Re: Access control to files for logged in users only using apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Artem Kuchin wrote:
Hello!

Where is the situation. I have a bunch of files (thousands) in a directory
structure which is accessible via direct url.

For example:

directory:

htdata/index.html
htdata/files
htdata/files/1/file1.dat
htdata/files/1/file2.dat
htdata/files/2/file3.dat
htdata/files/3/file4.dat

The poing is to make ONLY CERTAIN files avaible to users which
are logged in and qualified for access for the files.

For example: user john does logged in using apache auth scheme
and he is qualified (SOMEHOW. HOW to tell it to apache?)
for access to file2 and files4. After that this user can download them.
Access to all other files gives "forbidden".

Any idea?

Hi.

In function of what criteria is a user qualified or not to access which file ? or in function of what criteria is a file said to be accessible by which users ?

I mean, assuming that you are using Apache's Basic authentication, based on Apache's htpasswd and group files, then Apache knows the user-id and (possibly) the user's group(s) membership(s). Then, on the other hand, you have your files. How do you decide which file is accessible by whom ? Is it individual per user, per user group ? can you group the files which have similar access permissions in separate directories ?

Example : let's say that there are 4 categories of files; files in category#1 can be accessed by some users, files in category#2 by some other users, etc.. Then you could split your files in sub-directories, and specify for each subdirectory something like :

<Directory /var/www/mysite/htdata/files/1>
  ...
  Require group group1 group99
</Directory>
<Directory /var/www/mysite/htdata/files/2>
  ...
  Require group group2 group99
</Directory>
<Directory /var/www/mysite/htdata/files/only_supers>
  # these files only accessible by "super-users"
  ...
  Require group group99
</Directory>
<Directory /var/www/mysite/htdata/files/everyone>
  # any authenticated user can access these files
  ...
  Require valid-user
</Directory>

then you can arrange to have each of your users given one or more groups : the users allowed to access files in "../files/1" would need to belong to group1; the users allowed to access files in "../files/2" would need to belong to group2; etc.. Users who can access both files/1 and files/2 need to be member of both group1 and group2.
Users member of group99 (super-users) can access files in all directories.
Some files may have to be duplicated into more than one subdirectory.

Depending on your situation (number of users, number of files, number of different categories of files, etc..) this may be practical or not.

There are really a lot of possibilities already with Apache itself, and even more with add-on modules, but maybe provide some more details, so that more suggestions can be offered.

André


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux