Automatically grant authenticated users access to a dir matching their username
Automatically grant authenticated users access to a dir matching their username
am 22.09.2009 13:31:29 von Joahnn Gile
Hello,
I am looking for a way to grant authenticated users access to a=
directory matching their username and denying access to all other director=
ies.=0AThe idea is that I have dozens of WebDAV and need a way to avoid put=
ting a directive like=0A=0A Require u=
ser user999=0A=0Ainto my configuration for each user which has =
become painful to maintain.=0AA search in the mailinglist archive turned up=
a similar question: http://article.gmane.org/gmane.comp.apache.user/39622 =
The proposed solution does not quite do it form me because I need to mainta=
in my existing URL scheme where each user is assigned a separate directory =
for access.=0AIs there some other solution for automatically granting authe=
nticated users access to "their" individual directory?
Regards,
J=
ohann
=0A
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Automatically grant authenticated users access to a dir matching their username
am 22.09.2009 13:39:13 von LuKreme
On 22-Sep-2009, at 05:31, Joahnn Gile wrote:
> Is there some other solution for automatically granting
> authenticated users access to "their" individual directory?
Have your user-creation tools create /etc/apache2/users/user999.conf
file when the user is created. Isn't that the usual way?
--
Ille Qui Nos Omnes Servabit
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Automatically grant authenticated users accessto a dir matching their username
am 22.09.2009 13:44:45 von Nick Kew
Joahnn Gile wrote:
> Hello,
>
> I am looking for a way to grant authenticated users access to a directory matching their username and denying access to all other directories.
> The idea is that I have dozens of WebDAV and need a way to avoid putting a directive like
>
> Require user user999
>
Easier just to have the same URL for everyone (protected with
Require valid-user or similar), and map that to the directory
for the authenticated user. Rewriterule can check for the
authenticated user.
--
Nick Kew
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Automatically grant authenticated users access to a dir matching their username
am 22.09.2009 13:53:23 von Joahnn Gile
--- Nick Kew schrieb am Di, 22.9.2009:
> Easier ju=
st to have the same URL for everyone (protected=0A> with=0A> Require valid-=
user or similar), and map that to the=0A> directory=0A> for the authenticat=
ed user.=A0 Rewriterule can check for=0A> the=0A> authenticated user.
=
Do you mean like this:=0Ahttp://article.gmane.org/gmane.comp.apache.user/39=
622 ?=0AThe problem is, as I wrot in my post, that I need to maintain the e=
xisting URL scheme which is http://example.net/user999/ .
=0A
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Automatically grant authenticated users access to a dir matching their username
am 22.09.2009 14:52:07 von Rich Bowen
--Apple-Mail-17-438821071
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On Sep 22, 2009, at 07:53 , Joahnn Gile wrote:
> --- Nick Kew schrieb am Di, 22.9.2009:
>
>> Easier just to have the same URL for everyone (protected
>> with
>> Require valid-user or similar), and map that to the
>> directory
>> for the authenticated user. Rewriterule can check for
>> the
>> authenticated user.
>
> Do you mean like this:
> http://article.gmane.org/gmane.comp.apache.user/39622 ?
> The problem is, as I wrot in my post, that I need to maintain the
> existing URL scheme which is http://example.net/user999/ .
Consider using mod_authz_owner which will do authentication based on
the username that owns the file/directory. Assuming that the
directories in question will be owned by that user, that should work.
--
Rich Bowen
rbowen@rcbowen.com
--Apple-Mail-17-438821071
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
-webkit-line-break: after-white-space; ">
On Sep 22, 2009, =
at 07:53 , Joahnn Gile wrote:
class=3D"Apple-interchange-newline">
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; ">--- Nick Kew <
href=3D"mailto:nick@webthing.com">nick@webthing.com> schrieb am =
Di, 22.9.2009:
Easier just to have the =
same URL for everyone (protected
type=3D"cite">with
Require =
valid-user or similar), and map that to the
type=3D"cite">directory
for =
the authenticated user. Rewriterule can check =
for
type=3D"cite">the
authenticated =
user.
Do you mean like this:
href=3D"http://article.gmane.org/gmane.comp.apache.user/3962 2">http://arti=
cle.gmane.org/gmane.comp.apache.user/39622
class=3D"Apple-converted-space"> ?
The problem is, as I =
wrot in my post, that I need to maintain the existing URL scheme which =
is
href=3D"http://example.net/user999/">http://example.net/user 999/
class=3D"Apple-converted-space"> .
Consider using mod_authz_owner which will do authentication =
based on the username that owns the file/directory. Assuming that the =
directories in question will be owned by that user, that should =
work.
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; ">
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; ">
--
Rich Bowen
href=3D"mailto:rbowen@rcbowen.com">rbowen@rcbowen.com
div>
=
--Apple-Mail-17-438821071--
Re: Automatically grant authenticated users access to a dir matching their username
am 22.09.2009 15:12:15 von Joahnn Gile
--- Rich Bowen schrieb am Di, 22.9.2009:
> Consid=
er using mod_authz_owner which will do=0A> authentication based on the user=
name that owns the=0A> file/directory. Assuming that the directories in que=
stion=0A> will be owned by that user, that should work.
Unfortunately =
that will not work as the users do not have system accounts, we use mod-aut=
h-mysql and all files are owned by the apache user.
__________________=
________________________________=0ADo You Yahoo!?=0ASie sind Spam leid? Yah=
oo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. =
=0Ahttp://mail.yahoo.com
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Automatically grant authenticated users accessto a dir matching their username
am 22.09.2009 16:20:22 von aw
Joahnn Gile wrote:
> --- Rich Bowen schrieb am Di, 22.9.2009:
>
>> Consider using mod_authz_owner which will do
>> authentication based on the username that owns the
>> file/directory. Assuming that the directories in question
>> will be owned by that user, that should work.
>
> Unfortunately that will not work as the users do not have system accounts, we use mod-auth-mysql and all files are owned by the apache user.
>
I think this would be quite easy to do using mod_perl.
- catch the request before mod_auth_mysql (e.g. in a PerlAccessHandler)
- in function of the "user" part of the URL, set the "required user"
on-the-fly
- let mod_auth_mysql do its stuff to authenticate the user
- let the Apache "require user xxxx" (as modified by the mod_perl module
above) catch the inappropriate user
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org