Internet Privacy Issues

If privacy is an issue for you, then read this before you set your permissions. If you want everyone to be able to look at your webpage, then skip this whole section.

First, think about who you want to be able to access what parts of your web page. For example, you might want only your SME classmates to be able to see your personal bio. If you decide to put your resume on the web, you might want only a very few people to be able to see it, since it has your name and address on it.

Option #1: Un-linked Private Files

I am going to write about two basic ways to make your web page private. The first involves simply giving your private files un-obvious names that others are unlikely to guess. This is the option that I most often use and recommend. If you don't link a file to the main index.html file in your WWW folder, then only people to whom you give the name (address) of that file will be able to see it with a web browser. On my web page, about half of the files are linked to each other and therefore accessible to the casual web-surfer. The other files are intended for certain people; only those people know where they are.

If you use this option, make very sure that you have an index.html file in your main WWW folder that contains all the links that you do want everyone to be able to see. If a folder doesn't have an index.html file in it, then all the files in that folder (including your private files) will be listed by any browser that stumbles upon your page.

Note that for this assignment we want everyone in the class to be able to read at least each others' bios and reflections. Everyone's bios and reflections will therefore be linked from this page. If this bothers you, please let one of the TA's or faculty know the reasons for your concerns and we will discuss what to do about it. The solution may involve de-personalizing your bio until you feel comfortable making it public.

Option #2: Password Protecting Your Page

Password protecting your page is not an insurmountably difficult option if you are familiar with unix and emacs. However, it can and probably will be quite challenging and frustrating if you are not. In the end, I believe that the privacy you can achieve with this option is not greater and may be less than that attained by Option #1, so for simplicity's sake I encourage you to use Option #1 unless you find a compelling reason not to.

On the other hand, if you are the type of person who enjoys poking around on the network, you may find it kind of fun (in a sick sort of way) to learn more about the structure of the Stanford server system, which you will unavoidably do as a facet of this exercise. Below, I attempt to walk the student who is (initially) unfamiliar with unix and emacs through the steps necessary to password-protect a Stanford web page. Note that there is a far more comprehensive (but perhaps less comprehensible) description and tutorial on these subjects at http://www.stanford.edu/leland/user-auth.html and http://www.stanford.edu/leland/userauth-tutorial.html, respectively.

If you want the different people to be able to see different parts of your site, then you need to make a folder (remember that a folder is the same thing as a directory) for each set of files that will have different permissions. All of these folders will go in your WWW directory. Each of them can have a file called "index.html" that serves as the main page in that folder. You will need to set the appropriate permissions on each individual folder (directory).

If, on the other hand, you want the same certain people to be able to see all of your website, then you have to set the appropriate permissions on your WWW folder. Log on to your leland account, skip the next section on making folders within folders, and continue reading below.

Folders Within Folders: Unix Style

To make a new folder on your web page, first log on to your leland account as if you were going to check email. Then instead of checking email type "cd WWW". In unix-speak, this means "go into the folder (directory) called WWW." Everything on your web page has to be in this folder to be able to be seen by a web browser such as Netscape Navigator. (You can type "ls" to list what you have in there now if you wish.) Then decide what you want to call the new folder. Let's say you decide to call it "bio." Type "mkdir bio" to create a new folder called "bio" in your WWW folder. Now you can type "cd bio" to go into your new bio directory and "ls" to see what you have in there if you wish, but since it doesn't have anything in it yet you won't see anything listed if you type this. If you create a file called "index.html" and put it into your bio directory, then the address for that file is "http://www.stanford.edu/~yourname/bio". (Throughout this tutorial, you should mentally substitute your leland username for "yourname.")

If you went into your new directory as instructed by the last paragraph, come back out by typing ".." at the prompt. The command ".." takes you up one level to the folder just above where you were before.) You should now be in your WWW folder, as you will see from the fact that there is a WWW immediately before the prompt. You can make as many directories (folders) as you like by following the instructions for the bio folder above. If ever you want to get rid of your bio folder, you must first move or remove all the files in it. To do this, you would go into your folder and type "rm *.*" to delete all of your files or "mv *.* .." to move all of the files out of that folder into the folder above. Type "ls" to verify that the bio folder is empty and then ".." to get out of it. Then you can type "rmdir bio" to remove the empty folder.

You must be in your WWW folder when you set the permissions for the various folders within it. If you are setting permissions for your entire WWW folder, then you will want to be one folder above that, in your home idrectory. You can get to your home directory from your WWW folder with the ".." command.

Setting Permissions

If this description, dir means the directory (folder) for which you are setting the permissions. If you want all of the folders in your WWW directory to be visible to the same selected people, then dir for you will be WWW. If you want different folders within your WWW folder to be accessible to different people, then dir will be the folder whose permissions you are setting at the time. Remember that you have to be in the folder above the folder for which you are setting the permissions. You can check this by typing "ls" and making sure that the folder whose permissions you are setting appears in the list. Also, the Stanford file system has you listed under /afs/ir/users/y/o/yourname. For example, I am listed under /afs/ir/users/k/a/kaleeg. You don't need to worry about this except that when you see /afs/ir/users/y/o/yourname in this description you should replace the /y/o/yourname part appropriately. Lastly, the description below uses the default filename for a password file: .htpasswd. People who know the default filename may be able to find and read it. For extra protection, you may want to replace .htpasswd with some other name that you make up in all of the places in the description below where you are asked to type it in. (If you do it in some but not all of the palces you will get an error message.)

Okay, ready? The first thing you need to do it type in the following three commands (remember that dir is the name of the directory to which you are restricting access):

fs setacl dir system:www-servers read
fs setacl dir system:anyuser none
cd dir

That last command actually put you into the relevant directory. Now type

emacs .htaccess

This will pop up a new window. Welcome to emacs! Type the following lines exactly as you see them (resits the temptation to put in extra spaces after the commas and such) and make sure you hit return after each one, even the last one.

AuthUserFile /afs/ir/users/y/o/yourname/.htpasswd
AuthName ByPassword
AuthType Basic

require valid-user

When you are done, type control-x control-c in succession to exit emacs. What you've just done is told the computer only to let the users you are about to specify look at your web page. Now you just have to specify the users and the passowrds. These usernames and passwords are not related to SUNet ID usernames and passwords. The passwords that you assign you users (or that they give themselves and you type in for them in the instructions below) should therefore not be SUNet ID passwords.

For this assignment, you are required to allow the user "sme1" to have access to at least the bio and reflections sections of your web page. Say that "sme" is the first valid user you wish to enter. Type

htpasswd -c /afs/ir/users/y/o/yourname/.htpasswd sme

Now the program will ask for sme's password and you should enter the class password: "light".

After the first user and password has been entered, you can enter other users and passwords by typing the same command as above without the -c. So for example you might type

htpasswd /afs/ir/users/y/o/yourname/.htpasswd mom

and then enter her password at the prompt. Then call mom and tell her that when she visits that folder of your page, at the prompt she'll have to type in "mom" and the password you've given her in order to read it. (Or you could simply tell her to type "sme1" as a username and give her the sme class password. That will work too.) Remember that if you want different people to be able to see different parts of your page, then you will need to set the permissions on each folder separately.

One last and very important step: you must type the following command for each folder above the folder you protected, including your home directory. (Remember that the command ".." gets you to the folder above the one you're in.)

fs sa . system:www-servers rl

Type this command at the prompt for each folder above the one you're in until you get up to your home directory.

Okay, now you're done! Test your web page thoroughly to make sure that each part of it is protected to your liking. If you run into problems, there are four things you can do:

  1. Let me know by sending email to kaleeg@leland.stanford.edu.
  2. Check with someone at the consulting desk of Sweet Hall. These people are the most likely to have a clue about how to fix your problem.
  3. Check with someone at the technical services desk on the second floor of Meyer. They will probably give you a pamphlet or leaflet on the relevant subject.
  4. Go to http://www.stanford.edu/leland/user-auth.html and/or http://www.stanford.edu/leland/userauth-tutorial.html.