Fermilab Computing Division
Fermilab Homepage Computing Division Homepage Computing Division Banner

Professional Home Pages At Fermilab

Employees and users at Fermilab may wish to have a "personal" home page which lists professional information about themself and links to their projects and papers. Home page authors must read and follow the Fermilab Policy on Computing.

These pages are supported by the Computing Division. Your professional home page may be served from your department or experiment web server or you may choose to have it served from the central, CD-supported web server.

If you wish to restrict access to your web pages, several mechanisms are available for doing this. If you are serving your professional home page from your home directory on the fnalu cluster, follow the instructions for access protection listed for the Apache Web Server. The home pages web server on home.fnal.gov is configured to support .htaccess files in your home area. For more detailed information about access restrictions, see: Restricting Access to Your Web Pages

Also, home page authors should keep in mind that since their home pages will be served from their home directory on fnalu, project related work should not be served from this area. You must make sure that if your home directory were to be moved or deleted, your colleagues would not lose any information they rely on for their work at Fermilab. Project related work should be served from a project related area set up by your experiment or department.

 

Setting Up Your Professional Home Page on Central Web Server

To create a professional home page for yourself, use the following instructions.

  1. Get an account on the fnalu cluster.
    Use this form to request an account if you do not already have one.
  2. Create a directory named public_html in your home directory on fnalu. To do this, log into your account on fnalu and use these commands: cd
    mkdir public_html
  3. Create your professional home page(s) in this directory.
    Name your home page file the default file name "index.html".

  4. View your own home page(s) by using the URL http://home.fnal.gov/~username/ where username is your account name on fnalu. This will show the public_html/index.htmlpublic_html subdirectory in your home directory on fnalu, a "File Not Found" error will be shown. file in your home directory if there is one. If you have no

    Be aware that if you have a public_html subdirectory, but it does not contain an index.html file, then the viewer will see a directory listing which links to each file in your public_html subdirectory.

    Also be aware that by default, users with accounts on fnalu will be able to view the files in your public_html area when they are logged into fnalu, even if you have restricted web browser access to your web pages.

 

CGI scripts

CGI scripts are not supported in your professional home pages area. Please see your experiment or department management to request space for project-related CGI scripts on your experiment or department web server.

 

Disabled Apache Directives

Certain "Options"-type Apache Directives have been disabled from use for security and policy reasons.  Attempting to use one or more of them within an .htaccess file in your Professional Pages will cause the Apache HTTPD server to disable your Professional Pages until they have been removed.  They are as follows:

Apache Option Allowed Alternative Reason For Being Disabled
Options All None Since certain specific Options have been disabled
Options ExecCGI None CGI scripts are not allowed within the Professional Pages area
Options Includes IncludesNOEXEC IncludesNOEXEC is allowed and will perform the same function as  "Includes", only without the ability to execute CGI scripts which, as previously stated, has been disabled.

 

Trouble-shooting fnalu-based Professional Home Pages

A majority of people will not need the information in this section.

By default, home directories on fnalu have the needed permissions so that web pages in your public_html directory will be viewable by anyone with a web browser. However, if you see this message when you try to view your professional home page -

Forbidden
You don't have permission to access /~username/ on this server.

your permissions may have been set differently. To fix this, log into your account on fnalu and use these commands:

cd
fs setacl  .  system:anyuser rl
fs setacl public_html system:anyuser rl

This will allow any user (including the web server) permission to view (but not write into) your top level home directory and public_html directory. This will allow people with web browsers to view your professional home page(s). Note that it is first necessary to give at least "l" (List) access to your home directory in order to access the contained public_html subdirectory.

Any new subdirectories you make in your public_html directory will inherit the permissions you just set. However permissions on existing subdirectories are not changed. So if you had already existing subdirectories in your public_html directory before you issued the fs commands, you will also need to adjust the permissions on each subdirectory by:

cd /path/to/subdirectory
fs setacl  .  system:anyuser rl

 

Restricting Ability of Other Central Web Server Users to Read Your Files While Allowing Selected Web Users

For more detailed help with AFS commands, please see the AFS section of the Information for Fermilab Webmasters . In particular, the AFS Cheat Sheet for Webmasters describes the commands that are most often needed by web authors using AFS.

If you have password protected or IP address protected the web pages in your public_html area or a subdirectory, and you do not wish other users on fnalu to be able to see these files, use the following commands for each directory you want to protect instead:

cd /to/the/directory/you/want/to/protect
fs setacl  .  system:anyuser none
fs setacl  .  lauram:expwwwmachine rl

Note 1: You will have to repeat these two commands for any subdirectories you want to protect that already existed before you issued the above commands for the parent directory. fs commands do not affect already existing subdirectories. Any new subdirectories you creat will inherit the permissions you just set on the parent directory.

Note 2: The third item in the fs command ("." in the above commands) is just the directory you want to take action on. This can be "." if you want to take action on your current working directory, or it can be an absolute path to the directory you want to take action on, or it can be a relative path from your current directory to the directory you want to take action on. So if I am Fred and the directory I want to protect is the directory named "gold" in my public_html directory, any of the following would have the same effect:

fs setacl /afs/fnal/files/home/room2/fred/public_html/gold lauram:expwwwmachine rl
cd ~fred;     fs setacl public_html/gold lauram:expwwwmachine rl
cd ~fred/public_html;     fs setacl gold lauram:expwwwmachine rl
cd ~fred/public_html/gold;     fs setacl  .  lauram:expwwwmachine rl

Note 3: You probably do not want to remove system:anyuser rl permission from your home directory, because then mail applications will not be able to read your mail .forward file on fnalu. If your mail is not forwarded to fnalu (i.e. you read e-mail via an imapserver or a popserver, then the system:anyuser rl permissions are not needed on your fnalu home directory for your mail forwarding to work.
 This page rendered in 0.2046 seconds