httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jared Breland <list-apa...@legroom.net>
Subject [users@httpd] apache directory permissions
Date Tue, 22 Feb 2005 19:59:56 GMT
I'm attempting to setup a tiered-permission directory structure. 
Specifically, I have a global access open by default (htdocs), a restricted 
subdir of htdocs (nessus), and several differently restricted subdir of 
nessus.  So, it looks like this:

1. /htdocs/*
2. /htdocs/nessus/*
3. /htdocs/nessus/restricted1/*
4. /htdocs/nessus/restricted2/*
etc.

Due to the nature of the data I'm working with, these directories will be 
listed by apache, and little to no html will be used.  Therefore I want to 
use Apache to control/restrict access,, and I don't want cleartext 
passwords.  So I decided on Digest Authentication, and implemented
it like so in httpd.conf:

<Directory "/var/www/localhost/htdocs/nessus">
    AuthDigestFile /var/www/localhost/htdocs/nessus/.users
    AuthName security
    AuthType Digest
    IndexIgnore readme.html .*
    IndexOptions +FoldersFirst +SuppressDescription +NameWidth=* +XHTML
    HeaderName readme.html
    Options +Indexes
    Require valid-user
</Directory>

<Directory "/var/www/localhost/htdocs/nessus/restricted1">
    AuthDigestFile /var/www/localhost/htdocs/nessus/.users
    AuthName restricted1
    AuthType Digest
    Require valid-user
</Directory>

This works fine as far as authentication, but I'm having two other issues:

#1, restricted1 (and restricted2, etc.) does not show up in the directory 
listing for nessus.  If I remove the Directory entry for restricted1 and 
restart apache, it shows up fine, so it's not a permissions problem.  Also, 
this used to work in Apache 1.3.x, but not in my current version (2.0.52). 
Any idea why?  If not, can anyone recommend a better way to handle 
permissions and authentication?

#2, my nessus subdirectories do not inherit the parent directives.  Eg., if 
I click on a subdirectory of nessus, the new directory listing does not have 
the same IndexOptions set as the parent.  Is there any way to make settings 
inheritable, other than setting them as global defaults?

Thanks.

--
Jared


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message