mod_authz_groupfile.xml revision 43d99bfb458baee0a702c56a4ef4200e75c4dbb8
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
6fbd2e53c97ea6976d93e0ac521adabc55e0fb73nd Copyright 2002-2004 The Apache Software Foundation
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Licensed under the Apache License, Version 2.0 (the "License");
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd you may not use this file except in compliance with the License.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Group authorization using plaintext files</description>
169280c7e65362d4ed444ec262c3f22a6a280166nd<compatibility>Available in Apache 2.1 and later</compatibility>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>This module provides authorization capabilities so that
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd authenticated users can be allowed or denied access to portions
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd of the web site by group membership. Similar functionality is
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<seealso><directive module="core">Require</directive></seealso>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<seealso><directive module="core">Satisfy</directive></seealso>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the name of a text file containing the list
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshikiof user groups for authorization</description>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The <directive>AuthGroupFile</directive> directive sets the
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz name of a textual file containing the list of user groups for user
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshiki authorization. <var>File-path</var> is the path to the group
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd file. If it is not absolute, it is treated as relative to the <directive
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Each line of the group file contains a groupname followed by a
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd colon, followed by the member usernames separated by spaces.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd mygroup: bob joe anne
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd </example>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Note that searching large text files is <em>very</em>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd >AuthDBMGroupFile</directive> provides a much better performance.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>Make sure that the <directive>AuthGroupFile</directive> is
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd stored outside the document tree of the web-server; do <em>not</em>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd put it in the directory that it protects. Otherwise, clients may
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd be able to download the <directive>AuthGroupFile</directive>.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<description>Sets whether authorization will be passed on to lower level
35ffb30f57f777dbf3f17c5a5ddf706559942c16ndmodules</description>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Setting the <directive>AuthzGroupFileAuthoritative</directive>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd group authorization to be passed on to lower level modules (as defined
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd in the <code>modules.c</code> files) if there is <strong>no
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>By default, control is not passed on and an unknown group
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd will result in an Authentication Required reply. Not
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz setting it thus keeps the system secure and forces an NCSA
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz compliant behaviour.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>Do consider the implications of allowing a user to
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd allow fall-through in his <code>.htaccess</code> file; and verify
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd that this is really what you want; Generally it is easier to just
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd secure a single <code>.htpasswd</code> file, than it is to secure
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd a database which might have more access interfaces.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</modulesynopsis>