|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
|
|
|
||||||
| alt.apache.configuration Apache web server configuration issues. |
 |
|
|
LinkBack | Outils de la discussion |
07/05/2007, 00h22
|
#1 |
Messages: n/a
Hébergeur: |
ACL inheritance problem
We are trying to setup hierarchical ACLs where the "require user" list
may differ between directories: e.g. <Directory /dir> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny AuthType Basic AuthName "IST DAV" ..... Require user userA userB userC </Directory> <Directory /dir/dir2> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny AuthType Basic AuthName "IST DAV Dir2" ..... Require user userA userD userE </Directory> i.e. only userA, userD, userE are allowed access to /dir/dir2. What we are seeing is that userA, userB and userC are permitted access (the restriction within /dir/dir2 is ignored). Can anyone ? Regards, Patrick |
|
|
07/05/2007, 11h21
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: ACL inheritance problem
On May 7, 12:22 am, prynh...@gmail.com wrote:
> We are trying to setup hierarchical ACLs where the "require user" list > may differ between directories: > > e.g. > > <Directory /dir> > Options Indexes FollowSymLinks MultiViews > AllowOverride All > Order allow,deny > > AuthType Basic > AuthName "IST DAV" > .... > Require user userA userB userC > </Directory> > > <Directory /dir/dir2> > Options Indexes FollowSymLinks MultiViews > AllowOverride All > Order allow,deny > > AuthType Basic > AuthName "IST DAV Dir2" > .... > Require user userA userD userE > </Directory> > > i.e. only userA, userD, userE are allowed access to /dir/dir2. What we > are seeing is that userA, userB and userC are permitted access (the > restriction within /dir/dir2 is ignored). > > Can anyone ? > > Regards, > > Patrick I dont know what ..... means in your first post (the devil usually being in the detail) but I have success with this: <Directory "/path/to/dir"> #removed redundant Order Allow,Deny #because you dont then allow anyone Options Indexes FollowSymLinks MultiViews AllowOverride AllAuthType Basic AuthName "IST DAV" #I assumed .... , meant authuserfile and nothing else AuthUserFile "/apache/conf/userpass" Require user userA userB userC </Directory> <Directory "/path/to/dir/dir2"> AuthName "IST DAV Dir2" #now we deny all to remove access from previous users Order allow,deny #reinstate some access, but at this point #everyone is still denied Require user userA userD userE #satisfy any means, allow either the new users or deny all Satisfy Any </Directory> it wasnt something I thought would work, as I thuogh require OR'd users, however it works here. YMMV |
|
|
|
07/05/2007, 11h24
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: ACL inheritance problem
On May 7, 11:21 am, shimmyshack <matt.fa...@gmail.com> wrote:
> On May 7, 12:22 am, prynh...@gmail.com wrote: > > > > > We are trying to setup hierarchical ACLs where the "require user" list > > may differ between directories: > > > e.g. > > > <Directory /dir> > > Options Indexes FollowSymLinks MultiViews > > AllowOverride All > > Order allow,deny > > > AuthType Basic > > AuthName "IST DAV" > > .... > > Require user userA userB userC > > </Directory> > > > <Directory /dir/dir2> > > Options Indexes FollowSymLinks MultiViews > > AllowOverride All > > Order allow,deny > > > AuthType Basic > > AuthName "IST DAV Dir2" > > .... > > Require user userA userD userE > > </Directory> > > > i.e. only userA, userD, userE are allowed access to /dir/dir2. What we > > are seeing is that userA, userB and userC are permitted access (the > > restriction within /dir/dir2 is ignored). > > > Can anyone ? > > > Regards, > > > Patrick > > I dont know what > .... > means in your first post (the devil usually being in the detail) > but I have success with this: > > <Directory "/path/to/dir"> > #removed redundant Order Allow,Deny > #because you dont then allow anyone > Options Indexes FollowSymLinks MultiViews > AllowOverride AllAuthType Basic > AuthName "IST DAV" > #I assumed .... , meant authuserfile and nothing else > AuthUserFile "/apache/conf/userpass" > Require user userA userB userC > </Directory> > > <Directory "/path/to/dir/dir2"> > AuthName "IST DAV Dir2" > #now we deny all to remove access from previous users > Order allow,deny > #reinstate some access, but at this point > #everyone is still denied > Require user userA userD userE > #satisfy any means, allow either the new users or deny all > Satisfy Any > </Directory> > > it wasnt something I thought would work, as I thuogh require OR'd > users, however it works here. YMMV it's just a thought but you could also use setenvif, and associated a user with an env var, using regular expressions you could match user(A|D|E) assocaiting the word letmein with them those in the dir/dir2 allow list, then use Order Allow,Deny Allow from letmein ...plus the require directive for these users that should work too |
|
|
|
| Outils de la discussion | |
|
|
