Troubleshooting
Problem
When using Apache server to run CGI programs for QNTC, the ServerUserID Directive is required.
Resolving The Problem
The ServerUserID Directvie is required when using Apache Server to run CGI programs for QNTC, QFILESVR.400. There are three items about the ServerUserID directive:
1. | The ServerUserID is required because it is used to connect to the other server. |
2. | The ServerUserID must have the same password on each system. |
3. | Have the user sign on with that user ID, and view the qfilesvr.400 link. That user must have access to the remote files. |
Example
# Configuration originally created by Create HTTP Server wizard on Wed
Jul 11 14:49:46 CDT 2007
Listen *:8088
DocumentRoot /www/ewsfilesvr/htdocs
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes
-IncludesNoExec -Indexes -MultiViews
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
combined
LogFormat "%{Cookie}n \"%r\" %t" cookie
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -> %U" referer
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log combined
LogMaint logs/access_log 7 0
LogMaint logs/error_log 7 0
SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0
SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /qfilesvr.400/RCHASK60/www/dancgi/htdocs>
Order Allow,Deny
Allow From all
</Directory>
<Directory /www/ewsfilesvr/htdocs>
Order Allow,Deny
Allow From all
</Directory>
ServerUserID MYUSER
AliasMatch ^/test/(.*) /qfilesvr.400/RCHASK60/www/dancgi/htdocs/$1
Note: The ServerUserID is recommended to be set in the global context, not in a container. The reason for this is as follows:
Normally, when HTTP server receives a request, it will follow the steps below:
1. Validate the request.
2. Process the request (get a file, run CGI program, and so on)
3. Send response back to client.
a. If the ServerUserID MYUSER is set in global context:
When HTTP server is started, the worker threads (threads to handle request) are already running under the specified user profile MYUSER. This means all of the above three steps are run under MYUSER. All requests will be run under MYUSER in the whole life cycle of the HTTP server.
b. If the ServerUserID MYUSER is set in container context:
HTTP server will only temporarily swap to the specified user profile (MYUSER) to process the request and swap back to the default QTMHHTTP user profile immediately. That means Step 1 is processed under QTMHHTTP, then swaps to MYUSER and processes Step 2, and swaps back immediately to QTMHHTTP when processing Step 3. This is the design of how that directive works in a container context. (You should only swap to MYUSER when actually processing the request; other steps still run under default QTMHHTTP.)
Problems can occur during Step 1 when user ID is set in the container context. The HTTP server will fail to validate the request URI because the default HTTP server user profile QTMHHTTP does not have authority to access that file, so it will return a 404 (File not Found).
So, if you do not want all requests to run under MYUSER (set in global), which is a higher authority than default QTMHHTTP, some extra configuration must be done to let the HTTP server's default user profile QTMHHTTP have enough authority to access files in QNTC:
1. | Add the ServerUserID to the container in the httpd.conf: <Directory /QNTC/foldername> Order Allow,Deny Allow From all ServerUserID MYUSER </Directory> |
2. | Remove all other ServerUserID MYUSER and UserID MYUSER directives from httd.conf. |
3. | Change the password for QTMHHTTP user profile to a known value, and set up a new account on the Windows server for QTMHHTTP with the same password. |
4. | Restart HTTP server and try again. Note: For Step 3, ensure QTMHHTTP can access files in QNTC to do the necessary validation step. Sign into a 5250 session with QTMHHTTP and check to see if you can navigate to the QNTC IFS path using the WRKLNK. |
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]
Historical Number
477369505
Was this topic helpful?
Document Information
Modified date:
11 November 2019
UID
nas8N1013892