Web Administration package for
* © Copyright International Business
Machines Corp. 2004,2025
* All Rights Reserved
* Licensed Material - Property of
*
* US Government Users Restricted Rights
- Use, duplication or
* disclosure restricted by GSA
Table of Contents
-----------------
0. Third-party
license terms and conditions, notices, and information
1. About this release
1.1 Package compatibility
1.2 Package configuration requirements
1.2.2 Package dependencies
2.0 Installation process
2.1 Configuration process
2.2 Install script
3. Uninstall information
4. Known limitations and problems
5. Notices and trademarks
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE
EXCLUDED,
WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE,
SUPPORT, IF ANY.
The Communications Server for Linux Web Administration
package is a tool designed to
provide remote web browser administration for managing a CS Linux server installation. A
full range
of SNA query and status information is provided for the local server. This release
provides updates that addresses known weaknesses in operations and makes the package more secure.
STEPs for assistance:
Throughout this README file there are STEP:
items. These steps are numbered
to help show the order in which to perform operations. These steps are
checkpoints which
are provided to assist in the installation and configuration tasks. Depending
on the skill
level of the reader, these steps may be followed in part or in whole.
7.1.1.0 Information:
This release is designed to run with the Communications Server for
Data Center Deployment v7.1 (Linux) server (or later).
This release contains the following new features:
SNA resources like LU names restrict character input to upper case. When entering data to configure the Communications Server, only
the allowed characters set is supported.
If you type a character and it does not input into the field, change to upper case or the character
may not be valid for the type of input.
INSTALLATION
A installibmcsweb script file is provided to assist in installation and configuration. Use this file to choose
if Web Admin (write) or Query Admin (read only) or both capabilities are needed.
If using the installibmcsweb script to install/configure, then skip steps 2 thru 5 below.
You should not have to modify any configuration files, unless you renamed
the 'snauser' to some other name
(see "Changing
the
The package depends on Common Gateway Interface (
package for Linux. You must have an Red Hat Enterprise Linux (RHEL) or SuSE Enterprise Linux (SLES) Web
or Ubuntu LTS server installed, and the perl-
CS Linux products:
- SUSE Linux Enterprise Server 15 (x84_64, ppc64le, s390x).
- Red Hat Enterprise Linux 8, 9 (x86_64, ppc64le, s390x).
- Ubuntu LTS server 20.04, 22.04 and 24.04 (x86_64, ppc64le, s390x).
This package requires the administrator of a Linux system to
perform configuration.
A installibmcsweb script is provided that will perform most of the configuration
steps to setup the Apache Web Server configuration. If the script is not used, the follow steps 2 thru 5 below in
Section 2.0 - Installation Process.
For secure access, use visudo to update the /etc/sudoer file.
The package uses full path specification for execution of snaadmin, sna,
snagetpd and snawhat executables
using a 'sna' group user. You must create a 'snauser' user ID
in the 'sna' group and then assign the web server the authority to run under that user.
This will prevent vulnerable attacks by insertion of rogue execution files in the paths executed by a 'root' user.
It is assumed that the administrator is familiar with the procedures described to configure the Web
Server so that the proper security and compliance requirements are met.
This package can be installed with the
The Communications Server does not need to be installed for this package to load successfully.
A Web Server is required to use the Web Admin package. On RHEL, the
standard Web Server process is "httpd".
To verify if Web Server is running on RHEL, issue "ps -ef | grep
httpd" to see if the Web Server is running.
On SLES and Ubuntu, the standard Web Server is "apache2". To verify if Web Server is running on SLES,
issue "ps -ef | grep
httpd" to see if the Web Server is running.
To verify if Web Server is running on SLES,
issue "ps -ef | grep
apache2" to see if the Web Server is running.
The package was tested with the following Web Servers:
- Apache2 - 2.2.3 ( apache2-2.2.3 or later on SLES)
- HTTP Server 2.2 ( httpd-2.2 or later on RHEL)
- Apache2 - 2.4.6 ( apache2-2.4.6 or later on SLES)
- HTTP Server 2.4 ( httpd-2.4 or later on RHEL)
- Apache2 - 2.4 ( apache2-2.4.29 or later on Ubuntu)
Most web browsers that support
Communications
Server for
Linux on System z and Communications Server for Data Center Deployment
have been tested with this
Communications Server Web Admin package.
STEP 1: Download the CS Linux Web Admin package from the website:
Search for "WebAdmin" to find the link to the Web Admin package. Download the package from:
https://www.ibm.com/products/communications-server-for-data-center
The package search on the support page should provide a link like this:
https://www.ibm.com/support/pages/node/572683
NOTE: For STEP 2 to STEP 5, an automation install script, installibmcsweb, is provided with the installation package
to perform the process of installation and configuration automatically.
STEP 2: Install the Web Admin package by using the following
rpm -U ibm-commserver-webadmin-version.noarch.rpm (RHEL and SLES)
The ibm-commserver-webadmin-version.rpm file
installs into the /opt/ibm/sna/web
directory. This
directory contains this README and the following three sub-directories that the
web server should
reference:
/opt/ibm/sna/web/cscdoc
/opt/ibm/sna/web/cscbin
/opt/ibm/sna/web/cscicons
These files will all have user 'bin' and group 'sna' access rights.
Follow the instructions in the Configuration
process to reference these directories.
NOTE: Perform all installation instructions under the 'root' system ID.
These instructions for configuring the Web Server are
designed to have
http://server_name/cscdoc/cslinuxweb.html as the main page for
the Web Administration package.
Add a link to this main page somewhere on the Web Server for easier access.
STEP 3: If the version of web server is Apache 2.4, Copy the sna_rpm.conf or sna_deb.conf file found in
/opt/ibm/sna/web into the Web Server configuration directory as sna.conf, where the "_rpm" is for
RHEL and SLES servers and "_deb" is for Ubuntu servers. Otherwise if the version of web server is Apache 2.2, copy the
sna_rpm.conf.apache22 file as sna.conf file into the Web Server configuration directory.
This is /etc/httpd/conf.d on RHEL,
and /etc/apache2/conf.d on SLES, /etc/apaches/sites-available on Ubuntu.
On Ubuntu, you must create two link files. First, one from
/etc/apaches/sites-enabled to the sna.conf file in the sites-available directory. Issue the following:
ln -s /etc/apaches/sites-available/sna.conf /etc/apaches/sites-enabled/sna.conf.
Second, create a link file to point from /etc/apaches/mods-enabled/cgi.load to
/etc/apaches/mods-available/cgi.load. To do this, issue the following:
ln -s /etc/apaches/mods-available/cgi.load /etc/apaches/mods-enabled/cgi.load.
In the Directory statements listed above for the Web
Administration 'sna.conf' documents
and
requires a authentication. To set this security access, use the htpasswd command
to create and set the password file.
STEP 4: Issue the following command on RHEL to set UserID and Password for access to the CS Linux Web Admin pages:
htpasswd -bc /opt/ibm/sna/.webpasswd admin passw0rd
On SLES, the command is htpasswd2.This command creates /opt/ibm/sna/.webpasswd with
a user of 'admin' and a password
of 'passw0rd'. Any reference to the http://server/cscdoc/ will prompt
the initial access to
request the proper user ID and password.
The permissions for CS Linux command line executables are
set to the 'sna' group.
Specific configuration allows Web clients proper access to the CS Linux
commands.
Before setting access to allow execution by the Web client, you must create a
dummy user
in the 'sna' group.
STEP 5: Using root authority, execute /usr/sbin/useradd
-g sna snauser. This
will create a 'snauser' ID in the 'sna' group.
The visudo command in Linux allows the
system administrator to give specific access to an
application to run as a specific user for specific executables. Care must be
taken that the
paths are fully provided so rogue execution will not be possible.
STEP 6: Using visudo, add the
following statement to the bottom of the /etc/sudoers
file,
where interface matches the Linux hostname (as reported using the hostname
command):
www-data interface = (snauser) NOPASSWD: /opt/ibm/sna/bin/snaadmin,/opt/ibm/sna/bin/snagetpd,/opt/ibm/sna/bin/snawhat, /opt/ibm/sna/bin/sna
where www-data is the Apache user ID on SLES (use apache
for RHEL systems, or www-data on Ubuntu),
the interface is the interface that the Web Server is allowing
access over. The (snauser) is required for the
web client to run as 'snauser', a member of the
'sna' group. Use the NOPASSWD option so the
system will not prompt for root password
when the web server executes the script. View the /var/log/httpd/error_logs
for messages if
pages are not properly invoked.
To provide a link to the Web Admin pages, you will need to update the Web Server pages with following:
STEP 7: Update a file found in the /var/www/html
(RHEL path), or /srv/www/htdocs (SLES path), with the
following statement somewhere on a web page (Note, the hostname is the interface name for the Web server):
<a
ref="http://hostname/cscdoc/cslinuxweb.html" > <img SRC="/icons/link.gif"
STEP 8: Issue the following command, depending on the level of Apache
or Apache2 code installed,
to make these changes take effect on the Web Server:
/usr/sbin/apachectl restart or /usr/sbin/apache2ctl restart
If the user ID, 'snauser', is not an ID you wish
to use, you can rename the user ID in the Web
Admin files by running the /opt/ibm/sna/web/rename_user.pl script. This
will prompt for
the new ID to use. You should backup the /opt/ibm/sna/web/cscbin directory first. This
directory contains the files where the 'snauser' ID
is defined in the Web Admin scripts.
The install script installibmcsweb assists the administrator of a Linux system with configuration of the Web Admin.
The script will prompt for configuring the Web Admin, Query Admin, or both automatically. It will perform Steps 2 thru 5 listed above.
1) The script will prompt for which component to install: 1 for Web Admin, 2 for Query, 3 for both,
Other values are invalid and will fail. Based on the user selection, the corresponding user account will be created.
2) The script will install Web Admin package per Step 2. Any install error will cause the script exit.
3) Based on the version of the web server(2.2 or 2.4), the corresponding Web Server configuration file
will be copied to the web server directory. See detail in Step 3.
4) Based on the user selection, the user account will be configured for Web Admin, Web Query or both.
You will be prompt to input user account and password. See detail in Step 4.
5) 'snauser' ID in the 'sna' group will be created if not existed. See detail in Step 5.
Other Steps like 6,7 and 8, you should configure manually
3.0 Uninstall information:
Perform the following steps to remove the CS Linux Web Administration package:
1) Remove references to the Web Admin tool from the Web Server
configuration.
Delete the sna.conf
file that was copied to the /etc/httpd/conf.d directory (or /etc/apache2/conf.d directory)
to remove any references to .../cscdoc,
.../cscbin
and .../cscicons.
2) Execute visudo tool to
update the /etc/sudoers file to remove the
access permission
for the Web Server from the /opt/ibm/sna/bin/... files.
3) Remove the CS Linux Web Administration package by using the following rpm (RHEL and SLES)
or dpkg (Ubuntu) command:
rpm -e ibm-commserver-webadmin
dpkg --remove ibm-commserver-webadmin
4.0 Known limitations and problems:
FORMS
Forms presented by this package to allow action on
or stopping the node, do not prompt for confirmation. The assumption is that
selected
options are the chosen action as submitted on the forms.
Errors that occur due to Web Server invocation problems are logged in the
/var/log/httpd/error_log or /opt/log/apache2/error_log file.
5.0 Notices and trademarks:
This information
was developed for products
and services offered
in the U.S.A.
SUBJECT TO ANY
STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,
INCLUDING BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE,
TECHNICAL SUPPORT, IF
ANY.
The exclusion also
applies to any of
developers and
suppliers.
Manufacturers,
suppliers, or publishers of non-
may provide their own
warranties.
specifies otherwise.
Trademarks
----------
The following terms
are trademarks of the
in the United States
or other countries or both:
Advanced Peer-to-Peer
Networking
AIX
Application System/400
AS/400
CICS
MQSeries
MVS
MVS/ESA
MVS/XA
NetView
OpenPower
OS/2
Power5
pSeries
S/390
SP
System p
System p5
System x
System z
System/370
System/390
Systems Application Architecture
VSE/ESA
VTAM
WebSphere
z/OS
z9
zSeries
The following terms
are trademarks or registered trademarks of other
companies:
Java and all Java-based
trademarks are trademarks of Sun Microsystems,
Inc., in the
UNIX is a
registered trademark in the
licensed exclusively
through The Open Group.
Intel and Pentium are trademarks of Intel Corporation.
Linux is a trademark of Linus Torvalds.
Microsoft, Windows,
Windows NT, Windows XP, Windows 2003, and the
Windows logo are
trademarks of Microsoft Corporation in the
RedHat and
SUSE is a trademark of SUSE LLC or its subsidiaries or affiliates.
Ubuntu is a registered trademark of Canonical Limited in the United Kingdom and other countries.
Other company,
product, and service names may be trademarks or service
marks of others.