Different Limit rules on the same directory with mod_ftp

Hello,

I'm using mod_ftp to provide authenticated FTP access to a Web
directory. It is mostly read-only, but a few users should have write
access to the directory. I am using mod_auth_mysql with groups for
authentication; there is a reader group and a writer group, and the
user with write access is in both groups.

Everything works OK if I just provide read access or write access, but
when I try to provide one group for write access and another for read
access, it ends up providing both groups with read-write access. My
rules look like this:


Include mysql_auth.conf

require group writer


Include idx_auth.conf
require group reader



I am not really sure how to troubleshoot this.

Does anybody have a similar configuration working, or any other
advice?

Thanks!

---Scott.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Different Limit rules on the same directory withmod_ftp

Scott Gifford wrote:
> Hello,
>
> I'm using mod_ftp to provide authenticated FTP access to a Web
> directory. It is mostly read-only, but a few users should have write
> access to the directory. I am using mod_auth_mysql with groups for

What mod_auth_mysql?

There are several third-party modules with that name. They are
essentially obsoleted by the DBD framework in HTTPD/2.2. So you
are probably using a module written for the HTTPD/2.0 authnz
framework rather than the 2.2 one.

>
> Include mysql_auth.conf
>
> require group writer
>
>
> Include idx_auth.conf
> require group reader
>
>

What's in those Includes? is not a general-purpose
container, so it may not work as you expect on some or all
of the contents of idx_auth.conf.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Different Limit rules on the same directory withmod_ftp

Nick Kew writes:

> Scott Gifford wrote:
>> Hello,
>> I'm using mod_ftp to provide authenticated FTP access to a Web
>> directory. It is mostly read-only, but a few users should have write
>> access to the directory. I am using mod_auth_mysql with groups for
>
> What mod_auth_mysql?
>
> There are several third-party modules with that name.

I am using the Debian package libapache2-mod-auth-mysql, which is
targeted to Apache 2.2. The package is for version 4.3.9-11, and it
includes mod_auth_mysql.so and has a copyright of:

* Copyright (c) 2001 by J. R. Westmoreland
* Portions Copyright (c) 2002-2004 by Matthew Palmer

> They are essentially obsoleted by the DBD framework in HTTPD/2.2.
> So you are probably using a module written for the HTTPD/2.0 authnz
> framework rather than the 2.2 one.

I could switch to the DBD framework if that is likely to help with the
problem at hand. I used this mod_auth_mysql module because it was
readily available in Debian and I was able to find some example code
and get it working quickly, but am otherwise not attached to it.

>>
>> Include mysql_auth.conf
>>
>> require group writer
>>
>>
>> Include idx_auth.conf
>> require group reader
>>
>>
>
> What's in those Includes? is not a general-purpose
> container, so it may not work as you expect on some or all
> of the contents of idx_auth.conf.

There is really only one file, I made an error cleaning up my email
message and changed the name in one place but not the other. It is
basically configuration options for mod_auth_mysql. I have tried
including it only in the containing element, in both
elements, and in just the second element. Here are
the contents, with passwords elided:

# Disable other auth modules
AuthBasicAuthoritative Off
AuthUserFile /dev/null

# Configure Auth_MySQL
Auth_MySQL on
Auth_MySQL_Host localhost
Auth_MySQL_User apache_auth
Auth_MySQL_Password xxx
Auth_MySQL_DB idx_users
Auth_MySQL_Password xxx
Auth_MySQL_Group_Table users
Auth_MySQL_Username_Field user
Auth_MySQL_Password xxx
Auth_MySQL_Group_Field groups
Auth_MySQL_Encryption_Types Crypt
Auth_MySQL_Empty_Password xxx
Auth_MySQL_Authoritative on

AuthName "My Auth"
AuthType basic

What would be really useful is some hints for troubleshooting this. I
can't tell if mod_ftp is misbehaving, or mod_auth_mysql, or Apache, or
if everything is behaving as designed and I just misunderstand what
it's doing. I can't figure out a way to nail it down so I can take a
closer look at just one part.

Thanks for any advice!

----Scott.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org