httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Access control to files for logged in users only using apache
Date Wed, 04 Jun 2008 11:35:55 GMT
Artem Kuchin wrote:
> Hello!
> 
> Where is the situation. I have a bunch of files (thousands) in a directory
> structure which is accessible via direct url.
> 
> For example:
> 
> directory:
> 
> htdata/index.html
> htdata/files
> htdata/files/1/file1.dat
> htdata/files/1/file2.dat
> htdata/files/2/file3.dat
> htdata/files/3/file4.dat
> 
> The poing is to make ONLY CERTAIN files avaible to users which
> are logged in and qualified for access for the files.
> 
> For example: user john does logged in using apache auth scheme
> and he is qualified (SOMEHOW. HOW to tell it to apache?)
> for access to file2 and files4. After that this user can download them.
> Access to all other files gives "forbidden".
> 
> Any idea?
> 
Hi.

In function of what criteria is a user qualified or not to access which 
file ?  or in function of what criteria is a file said to be accessible 
by which users ?

I mean, assuming that you are using Apache's Basic authentication, based 
on Apache's htpasswd and group files, then Apache knows the user-id and 
(possibly) the user's group(s) membership(s).
Then, on the other hand, you have your files.  How do you decide which 
file is accessible by whom ?  Is it individual per user, per user group 
? can you group the files which have similar access permissions in 
separate directories ?

Example : let's say that there are 4 categories of files; files in 
category#1 can be accessed by some users, files in category#2 by some 
other users, etc..
Then you could split your files in sub-directories, and specify for each 
subdirectory something like :

<Directory /var/www/mysite/htdata/files/1>
   ...
   Require group group1 group99
</Directory>
<Directory /var/www/mysite/htdata/files/2>
   ...
   Require group group2 group99
</Directory>
<Directory /var/www/mysite/htdata/files/only_supers>
   # these files only accessible by "super-users"
   ...
   Require group group99
</Directory>
<Directory /var/www/mysite/htdata/files/everyone>
   # any authenticated user can access these files
   ...
   Require valid-user
</Directory>

then you can arrange to have each of your users given one or more groups 
: the users allowed to access files in "../files/1" would need to belong 
to group1; the users allowed to access files in "../files/2" would need 
to belong to group2; etc..
Users who can access both files/1 and files/2 need to be member of both 
group1 and group2.
Users member of group99 (super-users) can access files in all directories.
Some files may have to be duplicated into more than one subdirectory.

Depending on your situation (number of users, number of files, number of 
different categories of files, etc..) this may be practical or not.

There are really a lot of possibilities already with Apache itself, and 
even more with add-on modules, but maybe provide some more details, so 
that more suggestions can be offered.

André


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message