Installing a Web server security plug-in  Configuring the SybSecurityPluginConfig.txt file

Chapter 11: Configuring the Web Server Plug-in

Installing and configuring Apache on Solaris

Pre-installation tasks for the “root” user

If you plan to use the Apache Web server with the privileged HTTP and HTTPS ports, 80 and 443 respectively, the Apache Web server must run as the root user.

You can download a copy of the Apache Web server from the Apache Web page.

StepsConfiguring the Apache Web server to run as root

  1. Change the ownership of the httpd (Web server executable) and apachectl (the command to start and stop the server) to the root user.

  2. Set the setuid file protection bit.

  3. Change to the Apache-1_3/httpd/bin directory, and grant execute permissions on these files to the group that the “sybase” user is in:

    chown root apachectl httpd
chmod 4750 apachectl httpd

Now when you start the server, the setuid permission bit causes the Web server to run as root. Once Apache has successfully connected to the HTTP and HTTPS ports, it internally changes the value of userid to “nobody,” reducing security risks.

The UNIX dynamic loader (ld.so.1) does not search the LD_LIBRARY_PATH when a process is running as root. Therefore, to use the Security plug-in for Apache (mod_sybepsecure.so), copy the EAServer client library (libjcc.so) to /usr/lib:

cp $JAGUAR/client/lib/libjcc.so  /usr/lib

StepsSetting up the Apache Web server plug-in

Verify that you have installed the Web server components option before you complete this procedure.

  1. Verify that the LD_LIBRARY_PATH environment settings contain:

  2. Set JAGUAR_CLIENT_ROOT to $JAGUAR.

  3. Set up the Apache Web server to load the plug-in:

    1. Go to $SYBASE/Security/lib/.

    2. Unjar plugins.jar.

    3. Unjar Apache.jar.

    4. Copy all .html files to the Apache Web server’s document root directory, htdocs.

    5. Copy *.so to the libexec directory under the Apache installation.

    6. Copy the sample plug-in configuration file SybSecurityPluginConfig.txt to $SYBASE, and edit it using the instructions in “Configuring the SybSecurityPluginConfig.txt file”.

    7. Edit the Apache configuration file httpd.conf, and following this line: 

      #LoadModule foo_module libexec/mod_foo.so

      Add the following lines:

      LoadModule epsecure_module libexec/mod_sybepsecure.so
AddType sec-login .com_sybase_ep_seclogin
AddHandler epcontent-handler .com_sybase_ep_seclogin

  4. Verify that EAServer and the security EJBs are running before you start Apache.

  5. Start the Apache server. Change to the http directory of the Apache installation and enter:

    bin/apachectl start

  6. Configure other Web server plug-in properties in SybSecurityPluginConfig.txt, as necessary—see Table 11-1.




Copyright © 2004. Sybase Inc. All rights reserved. Configuring the SybSecurityPluginConfig.txt file

View this book as PDF