<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--

<title>mod_authz_groupfile - Apache HTTP Server</title>

<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />

<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />

<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />

<link href="/images/favicon.ico" rel="shortcut icon" /></head>

<body>

<div id="page-header">

<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>

<p class="apache">Apache HTTP Server Version 2.1</p>

<img alt="" src="/images/feather.gif" /></div>

<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>

<div id="path">

<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Modules</a></div>

<div id="page-content">

<div id="preamble"><h1>Apache Module mod_authz_groupfile</h1>

<div class="toplang">

<p><span>Available Languages: </span><a href="/en/mod/mod_authz_groupfile.html" title="English">&nbsp;en&nbsp;</a> |

<a href="/ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

<a href="/ko/mod/mod_authz_groupfile.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

</div>

<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorization using plaintext files</td></tr>

<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>

<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_groupfile_module</td></tr>

<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_groupfile.c</td></tr>

<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later</td></tr></table>

<h3>Summary</h3>

<p>This module provides authorization capabilities so that

authenticated users can be allowed or denied access to portions

of the web site by group membership. Similar functionality is

provided by <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>

</div>

<div id="quickview"><h3 class="directives">Directives</h3>

<ul id="toc">

<li><img alt="" src="/images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>

<li><img alt="" src="/images/down.gif" /> <a href="#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li>

</ul>

<h3>See also</h3>

<ul class="seealso">

<li><code class="directive"><a href="/mod/core.html#require">Require</a></code></li>

<li><code class="directive"><a href="/mod/core.html#satisfy">Satisfy</a></code></li>

</ul></div>

<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

<div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2>

<table class="directive">

<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the name of a text file containing the list

of user groups for authorization</td></tr>

<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthGroupFile <var>file-path</var></code></td></tr>

<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>

<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_groupfile</td></tr>

</table>

<p>The <code class="directive">AuthGroupFile</code> directive sets the

name of a textual file containing the list of user groups for user

authorization. <var>File-path</var> is the path to the group

file. If it is not absolute, it is treated as relative to the <code class="directive"><a href="/mod/core.html#serverroot">ServerRoot</a></code>.</p>

<p>Each line of the group file contains a groupname followed by a

colon, followed by the member usernames separated by spaces.</p>

<div class="example"><h3>Example:</h3><p><code>

mygroup: bob joe anne

</code></p></div>

<p>Note that searching large text files is <em>very</em>

inefficient; <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> provides a much better performance.</p>

<div class="warning"><h3>Security</h3>

<p>Make sure that the <code class="directive">AuthGroupFile</code> is

stored outside the document tree of the web-server; do <em>not</em>

put it in the directory that it protects. Otherwise, clients may

be able to download the <code class="directive">AuthGroupFile</code>.</p>

</div>

</div>

<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

<div class="directive-section"><h2><a name="AuthzGroupFileAuthoritative" id="AuthzGroupFileAuthoritative">AuthzGroupFileAuthoritative</a> <a name="authzgroupfileauthoritative" id="authzgroupfileauthoritative">Directive</a></h2>

<table class="directive">

<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization will be passed on to lower level

modules</td></tr>

<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzGroupFileAuthoritative On|Off</code></td></tr>

<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzGroupFileAuthoritative On</code></td></tr>

<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>

<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_groupfile</td></tr>

</table>

<p>Setting the <code class="directive">AuthzGroupFileAuthoritative</code>

directive explicitly to <code>Off</code> allows for

group authorization to be passed on to lower level modules (as defined

in the <code>modules.c</code> files) if there is <strong>no

group</strong> matching the supplied userID.</p>

<p>By default, control is not passed on and an unknown group

will result in an Authentication Required reply. Not

setting it thus keeps the system secure and forces an NCSA

compliant behaviour.</p>

<div class="warning"><h3>Security</h3>

<p>Do consider the implications of allowing a user to

allow fall-through in his <code>.htaccess</code> file; and verify

that this is really what you want; Generally it is easier to just

secure a single <code>.htpasswd</code> file, than it is to secure

a database which might have more access interfaces.</p>

</div>

</div>

</div>

<div class="bottomlang">

<p><span>Available Languages: </span><a href="/en/mod/mod_authz_groupfile.html" title="English">&nbsp;en&nbsp;</a> |

<a href="/ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

<a href="/ko/mod/mod_authz_groupfile.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

</div><div id="footer">

<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>

<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>

</body></html>