httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Davies" <>
Subject [users@httpd] Resource Centric Authz
Date Thu, 26 Mar 2009 11:48:50 GMT
Hi Everybody!


I wonder if someone can help me? I'm interested in restricting access to
certain resource based on the following criteria:


The users name


 the users group


Standard fare so far. I'm using mod_authn_dbd to authenticate the user from
my MySQL database. 


For Authorization, I want each resource to have an owner and a group (like
unix/linux), and I want each of these to restrict access based on the http
method used to access the resource. For example; 


I have the resource article.html

The owner of this resource is "bob".

The group of this resource is "editors".

The following methods may be used by the owner on this resource: GET, PUT,

The following methods may be used by members of the group "editors" on this
resource: GET, PUT

Any user who is not the owner, and not a member of the group "editors" may
use the following methods: GET


The closest Authz module I have seen that does this is mod_authz_file which
works based on the files actual POSIX file owner and group details.
Unfortunately, this doesn't restrict access by http method though. Ideally,
I would be able to look up these details from an SQL database by request URI
and request method.


Now to my question:


Does anyone know if there is a module or combination of modules that could
achieve (or at least part way achieve) this?

Is this (as I fear) a restriction/limit of the Require directive?


I could do this in PHP, but I'm attempting to draw a clean line between
Authn/Authz and the resources accessed underneath.


Any comments or ideas would be appreciated.





View raw message