18 Oct 1999. Daniel Hellerstein (danielh@crosslink.net)

                Manager: A Remote File Manager for the SRE-http web server.

MANAGER allows you to remotely manage files on your SRE-http web server. 

                         -------------------------------
Contents.

I.   Introduction
II.  Configuring MANAGER
III. Starting and Using MANAGER
IV.  Multiple File Downloads

                         -------------------------------
I) Introduction

With MANAGER you can:
  a)  delete, copy, and move multiple files
  b)  extract and unzip .ZIP files
  c)  upload and download files
  d)  edit small files

MANAGER has several security features, including control over what directories
are accessible, and requirement that clients have a "dynamic password".

  a) Viewable directories.
     MANAGER can be told to "allow access" only to:
       i) the  GoServe data directory (and it's subdirectories),
      ii) the GoServe working directory (and it's subdirectories), and
     iii) SRE-http virtual directories (and their subdirectories)

     Alternatively, you can explicitly list a set of directories that MANAGER
     will allow access to; these directories can be anywhere on your server.

  b) MANAGER can use SRE-http "dynamic passwords" for more secure access 
     control.

I) To install MANAGER:

 a) Unzip MANAGER.ZIP to a temporary directory
 b) Copy MANAGER.CMD to your SRE-http addon directory.
 c) Optional: edit some parameters in MANAGER.CMD
 d) Optional: copy DoMixed.CMD to a permanent location
    You might also want to copy it to your GoServe data directory
    (so as to make it available for easy downloading)
 e) Optional: copy MANAGER.DOC (the text documentation file)
    to your GoServe data directory (there is a link in one of the 
    MANAGER windows to /manager.doc)

Note: the latest version of MANAGER can be found at:
      http://www.srehttp.org/apps/manager/

                         -------------------------------

II) Configuring MANAGER:

To configure MANAGER, you should edit MANAGER.CMD with your favorite 
text editor, and modify the various parameters in the user-configurable
parameters section (it's at the top of the file).

The parameters are:

ALLOWED_DIRS.  Specify directory access on a client specific basis
   
  ALLOWED_DIRS. is used to specify which directories a client has access to,
  based on the client's "privileges" (say, as set in the ATTRIBS.IN or
  the USERS.IN SRE-http parameter files).

  When specified, only files in these "allowed directories" (and in 
  subdirectories under this these allowed directories) can be manipulated.

  You can define "default" ALLOWED_DIRS. entries, and you can also
  define "host-specific" ALLOWED_DIRS. entries.

  ALLOWED_DIRS. is only used when CHECKIT=2 (CHECKIT is described below).

  The ALLOWED_DIRS. syntax is:
  a) define the number of entries using:
        ALLOWED_DIRS.0=nnn 
        ALLOWED_DIRS.!hostnickname.0=nnn
     where nnn is an integer > 0. 
     If there are no allowed entries, se ALLOWED_DIRS.0=''
  
  b) define  n=1...nnn entries:
       ALLOWED_DIRS.n='directory privlist'
       ALLOWED_DIRS.!hostnickname.n='directory privlist'
     where:
         directory : a fully qualified directory
         privlist: a list of "client privileges" -- if a a client has one of
                  these privileges, she is given access to this directory.
                  Note: a privlist of * means "anyone can access"

   Note that for each request, the "default" (ALLOWED_DIRS.n) and
   the host specific (ALLOWED_DIRS.!HOST.n) will be checked,
   where HOST is the host_nickname (this is ignored if the
   request is to the "default" host). Note that you MUST place
   an ! before the host_nickname.
  
   Example:
      allowed_dirs.0=2
      allowed_dirs.1='g:\www\  *'
      allowed_dirs.2='g:\goserve\  MAN '
      allowed_dirs.!host1.0=1
      allowed_dirs.!host1.1='g:\work fan'

CHECKIT: access mode

 CHECKIT can take the following values:
   0 = allow remote use by superusers (unless suppressed by SREF_NO_REMOTE_CONFIG)
       to goserve datadir, working directory, and sre virtual directories
       ALLOWED_DIRS. is not checked.
       Note: if SREF_NO_REMOTE_CONFIG=1, then checkit=0 is the same as CHECKIT=1
   1 = do NOT allow remote use. Otherwise, same as checkit=0
   2 = allow remote (and local) access to the ALLOWED_DIRS. only
       If checkit=2, then SREF_NO_REMOTE_CONFIG is ignored           

  Example:
    CHECKIT=2  


DYNAMIC_PWD: Require an encoded secret privilege (a dynamic password) 

  1= yes -- the client must enter a valid dynamic password.
  0= no  -- dynamic password is not required.

 Example:
    dynamic_pwd=0

 Note: for info on dynamic passwords, see the SRE-http documenation file 
       DYNPWD.DOC.

DYNPWD_DURATION: Duration of dynamic_password
  How long a given dynamic password is valid, in days (fractions of days okay)
  
  Example:
    dynpwd_duration=0.5         (12 hours)

COLORS: colors used to display del,copy,move radio buttons

   These the standard 6 hex-digit color codes.
     DELCOLOR: color of the "delete" buttons
     COPYCOLOR: color of the "copy" buttons
     MOVECOLOR: color of the move (rename) button

   Examples (be sure to include the leading #)

     delcolor="#f5ddf9"
     copycolor="#00fdf9"
     movecolor="#9addf9"


MAX_SIZE_EDIT: Maximum size of "on-line" editable files

 The maximum size (in byte) of files that can be edited by
 MANAGER (using a TEXTAREA form element).
 This is a function of how large a <TEXTAREA> the target browsers 
 can handle
 
 Example:
     max_size_edit=20000

  NOTE: MAX_SIZE_EDIT and COL_SIZE_EDIT can be overridden on a request
        specific basis (see below for details).

COL_SIZE_EDIT: Column width of "on-line" edit file TEXTAREA

  The number of  columns to use (in a TEXTAREA box) when editing a file
  This is a function of how large a <TEXTAREA> the target browsers can handle.

  Example:
       col_size_edit=70

  NOTE: MAX_SIZE_EDIT and COL_SIZE_EDIT can be overridden on a request
        specific basis (see below for details).

                         -------------------------------

III) Usage

   After installing and configuring, just hit your frames and javascript
   enabled browser with:
     /MANAGER?

   Depending on what access controls you've enabled (i.e.; your CHECKIT 
   setting), you may be asked for a username/password (in your browsers
   configuration box), followed by a request for a "secret" password
   (in an html form).  

   Note: MANAGER use cookies to implement dynamic passwords. 
         Thus,
            if DYNAMIC_PWD=1, 
            and you've disabled cookies, 
         then
            MANAGER will NOT work.
   
   Two windows will then be created: a window containing a directory tree,
   and a window containing a control panel frame and a current directory
   frame.  Note that if you download a file from the server a third window 
   may also be created.
   
   Once MANAGER loads it initial screens, it is largely self explanatory. 
   
Notes:
   * you can display listings a "quick" (fewer options) or regular
     (more options, but takes more space) mode; and you can also display files 
     sorted by name or by extension.

   * uploads are to the currently selected directory

   * "editing" files is done via a <TEXTAREA> in a form. You can only edit
      text files, and they can't be larger then MAX_EDIT_SIZE bytes.

   *  see the next section for some important information on multiple downloads

   *  You can directly extract information from a ZIP file, extract (with/without
      overwrite) a file to the current "server" directory, or extract an
      entire ZIP file to the current server directory.  

   *  A client can override the MAX_SIZE_EDIT and COL_SIZE_EDIT on a request
      specific basis. To do this, the client should enter two integers in the
      "Move to" text box (the box at the end of the row containing the file
      to be edited). 

      The first number should be the MAX_SIZE_EDIT (in kbytes), the second
      should be the COL_SIZE_EDIT. For example:
         60 100   -- 60kbyte maximum, use a 100 column TEXTAREA box
      Alternatively, you can use * as a MAX_SIZE_EDIT. The * means "use
      the "GoServe body size limit parameters" (typically 50k). For example:
         *  80   -- Use the GoServe "body size limit", and an 80 col TEXTAREA

                         -------------------------------

             
IV) Multiple File Downloads
   
    The "download" option allows you to download (from the server
    to your compter)  many files at a time.  
    This type of download should use the multipart/mixed mimetype. 
    Unfortunately, some versions of Netscape crash when saving "parts" of 
    a "multipart/mixed" resource to seperate files.

   Therefore, three download options are available:

     1) Download as multipart/mixed -- binary
           This is the prefered method -- requires an up to date browser 
           (say NetScape 4.61).

     2) Download as multipart/mixed -- mimetype
           If the files are "browser displayable" (i.e.; text/html or
           image/gif), then you CAN use multipart/mixed -- the effect
           is a server push of a series of documents & images.

           If you choose this, you can also set the delay time
           (in seconds) between "parts" (but don't set it to high, 
           you could time out the server!)   

     3) Download as application/x-sre-mixed
           This option (which is a modified multipart/mixed) is meant
           to be handled by the DoMixed.CMD "browser application" (that comes 
           with MANAGER).

           To use DoMixed.CMD, you should be using NetScape on an
           OS/2 machine. The following setup should be done once:

             1) Open NetScape "applications". 
                    for NS4.04 -- look in Edit-Preferences-Applications
                    for NS2.02 -- look in Options-General_Preferences-Applications

             2) Create a "new type" with:

                   Mime Type: application/x-sre-mixed
                   Application to Use: cmd.exe /c "x:\dir\DoMixed.cmd"

                where x:\dir\ is the path you copied DoMixed.CMD to.
                Note: the "s MUST be included in thisr definition!
           
            When using this option, you may be asked to "load" or "save" the 
            file -- choose "load".  DoMixed will then run, and will ask
            you where each file should be copied to.
            
            DoMixed.CMD contains one user-changeable parameter: 
                DEFAULT_OUTDIR : The default directory to write files to.
            You can changes this at any time -- be sure to use a fully
            qualified directory name!

            If you are using a non-OS/2 client, you still might be able
            to use DoMixed.CMD -- it's a REXX program, and it should
            be possible to instruct your browser to run a REXX
            emulator.

          Note: DoMixed.CMD is included in MANAGER.ZIP.  If you expect people
                to use this feature, be sure to your clients can find a copy of
                DoMixed.CMD somewhere on your server.


.end of documentation