https://wiki.uniformserver.com/index.php?title=Authentication:_Groups&feed=atom&action=historyAuthentication: Groups - Revision history2024-03-29T05:40:50ZRevision history for this page on the wikiMediaWiki 1.41.0https://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=4782&oldid=prevOlajideolaolorun: Reverted edits by Upazixorys (Talk); changed back to last version by Ric2010-11-24T08:23:06Z<p>Reverted edits by <a href="/Special:Contributions/Upazixorys" title="Special:Contributions/Upazixorys">Upazixorys</a> (<a href="/index.php?title=User_talk:Upazixorys&action=edit&redlink=1" class="new" title="User talk:Upazixorys (page does not exist)">Talk</a>); changed back to last version by <a href="/User:Ric" title="User:Ric">Ric</a></p>
<a href="https://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=4782&oldid=4637">Show changes</a>Olajideolaolorunhttps://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=4637&oldid=prevUpazixorys at 01:14, 24 November 20102010-11-24T01:14:55Z<p></p>
<a href="https://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=4637&oldid=3728">Show changes</a>Upazixoryshttps://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=3728&oldid=prevRic: /* Summary */2009-04-23T15:59:05Z<p><span dir="auto"><span class="autocomment">Summary</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 15:59, 23 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l178">Line 178:</td>
<td colspan="2" class="diff-lineno">Line 178:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{|</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{|</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>| [[Image:uc_small_logo.gif]] || [[User:<del style="font-weight: bold; text-decoration: none;">WikiSysop</del>|Ric]]</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>| [[Image:uc_small_logo.gif]] || [[User:<ins style="font-weight: bold; text-decoration: none;">Ric</ins>|Ric]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: Uniform Server 4.0-Mona]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: Uniform Server 4.0-Mona]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: UniCenter]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: UniCenter]]</div></td></tr>
</table>Richttps://wiki.uniformserver.com/index.php?title=Authentication:_Groups&diff=3721&oldid=prevRic: New page: {{Uc nav Authentication}} '''Authentication Groups''' For small organisations maintainability becomes time consuming and can quickly get out of control. An ideal solution is to use a '''g...2009-04-23T15:52:13Z<p>New page: {{Uc nav Authentication}} '''Authentication Groups''' For small organisations maintainability becomes time consuming and can quickly get out of control. An ideal solution is to use a '''g...</p>
<p><b>New page</b></p><div>{{Uc nav Authentication}}<br />
'''Authentication Groups'''<br />
<br />
For small organisations maintainability becomes time consuming and can quickly get out of control. An ideal solution is to use a '''groups file''' the following page introduces the general concept.<br />
<br />
== Preparation ==<br />
You have a number of directories where certain individuals can have access to all these for example administrators. Certain directories are restricted to directors and managers while critical material is accessible only by the managing.<br />
<br />
The above is a little contrived but gives four grounps '''ceo''', '''directors''', '''managers''' and '''admins'''. For this example I will use the password list from the introduction page: <br />
<pre><br />
root:root<br />
John:john123<br />
Dave Smith:dave123<br />
Mike:mike123<br />
Jane:jane123<br />
Dawn:dawn123<br />
Ruth Smith:ruth123<br />
</pre><br />
Single member groups are useful because it avoids hard coding specific names in the htaccess file. <br />
{|cellspacing="4" cellpadding="4"<br />
|-valign="top" style="background:#f5f5f5;"<br />
|'''ceo'''||'''directors'''||'''managers'''||'''admins'''<br />
|-valign="top" style="background:#f5f5f5;"<br />
|John:john123||Dave Smith:dave123||Mike:mike123||root:root<br />
|-valign="top" style="background:#f5f5f5;"<br />
|&nbsp;||Ruth Smith:ruth123||Jane:jane123||&nbsp;<br />
|-valign="top" style="background:#f5f5f5;"<br />
|&nbsp;||&nbsp;||Dawn:dawn123||&nbsp;<br />
|}<br />
'''''Note 1'':''' Delete the first entry '''root:root''' (everyone knows this) I use it only for testing<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== Groups File ==<br />
A groups file consists of separate lines for each group. Each line starts with a group name followed by a colon and a space-separated list of users in that group. If the list of users is large start a new line, use the same group name followed by a colon and continue with the list of names for that group.<br />
<br />
The groups file is named '''.htgroup''' (if you wish use a different name)<br />
<br />
Create the following file UniServer\udrive\htpasswd\www\'''.htgroup'''<br />
<br />
Add the following groups:<br />
<pre><br />
ceo:John<br />
directors:"Dave Smith" "Ruth Smith"<br />
managers:Mike Jane Dawn<br />
admin:root<br />
</pre> <br />
'''''Note 1'':''' Enclose names with spaces in quotes.<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== Update .htacces files ==<br />
Apache needs to find the group file hence add the path as shown:<br />
<br />
'''AuthGroupFile /htpasswd/www/.htgroup'''<br />
<br />
The '''require''' line changes to Require group:<br />
<br />
'''Require group "group name 1" "group name 2''' <br />
<br />
Modified .htaccess files are shown below:<br />
<br />
==== John ====<br />
* Edit file as shown UniServer\udrive\www\john\'''.htaccess''' <br />
<pre><br />
SSLOptions +StrictRequire<br />
SSLRequireSSL<br />
SSLRequire %{HTTP_HOST} eq "localhost"<br />
ErrorDocument 403 https://localhost/john/<br />
<br />
AuthName "Uniform Server - Server Access"<br />
AuthType Basic<br />
AuthUserFile /htpasswd/www/.htpasswd<br />
AuthGroupFile /htpasswd/www/.htgroup<br />
Require group ceo<br />
</pre><br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
==== Dave Smith ====<br />
* Edit file as shown UniServer\udrive\www\dave_smith\'''.htaccess''' <br />
<pre><br />
SSLOptions +StrictRequire<br />
SSLRequireSSL<br />
SSLRequire %{HTTP_HOST} eq "localhost"<br />
ErrorDocument 403 https://localhost/dave_smith/<br />
<br />
AuthName "Uniform Server - Server Access"<br />
AuthType Basic<br />
AuthUserFile /htpasswd/www/.htpasswd<br />
AuthGroupFile /htpasswd/www/.htgroup<br />
Require group ceo directors<br />
</pre><br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
==== Dawn ====<br />
* Edit file as shown UniServer\udrive\www\dawn\'''.htaccess''' <br />
<pre><br />
SSLOptions +StrictRequire<br />
SSLRequireSSL<br />
SSLRequire %{HTTP_HOST} eq "localhost"<br />
ErrorDocument 403 https://localhost/dawn/<br />
<br />
AuthName "Uniform Server - Server Access"<br />
AuthType Basic<br />
AuthUserFile /htpasswd/www/.htpasswd<br />
AuthGroupFile /htpasswd/www/.htgroup<br />
Require group managers<br />
</pre><br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
==== Ruth Smith ====<br />
* Edit file as shown UniServer\udrive\www\ruth_smith'''.htaccess'''<br />
<pre><br />
SSLOptions +StrictRequire<br />
SSLRequireSSL<br />
SSLRequire %{HTTP_HOST} eq "localhost"<br />
ErrorDocument 403 https://localhost/ruth_smith/<br />
<br />
AuthName "Uniform Server - Server Access"<br />
AuthType Basic<br />
AuthUserFile /htpasswd/www/.htpasswd<br />
AuthGroupFile /htpasswd/www/.htgroup<br />
Require group ceo directors<br />
</pre><br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
==== Note: Moved Servers ====<br />
If you moved the servers see [[4.0-Mona: Multi-Servers | Multi-Servers]] remember to add the correct port numbers.<br />
<br />
* This line: '''SSLRequire %{HTTP_HOST} eq "localhost"''' is checking the incoming request if a mismatch occurs an infinite redirection loop is set up.<br />
* Suppose the server was moved to ports Apache 81 Apache SSL 444 the '''.htaccess''' file for Dave Smith looks like this:<br />
<pre><br />
SSLOptions +StrictRequire<br />
SSLRequireSSL<br />
SSLRequire %{HTTP_HOST} eq "localhost:444"<br />
ErrorDocument 403 https://localhost:444/dave_smith/<br />
<br />
AuthName "Uniform Server - Server Access"<br />
AuthType Basic<br />
AuthUserFile /htpasswd/www/.htpasswd<br />
AuthGroupFile /htpasswd/www/.htgroup<br />
Require group ceo directors<br />
</pre><br />
* To access the folder type the following '''<nowiki>http://localhoat:81</nowiki>''' into a browser<br />
<br />
'''''Note'':''' The above applies to all the '''.htaccess''' files.<br />
<br />
'''''[[#top | Top]]'''''<br />
== Tests ==<br />
Run the servers and check folders are accessible.<br />
<br />
One final test which demonstrates the power of groups. <br />
<br />
Add the root admin to the groups as shown: <br />
<br />
<pre><br />
ceo:John root<br />
directors:"Dave Smith" "Ruth Smith" root<br />
managers:Mike Jane Dawn root<br />
admin:root<br />
</pre> <br />
Restart the browser log in to any user, use name/password root root.<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== Summary ==<br />
That wraps it up for password protecting folders. Apache’s Basic Authentication offers a very flexible solution, using groups extends this flexibility into a manageable system even for medium sized companies. <br />
<br />
Occasionally you may want to protect only a single file and not a complete folder this is covered on the [[Authentication: Single Files| '''next page''']].<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
----<br />
<br />
{|<br />
| [[Image:uc_small_logo.gif]] || [[User:WikiSysop|Ric]]<br />
|}<br />
<br />
[[Category: Uniform Server 4.0-Mona]]<br />
[[Category: UniCenter]]</div>Ric