64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<?xml version="1.0" encoding="ISO-8859-1"?>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<title>mod_authz_owner - Apache HTTP Server</title>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<script src="/style/scripts/prettify.js" type="text/javascript">

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen</script>

d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<link href="/images/favicon.ico" rel="shortcut icon" /></head>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<body>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div id="page-header">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p class="apache">Apache HTTP Server Version 2.5</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<img alt="" src="/images/feather.gif" /></div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div id="path">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div id="page-content">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div id="preamble"><h1>Apache Module mod_authz_owner</h1>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div class="toplang">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Authorization based on file ownership</td></tr>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_owner_module</td></tr>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_owner.c</td></tr></table>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<h3>Summary</h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <p>This module authorizes access to files by comparing the userid used

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin for HTTP authentication (the web userid) with the file-system owner or

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin group of the requested file. The supplied username and password

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin must be already properly verified by an authentication module,

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin such as <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> or

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin recognizes two arguments for the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directive, <code>file-owner</code> and

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <code>file-group</code>, as follows:</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <dl>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <dt><code>file-owner</code></dt>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <dd>The supplied web-username must match the system's name for the

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin owner of the file being requested. That is, if the operating system

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin says the requested file is owned by <code>jones</code>, then the

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin username used to access it through the web must be <code>jones</code>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin as well.</dd>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <dt><code>file-group</code></dt>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <dd>The name of the system group that owns the file must be present

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin in a group database, which is provided, for example, by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> or <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>,

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin and the web-username must be a member of that group. For example, if

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin the operating system says the requested file is owned by (system)

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin group <code>accounts</code>, the group <code>accounts</code> must

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin appear in the group database and the web-username used in the request

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin must be a member of that group.</dd>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin </dl>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <div class="note"><h3>Note</h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <p>If <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code> is used in order to authorize

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin a resource that is not actually present in the filesystem

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin (<em>i.e.</em> a virtual resource), it will deny the access.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <p>Particularly it will never authorize <a href="/content-negotiation.html#multiviews">content negotiated

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin "MultiViews"</a> resources.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin </div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div id="quickview"><h3 class="directives">Directives</h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p>This module provides no

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin directives.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<h3>Topics</h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<ul id="topics">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<li><img alt="" src="/images/down.gif" /> <a href="#examples">Configuration Examples</a></li>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</ul><h3>See also</h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<ul class="seealso">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div class="section">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<h2><a name="examples" id="examples">Configuration Examples</a></h2>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <h3><a name="examples.file-owner" id="examples.file-owner">Require file-owner</a></h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <p>Consider a multi-user system running the Apache Web server, with

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin each user having his or her own files in <code>~/public_html/private</code>. Assuming that there is a single

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <code class="directive"><a href="/mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> database

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin that lists all of their web-usernames, and that these usernames match

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin the system's usernames that actually own the files on the server, then

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin the following stanza would allow only the user himself access to his

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin own files. User <code>jones</code> would not be allowed to access

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin files in <code>/home/smith/public_html/private</code> unless they

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin were owned by <code>jones</code> instead of <code>smith</code>.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <pre class="prettyprint lang-config">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin&lt;Directory /home/*/public_html/private&gt;

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthType Basic

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthName MyPrivateFiles

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthBasicProvider dbm

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin Require file-owner

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin&lt;/Directory&gt;

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin </pre>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <h3><a name="examples.file-group" id="examples.file-group">Require file-group</a></h3>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <p>Consider a system similar to the one described above, but with

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin some users that share their project files in

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <code>~/public_html/project-foo</code>. The files are owned by the

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin system group <code>foo</code> and there is a single <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> database that

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin contains all of the web-usernames and their group membership,

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <em>i.e.</em> they must be at least member of a group named

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <code>foo</code>. So if <code>jones</code> and <code>smith</code>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin are both member of the group <code>foo</code>, then both will be

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin authorized to access the <code>project-foo</code> directories of

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin each other.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin <pre class="prettyprint lang-config">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin&lt;Directory /home/*/public_html/project-foo&gt;

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthType Basic

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthName "Project Foo Files"

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthBasicProvider dbm

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin # combined user/group database

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin Satisfy All

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin Require file-group

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin&lt;/Directory&gt;

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin </pre>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<div class="bottomlang">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<script type="text/javascript"><!--//--><![CDATA[//><!--

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin//--><!]]></script></div><div id="footer">

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin//--><!]]></script>

64f23d7fddbd8bacb8c18434baedb5f1f86b432aminfrin</body></html>