Home » Software & Computing » Infrastructure » Software Infrastructure

Web Access

Submitted by jeromel on Thu, 2006-05-18 12:21. Under:

STAR web organization at BNL

  • The STAR home page URL is http://www.star.bnl.gov/ . All pages from the root directory is strictly reserved to the webmaster. Several user contents are into sub-trees explained below.
  • http://www.star.bnl.gov/STAR/ will (since 2007) redirect you into the Drupal content management system for STAR. THis page is in STAR's Drupal CMS.
  • The STAR computing home page URL is http://drupal.star.bnl.gov/STAR/comp/
  • URLs of form http://www.star.bnl.gov/public/* or http://www.star.bnl.gov/protected/* map respectively to the physical locations
    • /afs/rhic.bnl.gov/star/doc_public/www/*
    • /afs/rhic.bnl.gov/star/doc_protected/www/*
  • When writing HTML, relative URLs (i.e. without http://hostname) of the form 'comp/xxx/yyy.html' (computing web) or 'public/comp/xxx/yyy.html' (general web) should be used such that mirroring of the web on other servers will work.
    • Example of URL and location for a typical web directory, SOFI:
      URL: http://www.star.bnl.gov/public/comp/sofi/
      Physical location: /afs/rhic.bnl.gov/star/doc_public/www/comp/sofi/
  • ACLs control access to AFS web areas. If you need (or think you might ever need) write access to a web area, just ask. See ACL info link below.
  • There are STAR logos and other images in the images directory.

Personal Webpages and CGI access

To create a personal web area on the RHIC/STAR cluster, create a directory /afs/rhic.bnl.gov/star/users/yourname/WWW and make sure that (since this is an AFS area)

  • /afs/rhic.bnl.gov/star/users/yourname is readable by the starweb account. ACL setting would be
    % cd /afs/rhic.bnl.gov/star/users/yourname
    % mkdir WWW
    % fs sa . starweb rl
    % fs sa WWW/ starweb rl
  • Note that
    • /afs/rhic.bnl.gov/star/users/yourname/WWW should itself be readable by starweb account as showed in the previous bullet.
    • the starweb account is NOT part of the "STAR" group. Explicit ACL to "rl" need to be set as instructed.
    • Setting ACL is your responsibility!

      ATTENTION: You should NEVER set or reset the starweb account ACLs to values different than "rl" as instructed.
      Setting / resetting ACL for the special account system:anyuser has DIRE consequences and will be considered PROHIBITED.
      You should especially NEVER grant write access by those account to ANY area without prior notice and explicit approval.

When this is done, your personal pages will be accessible as http://www.star.bnl.gov/~username/.  If not, please send a note to starsofi Hypernews confirming and specifying you have followed the instructions above. In some instances, old ACLs get cached on the Web server side and your page may not be displayable before a service restart (AFS) is issued. For more information on setting ACLs in AFS, please consult the Guide to AFS and ACLs page.

Running CGIs on the STAR Web servers need to follow the below guidance and regulations:

  • By default, all CGIs will (and MUST) be protected of access using the "protected" password or other (stronger) method of authentication.
  • Any deviation and need for public access requires a review of the CGI by experts.
    • The de-facto assumption will always be protected - if a review cannot happen, the default assumption will be in effect.
    • CGIs with read-only access and of general (outside STAR) interest are candidates for an exemption.
    • CGIs having write access to files or database (hence subject to injection attacks) require special attention. You should always consider the question "can I write this CGI differently". For example:
      • pre-generation of results (write) from a different account than starweb could be used as an example of privilege separation.
      • two stage (two accounts) database access could be used to write and read
      • ...
    • After a review, a frozen version of the CGI will be put in place
    • The area or database the CGI writes too should be documented.
    •  File access: ANY area in AFS having write access ACL for starweb and un-documented will see the ACLs removed (for both starweb and the administrator of the area) without prior notice.
  • STAR provide standard CGIs for general use
    • Use them
    • DO not make and use private copies - send your changes and improvements to the developers if needed
  • Virtually hosted site should comply with the guidance and rules described herein.

More information

More information is available below providing you are authenticated.

 

‹ Unix command locationupAccessing the World Wide Web from inside BNL ›
»