Getting More Out Of Apache (Part 2) - Grouping Things Together (Page 4 of 8 )
In addition to user-level access, Apache also allows you to createdifferent groups of individual users, and restrict access to protectedresources based on group membership. For example, let's assume that I havetwo groups, "accounts" and "admin", and I would like to restrict access toa directory only to members of the "accounts" group.
The first thing to do is change the ".htaccess" file in the directory toread
AuthType Basic
AuthName "Top-Secret Information"
AuthUserFile /usr/local/apache/auth/mfre/users
AuthGroupFile /usr/local/apache/auth/mfre/groups
require group accounts
Next, you need to create the group memberships file, as specified in theAuthGroupFile directive above. This file is extremely simple - here's whatit looks like:
$ cat groups
admin: bill harry
accounts: joe beth
Translation: users "joe" and "beth" are members of the group "accounts",while "bill" and "harry" are members of the group "admin".
Now, when you navigate back to the protected directory in your Web browser,Apache will again ask you for authorization; however, only members of thegroup "accounts" will be permitted to view the contents of the directory.
Finally, you can allow or deny access based on host names - the followinglines would deny access to the protected resource for all requests fromdomains other than "melonfire.com"
order deny,allow
deny from all
allow from melonfire.com
Next: Timmmmmmbbbbberrrr! >>
More Administration Articles
More By icarus, (c) Melonfire
