mod_authz_owner.html.en revision 205f749042ed530040a4f0080dbcb47ceae8a374
64c02f1310b7747423957823ee09fb3608430f89nd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
64c02f1310b7747423957823ee09fb3608430f89nd<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
64c02f1310b7747423957823ee09fb3608430f89nd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
64c02f1310b7747423957823ee09fb3608430f89nd This file is generated from xml source: DO NOT EDIT
64c02f1310b7747423957823ee09fb3608430f89nd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc<title>mod_authz_owner - Apache HTTP Server Version 2.5</title>
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
2e545ce2450a9953665f701bb05350f0d3f26275nd<script src="/style/scripts/prettify.min.js" type="text/javascript">
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
64c02f1310b7747423957823ee09fb3608430f89nd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Authorization based on file ownership</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_owner_module</td></tr>
b09fcdfc59ada4712150e7bcc7b502bb9e4601d8rjung<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_owner.c</td></tr></table>
64c02f1310b7747423957823ee09fb3608430f89nd <p>This module authorizes access to files by comparing the userid used
64c02f1310b7747423957823ee09fb3608430f89nd for HTTP authentication (the web userid) with the file-system owner or
64c02f1310b7747423957823ee09fb3608430f89nd group of the requested file. The supplied username and password
64c02f1310b7747423957823ee09fb3608430f89nd must be already properly verified by an authentication module,
64c02f1310b7747423957823ee09fb3608430f89nd such as <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> or
64c02f1310b7747423957823ee09fb3608430f89nd <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code>
8e0c9984e1432c934dacca53efc92cde30d0fe53rbowen recognizes two arguments for the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directive, <code>file-owner</code> and
64c02f1310b7747423957823ee09fb3608430f89nd <dd>The supplied web-username must match the system's name for the
64c02f1310b7747423957823ee09fb3608430f89nd owner of the file being requested. That is, if the operating system
64c02f1310b7747423957823ee09fb3608430f89nd says the requested file is owned by <code>jones</code>, then the
64c02f1310b7747423957823ee09fb3608430f89nd username used to access it through the web must be <code>jones</code>
64c02f1310b7747423957823ee09fb3608430f89nd as well.</dd>
64c02f1310b7747423957823ee09fb3608430f89nd <dd>The name of the system group that owns the file must be present
64c02f1310b7747423957823ee09fb3608430f89nd in a group database, which is provided, for example, by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> or <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>,
64c02f1310b7747423957823ee09fb3608430f89nd and the web-username must be a member of that group. For example, if
64c02f1310b7747423957823ee09fb3608430f89nd the operating system says the requested file is owned by (system)
64c02f1310b7747423957823ee09fb3608430f89nd group <code>accounts</code>, the group <code>accounts</code> must
64c02f1310b7747423957823ee09fb3608430f89nd appear in the group database and the web-username used in the request
64c02f1310b7747423957823ee09fb3608430f89nd must be a member of that group.</dd>
64c02f1310b7747423957823ee09fb3608430f89nd <p>If <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code> is used in order to authorize
64c02f1310b7747423957823ee09fb3608430f89nd a resource that is not actually present in the filesystem
64c02f1310b7747423957823ee09fb3608430f89nd (<em>i.e.</em> a virtual resource), it will deny the access.</p>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Particularly it will never authorize <a href="/content-negotiation.html#multiviews">content negotiated
64c02f1310b7747423957823ee09fb3608430f89nd<div id="quickview"><h3 class="directives">Directives</h3>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<p>This module provides no
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin directives.</p>
64c02f1310b7747423957823ee09fb3608430f89nd<li><img alt="" src="/images/down.gif" /> <a href="#examples">Configuration Examples</a></li>
9335f6d807d76d60e54af4ededdebebddb3e3d13noodl<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
64c02f1310b7747423957823ee09fb3608430f89nd<h2><a name="examples" id="examples">Configuration Examples</a></h2>
67c026fea89b4faf173772b5944b6aa006ca6eb0nd <h3><a name="examples.file-owner" id="examples.file-owner">Require file-owner</a></h3>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Consider a multi-user system running the Apache Web server, with
64c02f1310b7747423957823ee09fb3608430f89nd each user having his or her own files in <code>~/public_html/private</code>. Assuming that there is a single
64c02f1310b7747423957823ee09fb3608430f89nd <code class="directive"><a href="/mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> database
64c02f1310b7747423957823ee09fb3608430f89nd that lists all of their web-usernames, and that these usernames match
64c02f1310b7747423957823ee09fb3608430f89nd the system's usernames that actually own the files on the server, then
64c02f1310b7747423957823ee09fb3608430f89nd the following stanza would allow only the user himself access to his
64c02f1310b7747423957823ee09fb3608430f89nd own files. User <code>jones</code> would not be allowed to access
64c02f1310b7747423957823ee09fb3608430f89nd files in <code>/home/smith/public_html/private</code> unless they
64c02f1310b7747423957823ee09fb3608430f89nd were owned by <code>jones</code> instead of <code>smith</code>.</p>
4aa603e6448b99f9371397d439795c91a93637eand <pre class="prettyprint lang-config"><Directory /home/*/public_html/private>
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthType Basic
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthName MyPrivateFiles
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthBasicProvider dbm
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic Require file-owner
4aa603e6448b99f9371397d439795c91a93637eand</Directory></pre>
67c026fea89b4faf173772b5944b6aa006ca6eb0nd <h3><a name="examples.file-group" id="examples.file-group">Require file-group</a></h3>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Consider a system similar to the one described above, but with
64c02f1310b7747423957823ee09fb3608430f89nd some users that share their project files in
64c02f1310b7747423957823ee09fb3608430f89nd <code>~/public_html/project-foo</code>. The files are owned by the
64c02f1310b7747423957823ee09fb3608430f89nd system group <code>foo</code> and there is a single <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> database that
64c02f1310b7747423957823ee09fb3608430f89nd contains all of the web-usernames and their group membership,
64c02f1310b7747423957823ee09fb3608430f89nd <em>i.e.</em> they must be at least member of a group named
64c02f1310b7747423957823ee09fb3608430f89nd <code>foo</code>. So if <code>jones</code> and <code>smith</code>
64c02f1310b7747423957823ee09fb3608430f89nd are both member of the group <code>foo</code>, then both will be
64c02f1310b7747423957823ee09fb3608430f89nd authorized to access the <code>project-foo</code> directories of
64c02f1310b7747423957823ee09fb3608430f89nd each other.</p>
4aa603e6448b99f9371397d439795c91a93637eand <pre class="prettyprint lang-config"><Directory /home/*/public_html/project-foo>
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthType Basic
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthName "Project Foo Files"
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthBasicProvider dbm
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic Satisfy All
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic Require file-group
4aa603e6448b99f9371397d439795c91a93637eand</Directory></pre>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
727872d18412fc021f03969b8641810d8896820bhumbedooh</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
727872d18412fc021f03969b8641810d8896820bhumbedoohvar comments_shortname = 'httpd';
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedoohvar comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authz_owner.html';
0d0ba3a410038e179b695446bb149cce6264e0abnd(function(w, d) {
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread"><\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd var s = d.createElement('script');
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
0d0ba3a410038e179b695446bb149cce6264e0abnd (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd})(window, document);
205f749042ed530040a4f0080dbcb47ceae8a374rjung<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
0d0ba3a410038e179b695446bb149cce6264e0abndif (typeof(prettyPrint) !== 'undefined') {
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd prettyPrint();