Personal Publishing in the WWW

The VU School of Engineering supports a service that allows a SEDCON user to publish information in the World Wide Web. The most important thing that a SEDCON user needs to do in order to make use of the SEDCON Personal Publishing service is to create a specially named directory. Then the user can simply place the informaton to be published in files in that directory. The user owns the files and the directory and has nearly total control over access to those resources and make whatever changes to access permissions or file content that the user desires to make.

Every SEDCON user is reminded to honor any and all applicable intellectual property rights (such as copyright, trademark, or patent) in making materials available to the WWW.

Your personal wwwfiles directory

The VUSE WWW server runs a server daemon that allows each SEDCON user to have a personal directory of files that can be accessed by the WWW server. In order for the server to be able to find your WWW files, this directory must be named wwwfiles and must be a subdirectory directly in your SEDCON home directory. Additionally, the access modes of your home directory, the wwwfiles subdirectory, and all files in the wwwfiles directory must all be set correctly in order to allow the server to read the files. To create the wwwfiles directory and correctly set the access modes on both the home and wwwfiles directories, you can login to any SEDCON UNIX system (such as loginhost) and type 


    cd $HOME
    mkdir wwwfiles
    chmod a+x . wwwfiles
Note: This chmod(1) command has some security implications of which you should be aware.

Your personal WWW files

Once you have created your wwwfiles directory, you can create files and publish them to the WWW. Access to any file in your wwwfiles directory is controlled not only by the access modes of the wwwfiles and home directories but also by the of the access modes of the file itself. To be sure that others can read a file in your wwwfiles directory), make sure that you allow provide general read access to the file. As an example, to provide general read access to the file testfile.txt, you would type 


    chmod a+r testfile.txt
Note: Some editors function by creating a new file and renaming the old one so you may have to reset the access modes every time you edit the file.

There are additional instructions concerning the modes of files to be invoked as CGI programs.

How to reference your files in the WWW

In the World Wide Web, the location of a file or service is specified by what is called a Uniform Resource Locator (URL). At some point, you may decide for some reason that you need to specify a file location as a URL. For reasons of security, files on the VUSE WWW server are not available via the names that normally refer to them but the files in a user's wwwfiles directory may be accessed via the special ~username mechanism. The server daemon running on the VUSE WWW server will treat a URL of the form 

    http://server/~username/filename
as a locator for the file filename in the wwwfiles subdirectory of the home directory of the user with username username. For example, you could refer to the file urldemo.txt in the wwwfiles directory of user drl on the server www.vuse.vanderbilt.edu as 
    http://www.vuse.vanderbilt.edu/~drl/urldemo.txt

CGI programs are handled specially and you must use a different sort of referencing URL in order to invoke one as a program. Access to a CGI program via a URL of the sort described above will simply retrieve the (possibly binary) program instead of executing the program and retrieving its output.

An Apparent Security Concern

While the SEDCON is not a terribly secure environment, the procedure outlined above to make your wwwfiles accessible may appear to make your account terribly insecure. This is not really a problem for three reasons.

  1. On a UNIX system such as the one where your home directory is, a directory is just a special type of file and the access modes of a file play as much of a role in access to that file as do the modes of the directory containing that file.
  2. The suggested procedure merely makes your home directory and its wwwfiles subdirectory searchable. It does not allow anyone else to write in your directory. In fact, unless you explicitly give read permission for these directories (which the suggested procedure does not do), others can't even really read them to discover what files they contain. All they can do is search your directores for files with known names (like wwwfiles).
  3. If you want to prevent any access by others to some files in your account, you can always make a protected subdirectory (to which others have no access) and move your sensitive files there.
In general, it does no harm to have a generally searchable home directory as long as you are prudent about the access modes of your files and directories and, in fact, denying all access to your home directory will make other things (besides publishing in the Web) break.

For more information about access modes, see the description of the chmod command in section 1 of the UNIX manual and of the chmod system call in section 2 of the UNIX manual.

Please send comments, suggestions, or questions about this document to www@vuse.vanderbilt.edu
Last changed on January 17, 1997 by David R. Linn