a fully qualified or partial domain name. If the domain name is partial, the permission applies to all hosts whose fully qualified names end with the domain. It can also be a fully qualified or partial IP address. If the IP address is partial, the permission applies to all hosts whose IP address begins with the Internet_host. Use the wild card \* to indicate that the permission applies to any Internet_host. Valid with the add, delete, and check subcommands.
Specifies the name of the httpd instance. Valid with all subcommands.
Specifies the HTTP method name to which the permissions apply. The method directive is a list of ALL, DELETE, GET, POST, and PUT. Select ALL to permit all HTTP methods. Separate multiple methods with a space. The default is ALL. Valid with the add, delete, and check subcommands.
Denies access permission to the named user, group, or host. Valid with the add and delete subcommands.
Turns off prompting of password such that passwords are taken in from stdin and scripts may pipe (|) passwords. Valid with all subcommands.
Specifies the realm name. Valid with the add subcommand.
Specifies authentication scheme. Valid with the add subcommand.
The server expects user name and password information in base64 encoded text.
The server expects user name and a message digest of the password. The server must get the password in base64 encoded text locally, create a message digest, and compare it to the digest sent by the client. Valid only with htpasswd.
The server does not expect any authentication.
Specifies URI name protected by the ACL. Valid with all subcommands.
Specifies the user name to which the permission applies. A user is any user with a user name for which Sun WebServer retrieves the password from the realm name specified in the ACL. Use the wild card \* to indicate that the permission applies to any user. Valid with the add, check, and delete subcommands.
Specifies the verbose mode. Valid with all subcommands.
Allows the named user, group, or host to access the URI. Valid with the add and delete subcommands.
Specifies the name of the administrator. Valid with the add, check, and delete subcommands.
To protect the URL http://www.A.com/project/ on the server instance "sws_server" using an HTPASSWD realm "Project" with user "user1":
# htrealm add -i sws_server -h www.A.com -r Project \\ -s HTPASSWD -d realms/Project # htrealm add -i sws_server -h www.A.com -r Project -u user1 Setting password for the user user1. Password: Confirm Password: # htaccess add -i sws_server -h www.A.com -U "/project" \\ -r Project -s BASIC -m GET -u '*' -y
To delegate access control management to the user web master in the realm WebUsers:
# htaccess add -i sws_server -h www.A.com -U / -r WebUsers -s MD5 -a \\ -u webmaster
To use htaccess as a user other than root:
% htaccess add -i sws_server -h www.A.com -U / -I .domain.A.com -m PUT -z admin Enter password for admin:
To use htaccess as a user other than root and read the administration password from a file /tmp/tp/admin.pwd:
% htaccess list -i sws_server -h www.A.com -U / -z admin -p < /tmp/tp/admin.pwd
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by this utility:
Configures a web site's access control lists.
Configures the server administration access control lists.
Defines the realms used to define users for web site access control lists.
Defines the realms used to define users for server administration.
If the command is run by the root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
MD5 authentication can only be used with HTPASSWD realms.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
htcontent creates or deletes information about the content of resources on a web site.
You can set whether directories can be browsed and also sets the format for directory listings. You can also create a list of default file names to search for in the directory.
For files, you can set preferences for HTTP 1.1 content negotiation. Preferences include character set, language, compression encoding, and media type.
You can set variant information for a Uniform Resource Identifier (URI). If a URI has a set of associated file variants, the server will select the most appropriate variant based on the client's preferences and the preference settings on each file variant.
See the Examples section for more detail.
Subcommands
The following subcommands are supported:
Adds directories, options, preferences, or variants for a URI.
Deletes directories, options, preferences, or variants for a given URI.
Displays help on usage.
Lists the configured directories, options, preferences, or variants for a URI.
Displays the version of htcontent.
Options
The following options are supported:
Specifies the virtual host name. Required with all subcommands.
Specifies the name of the httpd instance. Required with all subcommands.
Specifies the URI. The URI must already exist. Required with all subcommands.
Specifies options for directory listings and default files on directory options. Valid with all subcommands. This option requires a comma-separated list of parameters to specify directory settings. Lists should be specified in order of preference. The following are the valid directory options:
Deletes all preference or variants information. Valid with the delete subcommand.
Sets the method for displaying the contents of a directory when there is no file matching one of the default file names. Valid with the add and delete subcommands. The listing_type directive can be one of the following:
Displays each directory as a hyperlink with the file size, the last modified time, and an icon next to each entry to indicate the file type.
Displays no directory contents.
Displays directory entries as plain text hyperlinks.
Specifies the file associated with the variant information (-V) or a list of default file names in a directory (-O). Use a colon (:) to separate items in a list. File names must be relative to the URI. Valid with the add and delete subcommands.
Sets the server's content negotiation preferences for the specified URI. Valid with all subcommands. This option requires a comma-separated list of parameters to specify preference settings. Lists should be specified in order of preference. The following are the valid preference options:
Deletes all preference or variants information. Valid with the delete subcommand.
Specifies the character set of the data. A character set refers to a method used with one or more tables to convert a sequence of octets into a sequence of characters. The default charset for variants is ISO-8859-1. Valid with the add and delete subcommands.
Specifies the preferred encodings or the encoding type of a variant. Encoding refers only to methods of compression. For example, gzip or compress reveals which methods have been used to encode the file. For preferences, separate multiple encodings with a colon (:). Valid with the add and delete subcommands.
Specifies the preferred languages of a variant. Languages are specified in the standard two-letter format. For preferences, separate multiple languages with a colon (:). Valid with the add and delete subcommands.
Specifies the preferred types of media of a variant. Media type is in standard MIME type format. For preferences, separate multiple media types with a colon (:). Valid with the add and delete subcommands.
Disables password prompting. Passwords will be read from stdin. Valid with the add and delete subcommands.
Specifies a user name in the web site's administration realm (serverAdmin by default), or in the realm specified by the ACL from the URI. Required with all subcommands.
Specifies variant suboptions. Valid with all subcommands. This option requires a comma-separated list of parameters to specify variant settings. Lists should be specified in order of preference. The following are the valid variant options:
Deletes all preference or variants information. Valid with the delete subcommand.
Specifies the character set of the data. A character set refers to a method used with one or more tables to convert a sequence of octets into a sequence of characters. The default charset for variants is ISO-8859-1. Valid with the add subcommand.
Specifies the preferred encodings or the encoding type of a variant. Encoding refers only to methods of compression. For example, gzip or compress reveals which methods have been used to encode the file. For preferences, separate multiple encodings with a colon (:). Valid with the add subcommand.
Specifies the file associated with the variant information (-V) or a list of default file names in a directory (-O). Use a colon (:) to separate items in a list. File names must be relative to the URI. Valid with the add and delete subcommands.
Specifies the preferred languages of a variant. Languages are specified in the standard two-letter format. For preferences, separate multiple languages with a colon (:). Valid with the add subcommand.
Specifies the preferred types of media of a variant. Media type is in standard MIME type format. For preferences, separate multiple media types with a colon (:). Valid with the add subcommand.
This example displays a page named home.html in English, French, or German based on the client's preference. There are three files: home.en.html, home.fr.html, and home.de.html.
% htcontent add -i sws_server -h www.A.com -n home.html \\ -u admin -V f=home.en.html,l=en Enter Password for admin: % htcontent add -i sws_server -h www.A.com -n home.html \\ -u admin -V f=home.fr.html,l=fr Enter Password for admin: % htcontent add -i sws_server -h www.A.com -n home.html \\ -u admin -V f=home.de.html,l=de Enter Password for admin:
To view the variants associated with a URI, use htcontent list. After Example 1, you could verify the content settings:
# htcontent list -i sws_server -h www.A.com -n home.html \\ -u admin -V Enter Password for admin: home.de.html lang = de home.fr.html lang = fr home.en.html lang = en
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following file is used by this utility:
Defines the content variants, encoding types, and directory preferences for a web site.
If the command is run by root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -u option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
hthost is used primarily to add and delete web sites. The add subcommand associates a web site (or virtual host) with system resources, such as the server instance that hosts the site, a configuration directory, a configuration file, and a host name.
The enable and disable subcommands are used to activate or shut down web sites on a running server instance. The enabled or disabled state is saved so that if the server instance is restarted, enabled sites are automatically reactivated.
Once a web site has been created on a server instance, you must edit its configuration file to further customize the site; see httpd.site.conf(4).
Subcommands
The first argument to hthost must be one of the following subcommands:
Adds a web site configuration for a host name to a server instance. The add subcommand creates a site path for configuration directories, creates a configuration file, and grants administrative rights to the given user name and optional group. The initial state of the site is enabled.
Deletes a web site configuration from a server instance. References to the site in the configuration files for the server instance are deleted, and the site is no longer available through httpd. The site's directories and files remain in place.
Disables a web site. The server instance that serves the site will not respond to requests for disabled sites.
Enables a web site, making it available through the server instance.
Displays usage information for the command.
Lists the sites supported by a server or properties of a specific site. If only an instance name is supplied, a list of all web sites on that server displays. If an instance name and a host name are supplied, then details about the web site for the host name are displayed.
Displays the version of the hthost command.
Subcommand Options
The following options are supported:
Specifies the location of the site configuration file relative to the site_path specified by -s. By default, site configuration is stored in the site_path/conf directory. Valid only with the add subcommand.
Specifies a group in the server administration realm that has ownership rights on the new site. Valid only with the add subcommand.
Specifies the host name of the site to which a subcommand applies. The host name is a token used to identify the site; no name service lookups are performed, for example, to expand a host name to a fully qualified domain name. Any form of the host name may be used for the add subcommand, but other commands must use the same form as that used when the site was added. Valid with all subcommands.
Specifies the server instance that hosts the web site. The instance name is defined uniquely for each server when it is created. Valid with all subcommands.
Specifies the administrative password. Valid only with all subcommands.
Specifies the absolute path to the web site's directory tree. The site_path contains all configuration, access control, realm, and content directories and files for the site. Valid only with the add subcommand.
Specifies a user in the server administration realm that has ownership rights on the new site. Valid only with the add subcommand.
A server administrator named serverAdmin1
creates a site named www.A.com. The site will have an administrator named user1
and have all configuration files and public documents in /opt/WWW/A.com/
.
In order for hthost to successfully create a directory for the new site, you must have write permission to the directory under which the site configuration files will reside.
# hthost add -i sws_server -h www.A.com -u user1 \\ -s /opt/WWW/A.com -f conf/A.com.httpd.conf -z serverAdmin1 Enter Password for serverAdmin1: Creating site directory: /opt/WWW/A.com Creating site configuration: /opt/WWW/A.com/conf/A.com.httpd.conf # ls /opt/WWW/A.com cgi-bin/ public/ conf/ servlets/
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by this utility:
The web site configuration file.
The server instance configuration file. When hthost adds a new site, it creates an entry in httpd.conf to defined the site_path and web site configuration file.
If the command is run by root
user, then the user name and password of an administrator are not required.
Users other than the root
must use the -z option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
The htmap command adds, deletes, and lists aliases from one Uniform Resource Identifier (URI) to another resource on a web site. By default it creates a reference from a URI token to a file or directory on disk.
htmap administers maps to establish an alias to another resource, make a resource outside of the doc_root
accessible to a client, or partition the name space into various classes of resources such as CGI, imagemap, or servlet.
The following subcommands are supported:
Adds a new map.
Deletes an existing map.
Displays help on usage.
Lists all maps.
Displays the version of htmap command.
The following options are supported:
Specifies the class file for the map. Values can be one of the following (if no -c is specified, then the class defaults to NULL):
class_type is not case sensitive.
Treats the alias as a URL to access Sun WebServer and its GUI.
Treats the aliased file or directory as a CGI resource (all files located here will be treated as executable scripts).
Treats the aliased file or directory as a resource door. Resource doors are multithreaded server daemons that run independently of the web server. With resource doors, Sun WebServer is able to pass incoming requests on to user-developed programs through the Solaris doors mechanism. For more information on Sun WebServer resource doors, refer to the "Site URL Aliases Screen" section in the online help.
Treats the alias as an imagemap resource.
Treats the aliased directory in no special way.
Treats the alias as a new URL, either on the local host or on another network location.
Treats the aliased resource_target as a servlet or a chain of servlets.
Treats the alias as an interface to server statistics.
Indicates the URI token the web server will map. Any URI that begins with this token will be redirected to the resource defined by the map class and the -t to destination.
Specifies the virtual host.
Specifies the name of the httpd instance. Valid with all subcommands.
Defines the path name or URL to the actual resource. Valid with the add subcommand.
To create a URL http://www.A.com/swshelp/
that references a directory outside of the www.A.com
document root:
# htmap add -i sws_server -h www.A.com -f /swshelp/ \\ -t /usr/http/admin_server/public/admin/help/en/
To create a URL http://www.A.com/siteadmin/
that starts the Sun WebServer GUI for administration of the web site:
# htmap add -i sws_server -h www.A.com -f /siteadmin/ \\ -t /sws-administration -c ADMIN
This example shows how to create an alias that accesses a servlet without using the standard servlet token (/servlet/
by default). To redirect http://www.A.com/calendar/
to a servlet chain that invokes a servlet named login
and then a servlet named calendar
:
# htmap -i sws_server -h www.A.com -f /calendar/ \\ -t login,calendar -c SERVLET
Note that login
and calendar
must be in the servlets path and have definitions in servlets.properties
.
To map a URL http://www.A.com/doors/door-server/
to a resource door:
%htmap -i sws_server -h www.A.Com -f /doors/door-server/ \\ -t /websites/www.A.com/doors/door-server -c DOOR -z admin
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by the command-line utilities:
Creates an alias to a path on the file system or a redirection to a remote URL from a URI on the host.
If the command is run by the root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
htpasswd is a utility used only to change passwords for users in HTPASSWD realms. It is provided as a tool that can be incorporated in CGI or other scripts to automate password maintenance.
Users must be created using htrealm(1m). Once users are created, any system user can run htpasswd to update passwords (as long as the realm administrator name and password are specified).
The following options are supported:
Specifies the name of the server instance. Valid with all subcommands.
Specifies the name of the virtual host containing the realm. Valid with all subcommands.
Turns off password prompting (for scripts). Valid with all subcommands.
Specifies the realm name. Valid with all subcommands.
Specifies a user name whose password is to be set so that the user can have permission to modify realm data. Separate multiple user names with a white space. Valid with all subcommands.
Displays verbose status messages.
Specifies the name of the administrator of the server, web site, or realm. If users omit this option, users will be prompted for the current password and then the new password. This allows users to change the password. Valid with all subcommands.
Any user can change passwords in an HTPASSWD
realm if they have the user name and password of the realm administrator. If realmadmin
is the realm administrator name, a user (or CGI script) can change the password for user1
:
% htpasswd -i sws_server -h www.A.com -r Project \\ -u user1 -z realmadmin Enter Password for realmadmin: Setting password for the user user1. Password: Confirm password:
User, for example, user1
in the WebUsers
realm, change their own passwords:
% htpasswd -h www.A.com -i sws_server -r WebUsers -u user1 Password for user user1: *** Changing password for the user user1 New Password: ***** Confirm Password: *****
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by the command-line utilities:
Defines realms of user and group information used by access control lists on a Sun WebServer web site.
In order to access the global HTPASSWD realms (/etc/http/realms/conf), omit the -i and -h flags.
This command is installed with setuid to adm
to permit end users invoking the command to have write access to the Sun WebServer configuration after performing necessary checks.
Superusers do not need to specify the -z flag, and are allowed to access any command-line utility without authentication.
If the command is run by the root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
The server will check whether a user has been designated the realm administrator, site administrator, or server administrator (in this order), where the latter two are defined as those principals who have access to the pseudo-URI ("/sws-administration") at the site-level and global access control configuration (/etc/http/access.conf).
A server administrator has access to site administration and is able to manage site realms, ACLs, and content. However, site administrators can override this setting by delegating administrators in the administrator blocks in realms, ACLs, and content configuration.
Since the HTPASSWD users' file contains encoded passwords, it should be maintained securely.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
Realms in Sun WebServer define sets of protection spaces or authentication domains consisting of user names, groups, and passwords. Sun WebServer uses realm information to determine how a user is authenticated. For example, a UNIX-based realm stores user and password information as well as group information in appropriate files or tables if distributed NIS/NIS+ is used. For HTPASSWD realms, you can define your own set of users and groups in a realm. Regardless of how the realm information is stored and accessed, the access control settings require realms to protect resources.
Realms are also differentiated based on how they are used. Two different realms can have different names with the same underlying users and groups database. This gives additional flexibility in naming the authentication domains displayed in the browser.
Most browsers display the realm name in the prompt when a user name and password are required, so the realm name should indicate to users the purpose for password protection and which user name and password to use.
The htrealm command can be used to create, delete, and list realm definitions for use with ACLs. It can also be used to manage users and groups in HTPASSWD
realms. HTPASSWD
realms are Sun WebServer specific in that their data is stored in user
and group
files with Sun WebServer configuration.
Realms in the global /etc/http/ directory are independent of any web site. These realm definitions are used only for server administration; the user names and passwords are used to log into the Sun WebServer GUI or to execute commands such as htserver. Only one such realm may be in use at any given time. The server administration realm must be defined in /etc/http/realms.conf and used to protect the /sws-administration
URI in /etc/http/access.conf.
Subcommands
The following subcommands are supported:
Adds a given realm, user, group, or member.
Deletes a given realm, user, group, or member.
Displays help on usage.
Lists all realms, users, groups, or members.
Displays the version of htrealm.
Options
The following options are supported:
Indicates that the user or group specified with the -u or -g flags has administrative privileges of the realm. The administrators must already be valid principals within the realm. Valid with all subcommands (but used most frequently to add, delete, or list realm administrators).
Specifies a directory relative to the site path where the users and groups files for an HTPASSWD realm are stored. data_dir is required and valid only if -s is HTPASSWD; or if you are running on the Solaris ISP Server software, -d can also be used when -s is ISPADMIN to specify the ISP Component ID and version. The default is site_path/conf/realms/realmname when used with an HTPASSWD realm, and "SUNWhttp-2.1" when used with an ISPADMIN realm. Valid with the add subcommand.
Specifies a set of users with permission to access the resources in the realm. Separate multiple group names with white space. Valid with all subcommands.
Specifies the name of the virtual host containing the realm. Valid with all subcommands.
Specifies the name of the server instance. Valid with all subcommands.
Specifies the individual members of the group. This is a comma-separated list. Valid with the add and delete subcommands.
Turns off the prompting for the password such that passwords are taken in from stdin, and scripts may pipe (|) passwords. Valid with all subcommands.
Specifies the realm name. White spaces must be inside double quotes. Valid with all subcommands.
Specifies the source of the realm (HTPASSWD, ISP, ISPADMIN, or UNIXSYS). Valid with the add subcommand.
Indicates that the user or group information is retrieved using the Sun WebServer users/group file format, and that user and group information will be maintained in the data directory named by realm_dir. The htrealm(1m) utility is used to create, delete, and list users and groups and modify passwords using htpasswd.
Indicates that the realm information is stored in the Solaris ISP Server shared directory service. Changes to user and group information cannot be made through Sun WebServer.
Indicates that the principals are Administrators in the Solaris ISP Server SunTM Internet AdministratorTM. The -d flag takes the ISP-component ID and version (for example, "SUNWftp-2.0").
Indicates that the operating system user and group definitions will be used to authenticate users in the realm. Changes to user and group information cannot be made through Sun WebServer.
Specifies the realm user with permission to modify realm data. Separate multiple user names with white space. Valid with all subcommands.
Displays verbose status messages. Valid with all subcommands.
Specifies the name of the realm administrator. Valid with all subcommands.
To create a site-specific realm called Subscribers
on the web site www.A.com
, you create at least one user and one realm administrator:
# htrealm add -i sws_server -h www.A.com -r Subscribers \\ -s HTPASSWD # htrealm add -i sws_server -h www.A.com -r Subscribers \\ -u user1 Setting password for the user user1. Password: Confirm Password: # htrealm add -i sws_server -h www.A.com -r Subscribers \\ -u user1 -A
A nonroot user can add a realm if a valid user name and password from the serverAdmin
realm are supplied:
% htrealm add -i sws_server -h www.A.com -r System \\ -s UNIXSYS -z admin Enter Password for admin: % htrealm list -i sws_server -h www.A.com -z admin Enter Password for admin: siteAdmin HTPASSWD - System UNIXSYS -
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by the command-line utilities:
Configures a web site's ACLs.
Configures the server administration ACLs.
Defines realms of user and group information used by access control lists on a Sun WebServer web site.
Lists the users in the HTPASSWD realm.
Entries in this file have the form username:password.
Lists the groups in the HTPASSWD realm.
Entries in this file have the following form:
group <group_name> { member1 member2 member3 }
If the command is run by root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
The htserver command creates and maintains the Sun WebServer server instances. Each server instance is a process associated with a configuration file, and each one hosts one or more web sites.
htserver can start, stop, and restart server instances. It can also enable or disable server instances. Each "enabled" server instance will be started when the machine reboots or when htserver start or htserver restart is run with no instance specified.
The list and query subcommands can be used to get information about what servers are running or enabled and what configuration files each instance uses.
Once a server instance is created, use hthost(1m) to add web sites. To modify the configuration, either use the Sun WebServer GUI (http://hostname:2380/admin/admin.html), or edit the server configuration file (see httpd.conf(4)).
The server instance named admin
is the administration server. This server instance is created when Sun WebServer is installed and listens to port 2380 on all IP addresses. The admin
server instance is used to access the Sun WebServer GUI.
Subcommands
The first argument to htserver must be one of the following subcommands:
Creates a reference to a new server instance so that it can be managed. An entry is added to the server list in httpd-instances.conf(4).
Deletes a server instance from httpd-instances.conf. This removes the server instance from Sun WebServer management, but does not delete the data or configuration files for the server or any of its sites.
Disables a server instance. Disabled instances can only be started by running htserver start instance_name, and explicitly specifying the instance name. the disable subcommand does not stop a running server instance.
Enables a server instance. Enabled instances will be started when the machine reboots or whenever htserver start or htserver restart is run with no instance named.
Solaris ISP Server has a background service that periodically checks the state of all enabled servers. If you have installed Sun WebServer as a part of the Solaris ISP Server, this service attempts to restart all enabled servers that are not running. If the restart fails due to an error in the server configuration, it disables the server and sends a message to the server administrator stating that the server has been disabled and will not be restarted automatically.
Displays usage information for this command.
Lists server instances and status information for all servers or each named instance.
Displays detailed status and statistical information about a named server instance. Also displays host and port statistics when used with the -v option. Status can be one of the following:
All processes have stopped running. Occurs when the server has been stopped or during a small time frame before the server enters Initializing status.
Server is parsing configuration files and initializing internal data structures.
All listening ports are waiting for client connections. Occurs when the server has started or restarted successfully.
Server is destroying data structures, closing connections and listeners, and killing all running server processes. After this cleanup, the server status changes to Initializing.
Server is destroying data structures, closing connections and listeners, and killing all running server processes. Same as the Restarting state except that after the cleanup process is complete, the process dies rather than returning to Initializing status.
Restarts named server instances or all of the currently running server instances.
Starts named server instances or all enabled server instances with the configuration files listed in httpd-instances.conf.
Stops named server instances or all running server instances.
Updates a named instance with the named configuration file.
Subcommand Options
The following options are supported:
Indicates that the command applies to Sun WebServer. Sun WebServer is a special server instance that allows remote administration of servers and sites through the Sun WebServer GUI.
Runs the command in verbose mode with more descriptive messages output to the screen.
The following operands are supported:
Specifies the name of a configuration file to use for a server instance. This operand is required as the last argument for the add and update subcommands.
Specifies a server by its instance name. Instance names are maintained in the /etc/http/httpd-instances.conf file. A single instance name is required with the add, update, delete, and query subcommands. Other subcommands take an optional instance name or list of instance names.
To list all server instances (nonroot users must use -z and provide a user name and password from the serverAdmin
realm):
% htserver list -z admin Enter Password for admin: Instance : sws_server Enabled : No pid : - Config file : //etc/http/sws_server.httpd.conf Instance : aws Enabled : Yes pid : 4018 Config file : /var/opt/SUNWixamc/awsconf/aws.conf Instance : SUNWixmon Enabled : Yes pid : 4020 Config file : /opt/SUNWixmon/sws/SUNWixmon.httpd.conf Instance : admin Enabled : No pid : - Config file : //usr/http/admin_server/conf/admin.httpd.conf
To create a new server named Large_Sites
with default values for the configuration file (/etc/http/Large_Sites.httpd.conf), server root directory (/var/http/Large_Sites), and site directory (/var/http/Large_Sites/websites/):
# htserver add Large_Sites Creating server configuration file: /etc/http/Large_Sites.httpd.conf Creating server root directory: /var/http/Large_Sites Creating site directory: /var/http/Large_Sites/websites/default_site Creating site configuration: /var/http/test_server/Large_Sites/websites/default_site/conf/default_site.site.conf
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
The following files are used by this utility:
The server instance configuration file.
Tracks all Sun WebServer instances. When htserver creates a new instance, an entry is added to this file.
If the command is run by the root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -z option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
A servlet engine can be defined on any Sun WebServer server instance or any individual web site. The servlet engine runs a JavaTM virtual machine that loads and executes servlets defined in its servlets.properties file.
The htservlet command defines and modifies servlet engine runtime, security, and logging properties; adds or removes entries in the servlets.properties file; and loads or unloads servlets in running servlet engines.
For subcommands where -h hostname is optional, omitting -h applies the subcommand to the shared servlet engine (server-wide setting).
Subcommands
The following subcommands are supported:
You must restart the server in order for the changes made to the configuration files to take effect.
Adds a servlet to the servlets.properties file. Adding a servlet does not imply that the servlet is automatically loaded.
Configures a default cookie for the servlet engine and writes changes to the httpd.site.conf file.
Deletes a servlet from the servlet engine and writes changes to the servlets.properties file.
Disables an option on the servlet engine and writes changes to the configuration file.
Enables an option on the servlet engine and writes changes to the configuration file.
Displays help on usage.
Lists all loaded servlets on the server.
Loads a servlet from the servlets.properties file on a running server.
Configures the log location and cycling parameters and writes changes to the configuration file.
Returns current servlet engine settings on a running server.
Reloads a servlet on a running server.
Configures the security settings for the servlet engine and writes changes to the configuration file.
Configures the session management settings for the servlet engine and writes changes to the httpd.site.conf file.
Specifies the settings on the servlet engine and writes changes to the configuration file.
Configures the pool size for servlets that implement the SingleThreadModel interface.
Unloads a servlet from the running web server.
Displays the version of htservlet.
Options
The following options are supported:
Specifies the optional initial arguments passed to the servlet. Used in the format name=value [[, name=value...]]. Valid with the add and reload subcommands.
Specifies the URL of the servlet's code base. This URL can be pointing to a directory or a JAR file. Used only for remote servlets. Valid with the add subcommand.
Specifies a comment of the cookie carrying the session ID. Valid with the cookie subcommand.
Specifies the name of the servlet main class file. Valid with the add subcommand.
Specifies the domain where cookies with session IDs are valid. For example, if a cookie has a domain of "www.A.com", then only "www.A.com" will recognize it as a valid cookie. All other servers will reject this cookie. Valid with the cookie subcommand.
Specifies the directories and JAR files for the servlet engine on the local machine. This is a colon-separated list. This option can only prepend the path specified to the original path in the file. Valid with the settings subcommand.
The path name and the file prefix for servlet log files. As new log files are created, they use this prefix and a number suffix. Valid with the log subcommand.
Specifies a servlet engine option to enable or disable. Valid options are:
Enables or disables servlet chaining. Servlet chains are a sequence of servlets executed in the specified order to fulfill one single servlet request.
Enables or disables cookie support on this server. This is a server-wide setting.
Enables or disables the server to enable a JVM. This is a server-wide setting.
Enables or disables servlet error logging.
Enables or disables session persistence in the servlet engine. If session persistence is enabled, sessions are written out to disk on server shutdown, and recovered on startup. This is a server-wide setting.
Enables or disables rewriting of URL with session ID when a protocol switch is involved, for example, switching from "http" to "https" or vice-versa.
Enables or disables loading servlets from remote sites in this servlet engine.
Enables or disables the servlet engine for the server process or web site. This is a server-wide setting.
Enables or disables session support in all the servlet engines. If the session is supported, session swapping will be enabled by default.
Allows all sites on the server to share a single servlet engine. This is a server-wide setting. If this option is disabled, each site is allowed to create its own servlet engine instance.
Enables or disables URL rewriting for this servlet engine. If enabled, session IDs are appended to URLs by either the encodedUrl() or encodeRedirectUrl() method. This is a server-wide setting.
Specifies the name of the virtual host. Valid with all subcommands.
Specifies the length of time (in minutes) a session is allowed to remain unused before becoming invalidated on this servlet engine. Valid with the session subcommand.
Specifies the name of the server instance. Valid with all subcommands.
Specifies the class path for the Java virtual machine (JVM) which may include the location of classes.zip file of JDK, JSDK, and the servlet engine. This is a colon separated list (for example, usr/lib/java/ [[:/usr/java/lib...]]). This command only prepends to the existing path. Do not put the servlets directories in the server classpath. It is a server-level setting. Valid with the settings subcommand.
Because running the command-line utility htserver restart or restarting the server from the Sun WebServer GUI does not restart the Java virtual machine, if you change server_classpath, you must kill and restart the Sun WebServer process in order for your changes to take effect.
Specifies the initial servlet pool size for any servlets implementing the SingleThreadModel interface. Valid with the single subcommand.
Specifies the maximum servlet pool size for any servlets implementing the SingleThreadModel interface. Valid with the single subcommand.
Specifies the maximum number of log files. When the log suffix exceeds this number, the next log file is created which overwrites the first log file. The default number is 7 files. Valid with the log subcommand.
Specifies the name of the cookie used to carry session IDs when cookies are enabled. Default is "swssessionid
". Valid with the cookie subcommand.
Specifies the name of the servlet. Valid with the add, delete, load, reload, and unload subcommands.
Specifies the access settings used in conjunction with the -r option. Valid with the security subcommand.
Allows local and remote servlets to access resources.
Allows access only to resources on the same host.
Allows no access.
Allows access only to resources on servlets with a code base.
Specifies the full path to the properties file for the servlet engine. Valid with the settings subcommand.
Disables password prompting, and the password is piped ("|") to the command. Valid with the add, delete, disable, enable, load, log, reload, unload, security, and settings subcommands.
Specifies the path on the local host for which cookies with session IDs are valid. Pages outside of this path cannot read the cookie. This path is relative to the document root. Default is "/". Valid with the cookie subcommand.
Specifies the maximum number of resident sessions in a servlet engine. If the maximum number has been reached, sessions are swapped out onto disk. Session swapping is enabled if sessions are enabled. Valid with the session subcommand.
Specifies the resource settings used in conjunction with the -o option for access control. Valid with the security subcommand.
Sets access permissions for file resources such as read/write a file on local disk.
Sets access permissions for links to dynamic libraries.
Sets access permissions for network resources.
Sets access permissions for security resources such as classLoaders.
Sets access permissions for system resources such as System.Exec ().
Indicates that the session cookie will include the "secure" field. Valid with the cookie subcommand.
Indicates that the servlet will be loaded at start-up. Valid with the add subcommand.
The log cycle time measured in minutes. When the log cycle time exceeds this number, a new log file is created with an incremented suffix. The default time is 1440 minutes (1 day). Valid with the log subcommand.
Specifies user name. Valid with the add, delete, disable, enable, load, log, reload, unload, security, and settings subcommands.
Specifies verbose mode for more detailed messages. Valid with all subcommands.
Specifies the directory where sessions will be swapped during session persistence or when the number of resident sessions has exceeded the maximum. Valid with the session subcommand.
Specifies the maximum age of a cookie before expiring. Valid with the cookie subcommand.
Specifies the maximum log file size measured in bytes. When the log file size exceeds this number of bytes, a new log file is created with an incremented suffix. The default file size is 1048576 bytes (1 MB). Valid with the log subcommand.
# htservlet enable -g jvm -i sws_server -u admin
To load a declared servlet on a server:
# htservlet load -i sws_server -h www.A.com -n foo -u http
To add servlets to be loaded at start-up:
# htservlet add -i sws_server -h www.A.com -n foo \\ -c FooServlet -b http://x.eng/ -a counter=1 -s \\ -u http
To add a servlet declaration (in verbose mode):
# htservlet add -i sws_server -h www.A.com -n foo \\ -c FooServlet -b http://x.eng/ -a counter=1 -v \\ -u http
To set the server classpath:
# htservlet settings -i sws_server -j /usr/jdk/lib/classes/zip:. \\ -u http
To enable cookie support on a server:
# htservlet enable -g cookie -i sws_server -u admin
To set the cookie name for the default session identifier:
# htservlet cookie -i sws_server -h www.A.com \\ -N MySessionId -u admin
To set the session swap directory:
# htservlet session -i sws_server -h www.A.com \\ -W /tmp/sessionSwapDirectory -u admin
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhtsvl |
Interface Stability | Evolving |
The following files are used by this utility:
Contains the web site servlet engine configuration if the servlet engine is not shared.
Contains the server instance servlet engine configuration if all web sites share the servlet engine.
Defines each servlet that can be loaded by a web site.
If the command is run by the root
user, then the user name and password of an administrator are not required.
Users other than root
must use the -u option and pass the user name and password of a valid administrator to the command.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | FILES | SEE ALSO | NOTES
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
Server instances can be started or stopped by using the htserver utility, through the Sun WebServer GUI, or by executing this script. It is recommended that you use htserver or the Sun WebServer GUI.
The following subcommands are supported:
Displays help on usage.
Starts all "enabled" servers in httpd-instances.conf.
Stops all servers.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttp |
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES