30 Sep 2002 Manager: A Remote File Manager for the SREhttp/2 web server. MANAGER allows you to remotely manage files on your SREhttp/2 web server. ------------------------------- Contents. I. Introduction II. Configuring MANAGER III. Starting and Using MANAGER IV. Multiple File Downloads ------------------------------- I) Introduction With MANAGER you can: a) delete, copy, and move multiple files b) extract and unzip .ZIP files c) upload files d) download many files at once e) edit small files f) remove directories g) search for files in/under a directory MANAGER has several security features, including control over what directories are accessible, and a requirement that clients have a "dynamic password". a) Viewable directories. MANAGER will only access directories (and subdirectories of a directory) in explicitily listed directories. There are a few shorthands, which allow you to "make accessible" the SRE2003 data directory (the root of your web tree), virtual directories (defined in the possibly host-specific ATTRIBS.CFG), the SREHTTP2 directory, and the SRE2003 directory. See MANAGER.CFG (in your SREHTTP2\CFG directory) for the details. b) MANAGER uses SREhttp/2's "dynamic passwords" for more secure access control. SECURITY NOTE: MANAGER does NOT encrypt communications. Nor does it attempt to obsfucate what files & directories are being worked on. Hence, if security is a major concern, MANAGER should be used cautiously -- for example, make sure that the MANAGER.CFG file is NOT in an accessible directory (see below for details on designating accessible directories). Note that, by default, MANAGER is disabled. II) Setting up MANAGER The MANAGER.CFG file, in your SREHTTP2\CFG directory, contains several parameters. The most important is the ALLOWED_DIRS. parameters. These MUST be set, or MANAGER will do nothing (by default, MANAGER does not set any ALLOWED_DIRS). You can edit MANAGER.CFG with your favorite text editor -- it is well documented. Note: MANAGER use cookies to implement dynamic passwords. Thus, if you've disabled cookies, MANAGER will NOT work. You also will need to set up a username entry (in your possibly host-specfic USERS.CFG file) that has: 1) A "MANAGER" privilege (or a SUPERUSER privilege) 2) A ?MANAGER:apwd "secret privilege" When you first start manager, you will be asked to provide your username and password. Assuming that this username & password is legit, and has a MANAGER privilege, you will then be asked for a dynamic password (the "apwd"). Note that everyone is required to provide a dynamic password, even SUPERUSERS. ------------------------------- III) Starting and Using MANAGER After configuring MANAGER.CFG and setting up a username, just use your frames and javascript enabled browser to send a /MANAGER? request to your server. For example, if your server is foo.bar.net, enter the following in NetScape 4.61's Location: line: http://foo.bar.net/manager? You will be presented with a list of the ALLOWED_DIRS. directories. Or, you can invoke the "frames" version of MANAGER. Assuming you opt for the frame version, 2 windows will be created. The main-window contains two frames, the file-directory display area, and the control panel. The other window contains a directory tree. Note that if you "view" a file on the server a third "VIEWER" window will also be created. Once MANAGER loads it initial screens, it is largely self explanatory. Notes: * you can display listings using a "quick" (fewer options) or regular (more options, but takes more space) mode; and you can also display files sorted by name or by extension. * uploads are to the currently selected directory * "editing" files is done via a