Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Permissions?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Permissions?
Authored by: fizgig on Jul 30, '03 12:26:54PM

Can you tell me how you have permissions set up for this?
I have a ton of virtual hosts, all with different usernames (we're a hosting company) but when I log in to DAV (which is a virtual host whose DocumentRoot is the same as my webroot) I can see the folders for my virtual hosts, but can't see any files inside them.



[ Reply to This | # ]
Permissions?
Authored by: jabest on Jul 30, '03 07:44:05PM

I can't speak for others, but I use mod_auth_apple for authentication. The source is available from Apple here:

http://www.opensource.apple.com/projects/darwin/darwinserver/source/apsl/mod_auth_apple-XS-10.1.tgz

Compile it up, install it, then add the following lines to your httpd.conf. First, in the LoadModule area, add this:


LoadModule apple_auth_module   libexec/httpd/mod_auth_apple.so

Next, in the AddModule area, add this line:


AddModule mod_auth_apple.c

Be sure to put these lines in the same place in terms of load order! If you put the LoadModule statement last, then the AddModule needs to be last as well.

Basically, that's it! The mod_apple_auth works just like the mod_auth that comes with Apache, but gets its authenication information from NetInfo. Therefore, within your or block, you'd have something like this:


<Directory /Library/WebServer/Documents>
	DAV On
	... additional directives ...
	AuthType Basic
	Require valid-user
	... additional directives ...
</Directory>

There's no need for an AuthUserFile directive. AuthType Basic will now go looking in NetInfo. It will allow users that are members of the same group as is assigned to the server (by default, this is 'www' or 'nogroup') to log in. To be sure, look in your httpd.conf for this directive:


Group www

It should be uncommented. From here, I expand my permissions further through the use of the 'file-owner' and 'file-group' attributes of the Require statment. These two will look at the file and group privileges on the file/folder, and allow access that way.

To sum up:

valid-user lets them in (provided they're in 'www')
file-owner and file-group give them access to the files

Hope this helps!

TTFN, James



[ Reply to This | # ]