[wplug] Apache HTTP Access issue

Wise, Jeremey jeremey.wise at agilysys.com
Mon Sep 26 08:57:03 EDT 2005 

Just to post back to the community what the resolution was, it was purly
a permission issue.

Here is how to setup the whole virtualized environment with Fedora Core
4 and apache:

cat /etc/httpd/conf/httpd.conf
**********************************
#</VirtualHost>

<VirtualHost *:80>
DocumentRoot "/var/www/html/stupid/"
ServerName www.stupid.org:80
ServerAlias *.stupid.org
<Directory "/var/www/html/stupid/">
allow from all
Options +Indexes
</Directory>
#SuexecUserGroup stupidpeople
</VirtualHost>


*************************************
Password file and group file are set in a centralized spot for the
entire virtual server and all virtual domains to keep things consitant:
(Watch permissions. All must be readable and executable by the user
apache which is the account the deamon uses. If the apache user can not
read the file it can not present it to the users.)

/var/www/html/stupid
[root at venus stupid]# ls -alh .ht*
-r-xr-x---  1 apache stupidpeople 1.1K Sep 25 14:38 .htgroup
-r-xr-x---  1 apache stupidpeople  494 Sep 25 14:43 .htpasswd


Below is the contents of the .htgroup file. I also documented in the
file how to add a user in case I forget later on:>)
********************************************************
[root at venus stupid]# cat .htgroup
# Below is the entries to add users to the groups which are listed
# Each section is a group name which the .htaccess file can call
# Only us  the -c flag for the first time the password file is created
# htpasswd -c .htpasswd bob
# htpasswd .htpasswd jane
# htpasswd .htpasswd biff
# List of groups and their members
stupidusers: bob jane biff
stupidpeople bob biff
stupidadmins bob

Now the contents of the file which contains all the passwords
[root at venus landofthevisigoths]# cat .htpasswd
biff:R1qTRYwlWJ3uA
jane:R1qTRYwl2JeuA
bob:raE6O3Q4BAUCg

Now that you have the master files for users, group membership and their
passwords set all you have to do is create a .htaccess file to call
these files in every directory you have desire to protect.

[root at venus stupidpeople]# cat .htaccess
# /var/www/html/stupid/stupidpeople/
AuthUserFile /var/www/html/stupid/.htpasswd
AuthGroupFile /var/www/html/stupid/.htgroup
AuthName stupidpeople
AuthType Basic

<Limit GET>
require group stupidpeople
</Limit>

And to call a different group just reference them in in exchange of
stupidpeople (as in example) to the group listed in the .htgroup file.
ie. You could make a .htaccess file which would limit a directory to
just admins like this:

[root at venus stupidpeople]# cat .htaccess
# /var/www/html/stupid/stupidadmins/
AuthUserFile /var/www/html/stupid/.htpasswd
AuthGroupFile /var/www/html/stupid/.htgroup
AuthName stupidadmins
AuthType Basic

<Limit GET>
require group stupidadmins
</Limit>


(In this example only bob could see the contents in the
/var/www/html/stupid/stupidadmins/ directory )


Restart the server and you are good to go (though this is a real time
read:>) Happy hosting.


-----Original Message-----
From: Bill Moran [mailto:wmoran at potentialtech.com] 
Sent: Wednesday, September 21, 2005 4:06 PM
To: General user list
Cc: Wise, Jeremey
Subject: Re: [wplug] Apache HTTP Access issue

"Wise, Jeremey" <jeremey.wise at agilysys.com> wrote:
> I have a small website. I want to have the home page public /
anonymous
> accessable. Any subpages will then require a password.
> 
>  
> 
> Example 
> 
>  
> 
> www.stupid.com/index.html and all files are public which are found in
> /var/www/html/stuipid/*
> 
>  
> 
> BUT
> 
>  
> 
> www.stupid.com/members/index.html and all content will be only usable
> via "stupid" group /var/www/html/stupid/members/*
> 
>  
> 
>  I have read 
> 
> http://httpd.apache.org/docs/1.3/howto/auth.html#basicworks
> 
>
http://webmonkey.wired.com/webmonkey/html/97/08/index2a_page2.html?tw=ba
> ckend
> 
>  
> 
> Which seemed to make the process seem easy.
> 
>  
> 
> ******************************
> 
> I created in /var/www/http/stupid/members/
> 
>  
> 
> -rw-r--r--  1 apache stupid  126 Sep 21 13:53 .htaccess
> 
> -rw-r--r--  1 apache stupid 1.1K Sep 20 14:24 .htgroup
> 
> -rw-r--r--  1 apache stupid   20 Sep 21 14:52 .htpasswd
> 
>  
> 
> And in each file are the proper entries (IMHO)
> 
> [root at venus Members]# cat .htaccess
> 
> AuthUserFile .htpasswd
> 
> AuthGroupFile .htgroup
> 
> AuthName stupid
> 
> AuthType Basic
> 
>  
> 
> [root at venus Members]# cat .htgroup
> 
> stupid: wisej bob henry
> 
>  
> 
> [root at venus Members]# cat .htpasswd
> 
> wisej:nMiDsEWj8nA2gw
> 
> bob:st2gMRbwkfGWe4g
> 
>  
> 
> *****************
> 
>  
> 
> When I go to the site I get the first page fine but all urls which
> direct into the /var/www/html/stupid/members directory are:
> 
> 
> Forbidden
> 
> 
> You don't have permission to access /members/stupidinfo.html on this
> server.
> 
> I also googled and found refernaces to change the /etc/httpd/conf/
> httpd.conf entry of:
> 
> #    AllowOverride None
> 
>      AllowOverride All
> 
> But this had no effect.

You really seem to like blank space in your emails.

If you move the various .ht* files out of the way, does the problem
still
exist?  If so, check the file permissions to be sure apache has the
ability to read the files/directories.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the wplug mailing list