README - Microsoft FrontPage Server Extensions Version 2.0

Table of Contents

Introduction

This documents version 2.0 of the Microsoft FrontPage Server Extensions for UNIX. These are used with the FrontPage client (Editor and Explorer) to manage the content of an HTTP web. The FrontPage Server Extensions are not an HTTP server; they are CGI scripts that work with a variety of existing HTTP servers. For each supported HTTP server we provide a separate README file with information specific to that server.

System Requirements

These extensions have been tested on the following web servers:

• Apache 1.0.5, 1.1.1
• CERN 3.0
• NCSA 1.5c, 1.5.2 (we do not support 1.5.1)
• Netscape Commerce Server 1.12
• Netscape Communication Server 1.12
• Netscape Enterprise 2.0
• Netscape FastTrack 2.0

on the following operating systems:

• BSD/OS 2.1
• Digital UNIX 3.2c, 4.0 (Alpha)
• IRIX 5.3, 6.2
• Linux 3.0.3 (from Red Hat software)
• Solaris 2.4, 2.5
• SunOS 4.1.3, 4.1.4
• HP-UX 9.03, 10.01

The Server Extensions take approximately 9 Mb of disk space. Installing the Server Extensions onto your web content requires an additional 5Mb unless the content is on the same disk partition as /usr/local/frontpage. Also, FrontPage's optional full-text search indexes can take up to the same amount of disk space as your textual content.

We recommend that your server machine have at least 32 Mb of RAM.

This release can be used with version 1.1 or later of the FrontPage client.

Security Considerations

The FrontPage server extensions provide powerful capabilities to FrontPage clients, including the ability to modify web content and, in some cases, modify the web server's configuration. UNIX web servers run all CGI programs as the same user. Giving these capabilities to one CGI program gives it to all CGI programs. If you do not trust your authors not to subvert your web security by uploading rogue CGI programs then you should do one of the following things:

1. Disallow CGI uploads through FrontPage. Also, either disallow any other access to the web content area or else allow only FTP access and disallow the ability to create executable files.
2. Use the FrontPage Web Presence Provider's Kit. This allows you to configure your server extensions so that they are installed with setuid permissions to the author's account.

In general, if you are planning on putting the server extensions into production use (rather than simply evaluating them) then you should understand the security implications of the FrontPage Server Extensions.

Select the FrontPage User and Group

All UNIX web servers let you specify the user and group under which all CGI programs, including the FrontPage server extensions, are invoked. If you have not done so already, we recommend that you create a special user and group for this purpose. These are commonly named www. In this document we call these the FrontPage user and the FrontPage group.

Note:

We do not recommend using nobody as the FrontPage user because nobody is not typically a login account. When performing any manual maintenance on your webs, you must always remember to wrap your commands with "su nobody -c 'umask 002 ; ...'" or to manually "chown" and "chmod" all affected files afterward. This process is clumsy and error-prone.

Select the FrontPage User's umask

Decide on the file access mode for files maintained by the FrontPage Server Extensions. The Server Extensions create all files with unrestricted access (777). You should restrict this access through the umask command in the FrontPage user's shell reconfiguration file. If you want to share access with other users in the FrontPage group then you should set the umask to 002, resulting in access modes of 664 for files and 775 for directories. If you want to restrict access to only the FrontPage user then you should set the umask to 027, resulting in access modes of 640 for files and 750 for directories. For more information on file access modes, see the intro(2) and umask(1) UNIX man pages.

After setting up the user account for FrontPage, login(1) or su(1) to this account before doing any manual administration, such as modifying files, running the FrontPage Server Administrator, or installing servers.

Contents of the Release

The release consists of a tar file named vt20.platform.tar, where platform is the name of your UNIX platform.

Installation

If you are upgrading from FrontPage 1.1 then do the following, otherwise follow the full instructions.

1. Do step 1 below. Install the FrontPage Server Extensions into the same location as you did for the earlier release by untarring the release over your earlier installation. Or, if you install it in a different location, copy the *.cnf files from your previous installation area to the new location.
2. Run /usr/local/frontpage/version2.0/bin/fpsrvadm.exe. Choose the "upgrade" option. When prompted, provide the TCP/IP port number of the HTTP server with the earlier version of the FrontPage Server Extensions software.
3. The upgrade is now complete. You can skip the remainder of this section. Go to the next section for more information about the FrontPage Server Extensions.

1. Install the FrontPage Server Extensions

The installation kit is a tar file named vt20.platform.tar, where platform is the name of your UNIX platform. It contains a single directory named frontpage. It should be installed as /usr/local/frontpage.

1. Become the root user.
2. Create the /usr/local/frontpage directory by doing the following:

   cd /usr/local
   mkdir frontpage
   chown www frontpage # Replace www with your FrontPage user
   chgrp www frontpage # Replace www with your FrontPage group
   chmod 775 frontpage # Replace 775 with your directory access mode                                        

   If you do not have enough space on your /usr/local partition you can put the installation elsewhere and create a soft link from /usr/local/frontpage. For example, if you have space under the /www directory, do the following:

   cd /www
   ln -s /www/frontpage /usr/local/frontpage
   mkdir frontpage
   chown www frontpage # Replace www with your FrontPage user
   chgrp www frontpage # Replace www with your FrontPage group
   chmod 775 frontpage # Replace 775 with your directory access mode                              

3. su(1) or login(1) to your FrontPage user account and install FrontPage from the tar file. For example, if vt20.solaris.tar is in /usr/tmp, do the following:

   cd /usr/local
   tar xvf /usr/tmp/vt20.solaris.tar                  

This will install the following files:

frontpage/version2.0/bin/fpsrvadm.exe  # FrontPage server administrator
frontpage/version2.0/bin/_vti_inf.html # FP Config file for FP root webs
frontpage/version2.0/bin/postinfo.html # WebPost Config file for FP root webs
frontpage/version2.0/nls/cp_*.nls      # Code Pages for localized HTML pages
frontpage/version2.0/_vti_bin/...      # FrontPage extensions (CGI programs)
frontpage/version2.0/doc/*             # This documentation
frontpage/version2.0/LICENSE.TXT       # End-user license agreement 

2. Install and configure your HTTP server

If you are installing a new web server to use with FrontPage follow the installation instructions in the README file for your server. Then go ahead to step 3.

• Apache
• CERN
• NCSA
• Netscape Commerce Server
• Netscape Communication Server
• Netscape Enterprise 2.0
• Netscape FastTrack 2.0

If you are currently running one of the supported HTTP servers and want to use FrontPage with it, make sure that your web's configuration files are accessible to the FrontPage user. If you're not sure that everything is correctly accessible, become the root user and do the following:

cd config_dir          # Replace config_dir with server's config file dir
chown -R www .         # Replace www with your FrontPage user
chgrp -R www .         # Replace www with your FrontPage group
chmod -R u+rw,go+r-w . # Replace with your access mode

Next, edit the server's configuration to change the UserId, User, GroupId and/or Group directives to correspond to the FrontPage user and group.

3. Run your HTTP server as the FrontPage user if possible

If your web server is using a protected port (a port less than 1025), the web server must run as root. This raises some important security concerns. Also, see the section on restarting the server, which describes how this limits FrontPage.

If your web server is not using a protected port, run it as the FrontPage user. If you start your web server from /etc/rc, edit the appropriate file to add a "/bin/su www -c 'umask 022 ; ...'" wrapper around the httpd command.

4. Set the file protection of any existing web pages

If you have existing web content, you should make sure that all your web's directories and files and the web server itself are accessible to FrontPage. If you're not sure that everything is correctly accessible, become the root user and use the following commands:

cd content_dir         # Replace content_dir with server's DocumentRoot
chown -R www .         # Replace www with your FrontPage user
chgrp -R www .         # Replace www with your FrontPage group
chmod -R u+rw,go+r-w . # Replace with your access mode

Note:

Before you install the FrontPage Server Extensions, back up your existing web content.

5. Install FrontPage Server Extensions onto the HTTP server

At this point you should have unpacked the installation kit and you should have a running HTTP server. Verify that you can browse to your server.

Before installing the FrontPage Server Extensions onto the HTTP server, you need to know the following:

• the kind of HTTP server you are running
• if your server can be automatically restarted or if it must be manually restarted (see "Restarting the Server" for more details)
• where the server configuration file is, for example: /cern_3.0/config/httpd.conf or /www/apache_1.1.1/conf/httpd.conf
• a name and password for the administrator of the root web. (These do not have to correspond to a UNIX user account.)

Installing FrontPage onto an HTTP server does the following:

• Creates a configuration file in /usr/local/frontpage. The configuration file is named either wexxxx.cnf or host:xxxx.cnf, where xxxx is the port number of your server and host is its name or IP address. The second form is used when a server is set up for multihoming.
• Creates several subdirectories under your content directory, most beginning with the prefix _vti_. These contain support files and the CGI programs used by the FrontPage client to administer your content.
• Modifies your HTTPD configuration files to mark certain _vti_ directories as containing executables.
• Attempts to restart your HTTP server, if it is running and can be automatically restarted.

Note:

Before proceeding, use login(1) or su(1) to become the FrontPage user.

To install the FrontPage Server Extensions onto your HTTP server, run the FrontPage Server Administrator.

cd /usr/local/frontpage/version2.0/bin
fpsrvadm.exe

Choose option 1, "install". The FrontPage Server Administrator will ask for the information listed above and then perform the installation.

Notes:

• If your server is a manual restart server, then you must restart it with a "kill -HUP" signal after using the FrontPage Server Administrator to install the FrontPage Server Extensions onto your HTTP server.
• If you interrupt the program or enter incorrect information, you may get into a state where you can neither install nor uninstall the software. If this happens you should manually remove FrontPage's configuration file for the server and content/_vti_pvt/services.cnf (where content is the DocumentRoot of your web). FrontPage's configuration file for the server is in /usr/local/frontpage and is named either wexxxx.cnf or host:xxxx.cnf, where xxxx is the port number of your server and host is its name or IP address. Then run fpsrvadm.exe with the install option again.

You can now use the FrontPage Explorer to open or create a web on this server.

To Remove the Software

Uninstall FrontPage from the HTTP server.

For this step you need to know the port number used by each HTTP server that has the FrontPage Server Extensions installed. You should also be running from an account that has write access to both /usr/local/frontpage and the server's content area.

1. Run /usr/local/frontpage/version2.0/bin/fpsrvadm.exe and choose the "uninstall" option. Type in the port number when prompted. Repeat for each server that has FrontPage installed.
2. Note that this step does not remove all files that have been added by FrontPage, only those that cannot be reproduced. The _vti_cnf and _vti_pvt directories are left and can be removed manually.

Uninstall the FrontPage executables

Type the following command:

rm -r /usr/local/frontpage

Restarting the Server

When FrontPage creates a new web, it modifies the HTTP server's configuration files. For the server to use this new configuration information, the server must be restarted. FrontPage attempts to do this automatically, but cannot in a few cases:

FrontPage cannot restart servers that support "preforking".

FrontPage supports preforking NCSA and Apache servers by having you manually restart the HTTP server when necessary. For example, to indicate the presence of a preforking NCSA server, specify "ncsa-manual-restart" as the HTTP server type during installation.

When the server supports preforking and you try to create a web using the FrontPage Explorer's File: New Web menu option, you will eventually receive this error:

The "webname" web has been created. The web server "servername" must be manually restarted before proceeding.

When you receive this message, restart the server. You typically do this by sending a HUP signal to the currently running server process(es).

After restarting the server, continue the creation of your web, by doing the following in the FrontPage Explorer:

• Choose OK in the error dialog box.
• In the FrontPage Explorer, select File: New Web again
• Select the desired template or wizard
• Check the "Add to current web" checkbox
• Choose OK

Until you restart your server after receiving the above error message, you will be unable to access new webs from FrontPage. FrontPage will generate errors such as:

There is no web named "webname".

An HTTP server error has occurred. The HTTP server may not have the FrontPage Server Extensions installed or may be misconfigured or you may have specified an invalid proxy server. (HTTP code XXX)

The server's CGI programs must run under the same user account as the HTTP server itself.

The FrontPage Server Extensions run under the server as a CGI program. In order for the FrontPage Server Extensions to send the restart signal to the HTTP server, the server's CGI programs must run under the same user account as the HTTP server itself. This is impractical if your server runs on a protected port because the server must run as root and running CGI programs as root is extremely dangerous.

If your FrontPage Server Extensions run under a different user account than the HTTP server, you should set your server type to one of the "manual-restart" types. If you do not, you will receive the error message "Error restarting server process %d" when creating new webs. When you receive this message, restart the server manually.

Note:

If you incorrectly specify a manual-restart server type, such as "ncsa-manual-restart" instead of "ncsa," FrontPage will not try to restart your server. You will be forced to restart it manually after creating a new web.

Note:

If you incorrectly specify a non-manual-restart type, such as "ncsa" instead of "ncsa-manual-restart," you will get an error message when creating a web. If your FrontPage Server Extensions are running under a different user account than the HTTP server, you will receive the error message "Error restarting server process %d" when creating new webs. If you are running a pre-forking server you will receive the error "The HTTP server or a proxy server, returned a badly-formed HTTP response. Please notify the webmaster for the server." In either case you should immediately fix the configuration by uninstalling and reinstalling the FrontPage Server Extensions.

Server Extensions Configuration File

Some features of the FrontPage Server Extensions can be controlled by setting parameters in the Server Extensions configuration file. The configuration file is in /usr/local/frontpage and is named either wexxxx.cnf or host:xxxx.cnf, where xxxx is the port number of your server and host is its name or IP address.

The default for all of these parameters is 0 unless otherwise noted.

ComplexPasswords

When set to a non-zero value, passwords must be a minimum of eight characters, including at least one non-alphabetic character, and cannot be a substring of the username.

Logging

When set to a non-zero value, authoring operations are logged to _vti_log/author.log in the root web. Each operation is logged with the current time, the remote host, the author's user name, the name of the web, the operation performed, and per-operation data.

NoSaveResultsToLogDir

When set to a non-zero value, prevents the Save Results, Registration, and Discussion WebBot components from writing to the _vti_log directory in the web's content root directory.

NoSaveResultsToAbsoluteFile

When set to a non-zero value, prevents the Save Results, Registration, and Discussion WebBot Components from writing to an absolute file path. When this is set, the Save Results WebBot component can only write a file within the web's content area.

NoSaveResultsPipeTo

When set to a non-zero value, prevents the Save Results, Registration, and Discussion WebBot components from piping output to any program.

SaveResultsPipeToAllows

A space-separated list of programs that restricts the programs that the Save Results, Registration, and Discussion WebBot components can pipe output to. If specified but empty, acts as if NoServerPipeTo is a non-zero value. If not specified, all programs are allowed.

NoExecutableCgiUploads

When set to a non-zero value, does not set the "execute" file-access mode bit on files uploaded to the cgi-bin directory. This lets you manually validate the programs uploaded by your authors before allowing them to be marked executable. If you use this methodology, be sure to mark the cgi scripts as read-only when you mark them executable, so that authors cannot upload a new, unchecked executable over the one you validated.

ReformatHtml

When set to "Y" or a non-zero value, causes the FrontPage Server Extensions to reformat all HTML pages as they are uploaded. Otherwise, the FrontPage Server Extensions reformat only pages that contain WebBot components.

UpperCaseTags

When set to "Y" or a non-zero value, converts all HTML tags to upper-case when the FrontPage Server Extensions reformats HTML pages.

PreserveTagCase

When set to "Y" or a non-zero value, attempts to preserve the case of HTML tag attributes when the FrontPage Server Extensions reformats HTML pages. Note that the tag itself will always be upper- or lower-case according to the UpperCaseTags attribute.

TextMemory

When set to zero, turns off full-text indexing of your webs. When set to a non-zero value, sets how many megabytes the text-indexing allocates for its hash-tables and other data structures. Defaults to 1.

AccessControl

When set to zero, disallows FrontPage users from modifying the server's access control. The FrontPage Explorer's Tools | Permissions menu item will be greyed out. It does not turn off access control for your server. Defaults to 1.

Additional Documentation

We have additional notes on the following topics.

• Using Microsoft FrontPage with Multiple Virtual Hosts
• Using Microsoft FrontPage with Per-User Webs

Troubleshooting

• To uninstall a multihomed port, you specify the port as "host:port".
• The FrontPage Server Extensions uses the system log file; this may help you with problem diagnosis:

  System log file: /var/adm/messages (or wherever syslogd sends them)

  Additionally, your HTTP server's access and error logs are often useful. Check your server's configuration files to find out where the server's access and error logs are located.

• If the FrontPage Explorer generates a "Server Refused Connection" error, verify that the server is running. Use a web browser to verify that the server is working properly.
• The FrontPage Server Extensions require that all web content is located in the server's file system under the content directory. FrontPage will not "see" any content located outside the content directory that you "map" into your URL-space using server configuration directives. If you do map in areas outside the content directory (such as a cgi-bin directory), the FrontPage Explorer will show any links to this content as external links.
• A partial exception to the previous problem is per-user webs. But note that FrontPage will not see any per-user content until you create a per-user web for each user whose content you wish to edit or view. For example, to "import" an existing per-user web, use the FrontPage Explorer's "File: New Web" menu option, then choose the "Empty Web" template and provide "~username" as the Web Name.
• If you interrupt the program or enter incorrect information, you may get into a state where you can neither install nor uninstall the software. If this happens you should manually remove FrontPage's configuration file for the server and content/_vti_pvt/services.cnf (where "content" is the DocumentRoot of your web). FrontPage's configuration file for the server is in /usr/local/frontpage and is named either wexxxx.cnf or host:xxxx.cnf, where "xxxx" is the port number of your server and "host" is its name or IP address. Then run fpsrvadm.exe with the install option again.
• If the FrontPage Explorer generates HTTP errors when you create new webs, or when you try to use newly created webs, verify that the FrontPage's server type is correctly set (see "Restarting the Server" for more details). Also, try restarting the server.
• If the FrontPage Explorer generates an HTTP error the first time you try to open a web, you may be running a manual-restart server and may have neglected to restart it after installing the FrontPage Server Extensions on it.