Re: user htaccess administration

To: Michelle Konzack <linux.mailinglists@freenet.de>
Cc: debian-isp@lists.debian.org
Subject: Re: user htaccess administration
From: "Marcel Hicking" <hicking@du.gtn.com>
Date: Fri, 18 May 2001 13:27:48 +0200
Message-id: <[🔎] 3B052354.283.154A1DAB@localhost>
Reply-to: hicking@du.gtn.com
In-reply-to: <[🔎] 3.0.6.16.20010518121258.386747a8@pop3.01019freenet.de>
References: <[🔎] 3B05041D.24397.14D02EAB@localhost>

Michelle Konzack <linux.mailinglists@freenet.de> 18 May 2001, at 12:12:
> Hello Marcel,
>
> I love your pwdadin ;-))
>
> Unfortuately I can not program php and I have a question about some
> changes. I run Apache with a couple of virtualhosts like
>
> /data/michelle-is.com/dir1
>                       dir2
>                       dir3
>
> and now I like to give some users access to seperatly directorya and
> not a global access. Also I like to set an expiration (based on days)
>
> If I add a new user I like to have a checkbox for each directory
> Like
> user      pwd   directorys
> =======================================================
> admin     ___  all
> michelle  ___  []dir1 []dir2 []dir3 ___expdays []remove
> ________  ___  []dir1 []dir2 []dir3 ___expdays []remove


As long as you want the same password (per user) for
all dirs, I'd recomment using an addtional group file
and use seperate groups for each dir.

# cat groups:
dir1: admin marcel dan joey
dir2: admin michelle bill douglas clifford
anotherdir: admin marcel dan steven rasmus

Put a .htaccess file like the following into each dir:

	AuthType Basic
	AuthName "Bla bla bla"
	AuthUserFile /absolutepathtowebroot/htdocs/passwd
	AuthGroupFile /absolutepathtowebroot/htdocs/groups
	Require group dir1

Set "dir1" to reflect the dir your .htaccess file is in.

(See http://httpd.apache.org/docs/mod/mod_auth.html and
http://httpd.apache.org/docs/mod/core.html#require for details)

After writing the passwd file as in my example code
change the groups file to reflect the changes.

Make sure the passwd and groups files are not web readable.
Put something like
	<Files passwd>
    	    deny from all
	</Files>
	<Files groups>
    	    deny from all
	</Files>
in a .htaccess file. Actually, I'd prefer to save the files outside
the htdocs-tree. I usually have a "private" dir for this, but that
depends on your apache setup and PHP safemode restriction.
You might want to check the php3_open_basedir statement if you
have problems with safemode.

I might add this feature some day, but that depends on my
spare time. If it's urgent, I might be available on a
freelance basis, though. ;-)

As for the expire date, that would be more difficult since
there's no standard way to outdate users this way.

Cheers, Marcel

(Since this is an "international" list, I'd prefer to write
in english. Contact me outside the list if you'd prefer
german ;-)

--
     .-----.
   / ´ ´ ` ` `
  //    _    \\
 ||   /   `  ||
 |    \  .´  /
  \    `.__,´
   \
    `         Debian / GNU Linux
      ` .

Reply to:

References:
- Re: user htaccess administration
  - From: "Marcel Hicking" <hicking@du.gtn.com>
- Re: user htaccess administration
  - From: Michelle Konzack <linux.mailinglists@freenet.de>

Prev by Date: Re: user htaccess administration
Next by Date: Re: Kernels 2.4.x for ISP ?
Previous by thread: Re: user htaccess administration
Next by thread: Re: user htaccess administration
Index(es):
- Date
- Thread