Re: Apache authentication - require group AND (not OR) user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 You can have multiple 'require' lines to allow multiple groups and/or
users. So

 require group programmers
 require group secretaries
 require user joe

 "Require"s are OR-ed together, so anyone meeting a single criteria will
get allowed in, provided they enter the correct password of course. So your
check for "user is joe you need to have two separate files.

 hugh

 On Tue 14/08/12 14:30 , Ben Johnson ben@xxxxxxxxxxxxxxxx sent:
 Hello,

 I've scoured the Internet for examples of how to implement logical
 operators where the "require" directive is concerned.

 The dearth of documentation and discussion regarding this subject leads
 me to believe that it has not been implemented, or was implemented at
 one time and then removed.

 This is the most thorough discussion I can find on the subject, which
 dead-ends:
 http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html
[1]">http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html

 My location block, which, at present, only allows one group
 ("programmers"), looks something like this:

 AuthType Basic
 AuthName "SVN Repository"
 AuthBasicProvider dbm
 AuthDBMType DB
 AuthDBMUserFile "/var/www/apache-users"
 AuthDBMGroupFile "/var/www/apache-users"
 require group programmers
 DAV svn
 AuthzSVNAccessFile /var/www/projects/svn-access-control.cfg
 SVNPath /var/www/svn/project

 Ideally, I wish to do something like the following (I'm using
 pseudo-code here, because it's probably easier to understand than plain
 English):

 if ($group === 'programmers' || ($group === 'clients && $user === 'joe'))
{
 //Allow access.
 }
 else {
 //Deny access.
 }

 Is this possible? Or do I need to give-up on controlling authentication
 at this level and instead focus on authorization within
 "svn-access-control.cfg"?

 Thanks for any help!

 -Ben

 ---------------------------------------------------------------------
 To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx [2]
 For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx [3]

 

Links:
------
[1]
http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html
[2] mailto:users-unsubscribe@xxxxxxxxxxxxxxxx
[3] mailto:users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux