f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Licensed to the Apache Software Foundation (ASF) under one or more
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding contributor license agreements. See the NOTICE file distributed with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding this work for additional information regarding copyright ownership.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding The ASF licenses this file to You under the Apache License, Version 2.0
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding (the "License"); you may not use this file except in compliance with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding the License. You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Group authorization using plaintext files</description>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>This module provides authorization capabilities so that
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd authenticated users can be allowed or denied access to portions
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd of the web site by group membership. Similar functionality is
9cd3b05d7b70f07a742bbaf548fa4fa2bdbe5ce6noodl<seealso><directive module="mod_authz_core">Require</directive></seealso>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin<section id="requiredirectives"><title>The Require Directives</title>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin <p>Apache's <directive module="mod_authz_core">Require</directive>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin directives are used during the authorization phase to ensure that
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin a user is allowed to access a resource. mod_authz_groupfile extends the
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin authorization types with <code>group</code> and <code>group-file</code>.
9a2b3982c53d51e2d2df29b6f94cc25e2ed134bcjailletc <p>Since v2.4.8, <a href="/expr.html">expressions</a> are supported
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin within the groupfile require directives.</p>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin <p>This directive specifies group membership that is required for the
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin user to gain access.</p>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin Require group admin
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin </highlight>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin<section id="reqfilegroup"><title>Require file-group</title>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin <p>When this directive is specified, the user must be a member of the group
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin assigned to the file being accessed.</p>
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin Require file-group
4816cd796cb9da2fb18a2d382586a926e0e9ae54minfrin </highlight>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the name of a text file containing the list
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshikiof user groups for authorization</description>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The <directive>AuthGroupFile</directive> directive sets the
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz name of a textual file containing the list of user groups for user
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshiki authorization. <var>File-path</var> is the path to the group
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd file. If it is not absolute, it is treated as relative to the <directive
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Each line of the group file contains a groupname followed by a
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd colon, followed by the member usernames separated by spaces.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd mygroup: bob joe anne
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim </example>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Note that searching large text files is <em>very</em>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd >AuthDBMGroupFile</directive> provides a much better performance.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>Make sure that the <directive>AuthGroupFile</directive> is
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd stored outside the document tree of the web-server; do <em>not</em>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd put it in the directory that it protects. Otherwise, clients may
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd be able to download the <directive>AuthGroupFile</directive>.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</modulesynopsis>