|
|
|
|
|
|
| Author |
Message |
TJB
*nix forums beginner
Joined: 02 Mar 2006
Posts: 4
|
 Posted: Fri May 04, 2007 6:44 pm Post subject:
2.2.4 mod_authz_owner "forgets" user's auth
|
|
|
Good Morning:
I'd appreciate suggestions on the following.
The goal is to base web access control on the underlying Unix file system
group access control. I'm using:
- AuthzUnixgroup (Third-party module which effectively replaces AuthGroupFile
with /etc/group. See: http://www.unixpapa.com/mod_authz_unixgroup/)
- Apache's "Require file-group" mechanism (mod_authz_owner)
We experience two prohibitively annoying side-effects of this, and I need
help with #2:
1) Every request for a missing file (including non-existent index.html)
results in a request for reauthentication. To solve this, I've added
rewrite rules which intercept requests for missing files and send these
requests to local php scripts. This works well.
2) A request on a file to which the authenticated user is not authorized
results in the desired request for reauthentication and access denial.
However, when the user then returns to a file to which s/he is
authorized, s/he is again forced to reauth.
It's as if the browser forgets to resend the login/password, or the
server can't use it.
Has anyone else used "Require file-group" and experienced this?
--
We're at: Solaris8, apache-2.2.4, SSL is enabled.
Here are the successful rewrite rules for the VirtualHost:
# Replicate the function of DirectoryIndex.
RewriteCond %{REQUEST_URI} ^/TJB_TEST
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}index.html -f
RewriteRule ^ %{REQUEST_URI}index.html [PT,L]
RewriteCond %{REQUEST_URI} ^/TJB_TEST
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}index.php -f
RewriteRule ^ %{REQUEST_URI}index.php [PT,L]
RewriteCond %{REQUEST_URI} ^/TJB_TEST
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [PT,L]
# When a file doesn't exist, give a helpful error doc.
RewriteCond %{REQUEST_URI} ^/TJB_TEST
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule ^ /FileNotFound.php?req_uri=%{REQUEST_URI}&referer=%{HTTP_REFERER} [PT,L]
Here's the directory section:
#############################################################################
<Directory /web/[hide]/TJB_TEST >
AllowOverride None
order deny,allow
deny from all
allow from .example.com
Options SymLinksIfOwnerMatch IncludesNOEXEC Indexes
DirectoryIndex /DirectoryIndexer.php
AuthName "TJB_TEST Access Controls Test"
AuthType Basic
AuthBasicProvider file
AuthUserFile /web/[hide]/Password.cfg
AuthzOwnerAuthoritative on
AuthzUnixgroup on
Require file-group
Satisfy all
</directory>
#############################################################################
Thanks for any suggestions!
--Tom |
|
| Back to top |
|
 |
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Nov 22, 2008 8:04 pm | All times are GMT
|
|
Mobile Phone | Blog5 Game Cheats | Houses for Sale | Loans | Myspace Codes
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Apache
