httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Enhancement to mod_auth
Date Fri, 10 Aug 2001 22:39:41 GMT
In response to a private query, I worked up a little patch
to add an enhancement to mod_auth: in addition to 'require valid-user'
and 'require user xxx yyy zzz' the enhanced version recognises
'require owner'.  The idea is that access is granted if the
user is authenticated AND matches the username of the owner of
the file.

This would allow admins to have a single user database but not
have to add special clauses for each user -- for example, the
single stanza below:

<Directory /home/*/public_html/private>
    AuthType Basic
    AuthName MyPrivateFiles
    AuthUserFile /usr/local/apache/etc/.htpasswd-allusers
    Require owner
    Satisfy All
</Directory>

would allow 'jones' and only 'jones' to have access to the
files in /home/jones/public_html/private.  As users are added/
removed/renamed, only the single credential database need be
maintained.  The server need not be reloaded nor the config files
edited, nor are there any .htaccess files to twiddle.

Is this a worthwhile thing to add to the base package, or
should I keep it third-party and submit it to the module registry?
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Apache Software Foundation         http://www.apache.org/
"Apache Server for Dummies"        http://Apache-Server.Com/
"Apache Server Unleashed"          http://ApacheUnleashed.Com/

"All right everyone!  Step away from the glowing hamburger!"

Mime
View raw message