mod_authz_owner.html.en revision 4b5981e276e93df97c34e4da05ca5cf8bbd937da
64c02f1310b7747423957823ee09fb3608430f89nd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
64c02f1310b7747423957823ee09fb3608430f89nd<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
64c02f1310b7747423957823ee09fb3608430f89nd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
64c02f1310b7747423957823ee09fb3608430f89nd This file is generated from xml source: DO NOT EDIT
64c02f1310b7747423957823ee09fb3608430f89nd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
64c02f1310b7747423957823ee09fb3608430f89nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
64c02f1310b7747423957823ee09fb3608430f89nd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
52fff662005b1866a3ff09bb6c902800c5cc6dedjerenkrantz<p class="apache">Apache HTTP Server Version 2.3</p>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
4b5981e276e93df97c34e4da05ca5cf8bbd937dand<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English"> en </a> |
101bf3584c853027d9e51df6edfff5ff70c80238jim<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
64c02f1310b7747423957823ee09fb3608430f89nd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Authorization based on file ownership</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_owner_module</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_owner.c</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later</td></tr></table>
64c02f1310b7747423957823ee09fb3608430f89nd <p>This module authorizes access to files by comparing the userid used
64c02f1310b7747423957823ee09fb3608430f89nd for HTTP authentication (the web userid) with the file-system owner or
64c02f1310b7747423957823ee09fb3608430f89nd group of the requested file. The supplied username and password
64c02f1310b7747423957823ee09fb3608430f89nd must be already properly verified by an authentication module,
64c02f1310b7747423957823ee09fb3608430f89nd such as <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> or
64c02f1310b7747423957823ee09fb3608430f89nd <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code>
64c02f1310b7747423957823ee09fb3608430f89nd recognizes two arguments for the <code class="directive"><a href="/mod/core.html#require">Require</a></code> directive, <code>file-owner</code> and
64c02f1310b7747423957823ee09fb3608430f89nd <dd>The supplied web-username must match the system's name for the
64c02f1310b7747423957823ee09fb3608430f89nd owner of the file being requested. That is, if the operating system
64c02f1310b7747423957823ee09fb3608430f89nd says the requested file is owned by <code>jones</code>, then the
64c02f1310b7747423957823ee09fb3608430f89nd username used to access it through the web must be <code>jones</code>
64c02f1310b7747423957823ee09fb3608430f89nd as well.</dd>
64c02f1310b7747423957823ee09fb3608430f89nd <dd>The name of the system group that owns the file must be present
64c02f1310b7747423957823ee09fb3608430f89nd in a group database, which is provided, for example, by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> or <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>,
64c02f1310b7747423957823ee09fb3608430f89nd and the web-username must be a member of that group. For example, if
64c02f1310b7747423957823ee09fb3608430f89nd the operating system says the requested file is owned by (system)
64c02f1310b7747423957823ee09fb3608430f89nd group <code>accounts</code>, the group <code>accounts</code> must
64c02f1310b7747423957823ee09fb3608430f89nd appear in the group database and the web-username used in the request
64c02f1310b7747423957823ee09fb3608430f89nd must be a member of that group.</dd>
64c02f1310b7747423957823ee09fb3608430f89nd <p>If <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code> is used in order to authorize
64c02f1310b7747423957823ee09fb3608430f89nd a resource that is not actually present in the filesystem
64c02f1310b7747423957823ee09fb3608430f89nd (<em>i.e.</em> a virtual resource), it will deny the access.</p>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Particularly it will never authorize <a href="/content-negotiation.html#multiviews">content negotiated
64c02f1310b7747423957823ee09fb3608430f89nd<div id="quickview"><h3 class="directives">Directives</h3>
64c02f1310b7747423957823ee09fb3608430f89nd<li><img alt="" src="/images/down.gif" /> <a href="#authzownerauthoritative">AuthzOwnerAuthoritative</a></li>
64c02f1310b7747423957823ee09fb3608430f89nd<li><img alt="" src="/images/down.gif" /> <a href="#examples">Configuration Examples</a></li>
64c02f1310b7747423957823ee09fb3608430f89nd<li><code class="directive"><a href="/mod/core.html#require">Require</a></code></li>
64c02f1310b7747423957823ee09fb3608430f89nd<li><code class="directive"><a href="/mod/core.html#satisfy">Satisfy</a></code></li>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
64c02f1310b7747423957823ee09fb3608430f89nd<h2><a name="examples" id="examples">Configuration Examples</a></h2>
67c026fea89b4faf173772b5944b6aa006ca6eb0nd <h3><a name="examples.file-owner" id="examples.file-owner">Require file-owner</a></h3>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Consider a multi-user system running the Apache Web server, with
64c02f1310b7747423957823ee09fb3608430f89nd each user having his or her own files in <code>~/public_html/private</code>. Assuming that there is a single
64c02f1310b7747423957823ee09fb3608430f89nd <code class="directive"><a href="/mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> database
64c02f1310b7747423957823ee09fb3608430f89nd that lists all of their web-usernames, and that these usernames match
64c02f1310b7747423957823ee09fb3608430f89nd the system's usernames that actually own the files on the server, then
64c02f1310b7747423957823ee09fb3608430f89nd the following stanza would allow only the user himself access to his
64c02f1310b7747423957823ee09fb3608430f89nd own files. User <code>jones</code> would not be allowed to access
64c02f1310b7747423957823ee09fb3608430f89nd files in <code>/home/smith/public_html/private</code> unless they
64c02f1310b7747423957823ee09fb3608430f89nd were owned by <code>jones</code> instead of <code>smith</code>.</p>
64c02f1310b7747423957823ee09fb3608430f89nd AuthType Basic<br />
64c02f1310b7747423957823ee09fb3608430f89nd AuthName MyPrivateFiles<br />
64c02f1310b7747423957823ee09fb3608430f89nd AuthBasicProvider dbm<br />
64c02f1310b7747423957823ee09fb3608430f89nd Satisfy All<br />
64c02f1310b7747423957823ee09fb3608430f89nd Require file-owner<br />
64c02f1310b7747423957823ee09fb3608430f89nd </Directory>
67c026fea89b4faf173772b5944b6aa006ca6eb0nd <h3><a name="examples.file-group" id="examples.file-group">Require file-group</a></h3>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Consider a system similar to the one described above, but with
64c02f1310b7747423957823ee09fb3608430f89nd some users that share their project files in
64c02f1310b7747423957823ee09fb3608430f89nd <code>~/public_html/project-foo</code>. The files are owned by the
64c02f1310b7747423957823ee09fb3608430f89nd system group <code>foo</code> and there is a single <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> database that
64c02f1310b7747423957823ee09fb3608430f89nd contains all of the web-usernames and their group membership,
64c02f1310b7747423957823ee09fb3608430f89nd <em>i.e.</em> they must be at least member of a group named
64c02f1310b7747423957823ee09fb3608430f89nd <code>foo</code>. So if <code>jones</code> and <code>smith</code>
64c02f1310b7747423957823ee09fb3608430f89nd are both member of the group <code>foo</code>, then both will be
64c02f1310b7747423957823ee09fb3608430f89nd authorized to access the <code>project-foo</code> directories of
64c02f1310b7747423957823ee09fb3608430f89nd each other.</p>
64c02f1310b7747423957823ee09fb3608430f89nd AuthType Basic<br />
64c02f1310b7747423957823ee09fb3608430f89nd AuthName "Project Foo Files"<br />
64c02f1310b7747423957823ee09fb3608430f89nd AuthBasicProvider dbm<br />
64c02f1310b7747423957823ee09fb3608430f89nd Satisfy All<br />
64c02f1310b7747423957823ee09fb3608430f89nd Require file-group<br />
64c02f1310b7747423957823ee09fb3608430f89nd </Directory>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
64c02f1310b7747423957823ee09fb3608430f89nd<div class="directive-section"><h2><a name="AuthzOwnerAuthoritative" id="AuthzOwnerAuthoritative">AuthzOwnerAuthoritative</a> <a name="authzownerauthoritative" id="authzownerauthoritative">Directive</a></h2>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization will be passed on to lower level
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzOwnerAuthoritative On|Off</code></td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzOwnerAuthoritative On</code></td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_owner</td></tr>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Setting the <code class="directive">AuthzOwnerAuthoritative</code>
64c02f1310b7747423957823ee09fb3608430f89nd user authorization to be passed on to lower level modules (as defined
64c02f1310b7747423957823ee09fb3608430f89nd <li>in the case of <code>file-owner</code> the file-system owner does not
64c02f1310b7747423957823ee09fb3608430f89nd match the supplied web-username or could not be determined, or</li>
64c02f1310b7747423957823ee09fb3608430f89nd <li>in the case of <code>file-group</code> the file-system group does not
64c02f1310b7747423957823ee09fb3608430f89nd contain the supplied web-username or could not be determined.</li>
64c02f1310b7747423957823ee09fb3608430f89nd <p>Note that setting the value to <code>Off</code> also allows the
64c02f1310b7747423957823ee09fb3608430f89nd combination of <code>file-owner</code> and <code>file-group</code>, so
64c02f1310b7747423957823ee09fb3608430f89nd access will be allowed if either one or the other (or both) match.</p>
64c02f1310b7747423957823ee09fb3608430f89nd <p>By default, control is not passed on and an authorization failure
64c02f1310b7747423957823ee09fb3608430f89nd will result in an "Authentication Required" reply. Not
64c02f1310b7747423957823ee09fb3608430f89nd setting it to <code>Off</code> thus keeps the system secure and forces
64c02f1310b7747423957823ee09fb3608430f89nd an NCSA compliant behaviour.</p>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English"> en </a> |
101bf3584c853027d9e51df6edfff5ff70c80238jim<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
b95ae799514ad86a15610ad75808d7065e9847c9kess<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
64c02f1310b7747423957823ee09fb3608430f89nd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>