httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [users@httpd] Apache authentication - require group AND (not OR) user
Date Wed, 15 Aug 2012 11:45:37 GMT
On 14.08.2012 23:30, Ben Johnson wrote:
> Hello,
>
> I've scoured the Internet for examples of how to implement logical
> operators where the "require" directive is concerned.
>
> The dearth of documentation and discussion regarding this subject leads
> me to believe that it has not been implemented, or was implemented at
> one time and then removed.
>
> This is the most thorough discussion I can find on the subject, which
> dead-ends:
> http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html
>
> My location block, which, at present, only allows one group
> ("programmers"), looks something like this:
>
> <Location /svn/project>
> AuthType Basic
> AuthName "SVN Repository"
> AuthBasicProvider dbm
> AuthDBMType DB
> AuthDBMUserFile "/var/www/apache-users"
> AuthDBMGroupFile "/var/www/apache-users"
> require group programmers
> DAV svn
> AuthzSVNAccessFile /var/www/projects/svn-access-control.cfg
> SVNPath /var/www/svn/project
> </Location>
>
> Ideally, I wish to do something like the following (I'm using
> pseudo-code here, because it's probably easier to understand than plain
> English):
>
> if ($group === 'programmers' || ($group === 'clients && $user === 'joe')) {
>       //Allow access.
> }
> else {
>       //Deny access.
> }
>
> Is this possible? Or do I need to give-up on controlling authentication
> at this level and instead focus on authorization within
> "svn-access-control.cfg"?
>
> Thanks for any help!

You might be looking for the RequireAny and RequireAll container directives:

http://httpd.apache.org/docs/2.4/en/mod/mod_authz_core.html#requireall

See also

httpd.apache.org/docs/2.4/en/mod/mod_authz_core.html#requireall

and finally the How To

http://httpd.apache.org/docs/2.4/en/howto/auth.html

Regards,

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message