4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<?xml version="1.0" encoding="ISO-8859-1"?>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<title>mod_authz_owner - Apache HTTP Server</title>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<script src="/style/scripts/prettify.min.js" type="text/javascript">

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen</script>

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<link href="/images/favicon.ico" rel="shortcut icon" /></head>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<body>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div id="page-header">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>

3f08db06526d6901aa08c110b5bc7dde6bc39905nd<p class="apache">Apache HTTP Server Version 2.5</p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<img alt="" src="/images/feather.gif" /></div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div id="path">

3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div id="page-content">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div id="preamble"><h1>Apache Module mod_authz_owner</h1>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div class="toplang">

f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin</div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Authorization based on file ownership</td></tr>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_owner_module</td></tr>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_owner.c</td></tr></table>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<h3>Summary</h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <p>This module authorizes access to files by comparing the userid used

6d20aeba2c4aa0938bc6e0659d13adc7670ff421poirier for HTTP authentication (the web userid) with the file-system owner or

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin group of the requested file. The supplied username and password

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin must be already properly verified by an authentication module,

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin such as <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> or

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin recognizes two arguments for the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directive, <code>file-owner</code> and

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <code>file-group</code>, as follows:</p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <dl>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <dt><code>file-owner</code></dt>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <dd>The supplied web-username must match the system's name for the

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin owner of the file being requested. That is, if the operating system

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin says the requested file is owned by <code>jones</code>, then the

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin username used to access it through the web must be <code>jones</code>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin as well.</dd>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <dt><code>file-group</code></dt>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <dd>The name of the system group that owns the file must be present

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin in a group database, which is provided, for example, by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> or <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>,

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin and the web-username must be a member of that group. For example, if

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin the operating system says the requested file is owned by (system)

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin group <code>accounts</code>, the group <code>accounts</code> must

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin appear in the group database and the web-username used in the request

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin must be a member of that group.</dd>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin </dl>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <div class="note"><h3>Note</h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <p>If <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code> is used in order to authorize

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin a resource that is not actually present in the filesystem

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin (<em>i.e.</em> a virtual resource), it will deny the access.</p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <p>Particularly it will never authorize <a href="/content-negotiation.html#multiviews">content negotiated

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin "MultiViews"</a> resources.</p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin </div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin</div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div id="quickview"><h3 class="directives">Directives</h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<p>This module provides no

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin directives.</p>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<h3>Topics</h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<ul id="topics">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<li><img alt="" src="/images/down.gif" /> <a href="#examples">Configuration Examples</a></li>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin</ul><h3>See also</h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<ul class="seealso">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<div class="section">

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin<h2><a name="examples" id="examples">Configuration Examples</a></h2>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <h3><a name="examples.file-owner" id="examples.file-owner">Require file-owner</a></h3>

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <p>Consider a multi-user system running the Apache Web server, with

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin each user having his or her own files in <code>~/public_html/private</code>. Assuming that there is a single

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin <code class="directive"><a href="/mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> database

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin that lists all of their web-usernames, and that these usernames match

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin the system's usernames that actually own the files on the server, then

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin the following stanza would allow only the user himself access to his

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin own files. User <code>jones</code> would not be allowed to access

f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung files in <code>/home/smith/public_html/private</code> unless they

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin were owned by <code>jones</code> instead of <code>smith</code>.</p>

5effc8b39fae5cd169d17f342bfc265705840014rbowen

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen <pre class="prettyprint lang-config">

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen&lt;Directory /home/*/public_html/private&gt;

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen AuthType Basic

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen AuthName MyPrivateFiles

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen AuthBasicProvider dbm

4a3b6b890a52931991a7ed042d5973ef2039c623minfrin AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all

Require file-owner

&lt;/Directory&gt;

</pre>

<h3><a name="examples.file-group" id="examples.file-group">Require file-group</a></h3>

<p>Consider a system similar to the one described above, but with

some users that share their project files in

<code>~/public_html/project-foo</code>. The files are owned by the

system group <code>foo</code> and there is a single <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> database that

contains all of the web-usernames and their group membership,

<em>i.e.</em> they must be at least member of a group named

<code>foo</code>. So if <code>jones</code> and <code>smith</code>

are both member of the group <code>foo</code>, then both will be

authorized to access the <code>project-foo</code> directories of

each other.</p>

<pre class="prettyprint lang-config">

&lt;Directory /home/*/public_html/project-foo&gt;

AuthType Basic

AuthName "Project Foo Files"

AuthBasicProvider dbm

# combined user/group database

AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all

AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all

Satisfy All

Require file-group

&lt;/Directory&gt;

</pre>

</div>

</div>

<div class="bottomlang">

<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |

<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>

<script type="text/javascript"><!--//--><![CDATA[//><!--

//--><!]]></script></div><div id="footer">

<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>

<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--

//--><!]]></script>

</body></html>