httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond S Brand <>
Subject Re: Change relative path for AuthUserFile, perhaps?
Date Wed, 12 May 1999 13:36:00 GMT
Actually, all of the Auth*File directives are documented as taking absolute
paths, with Auth{File|Group}File also taking paths relative to ServerRoot.

I seem to recall that the original behavior of the Auth*File directives was
that they were relative to AccessFile directory and that the behavior was
changed because people were allowing their passwd files to be served. Some-
one with access to the CVS history could look that up.

I, personally, would prefer that the Auth*Files be relative to the
AccessFile directory (with warnings in the documentation) or absolute paths.
DocumentRoot is not always meaningful, think about the Alias and UserDir
directives; ServerRoot can be on a read only partition. This would benefit
virtual hosting setups and multi department/project setups of the kind I've
been doing.

Raymond S Brand

David Harris wrote:
> Hi,
> Currently the configuration directive AuthUserFile is taken as relative to
> the ServerRoot. Well, in an virtual hosting setup where none of my users has
> access to the ServerRoot, this is not really useful. I'd rather have it
> relative to the document root or the directory of the .htaccess file.
> I think making this relative to the server root was designed to support
> people keeping the .htpasswd files out of the document root so that they
> can't be downloaded. But this can just as easily done by denying access to
> .htpasswd just like .htaccess for all users, which is what I intend to do.
> Oh, and if AuthUserFile is changed, then AuthGroupFile should also be
> changed.
> Are others interested in seeing this change made? Does changing this sound
> possible? Any thoughts?
> References:
> Thanks for reading this request!
>  - David Harris
>    Principal Engineer, DRH Internet Services

View raw message