mod_authz_owner.html.en revision d29d9ab4614ff992b0e8de6e2b88d52b6f1f153e
2704de98885368683621b01c8f8f4e4b01557611takashi<?xml version="1.0" encoding="ISO-8859-1"?>
2704de98885368683621b01c8f8f4e4b01557611takashi<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2704de98885368683621b01c8f8f4e4b01557611takashi<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
2704de98885368683621b01c8f8f4e4b01557611takashi XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2704de98885368683621b01c8f8f4e4b01557611takashi This file is generated from xml source: DO NOT EDIT
2704de98885368683621b01c8f8f4e4b01557611takashi XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2704de98885368683621b01c8f8f4e4b01557611takashi -->
2704de98885368683621b01c8f8f4e4b01557611takashi<title>mod_authz_owner - Apache HTTP Server</title>
2704de98885368683621b01c8f8f4e4b01557611takashi<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
2704de98885368683621b01c8f8f4e4b01557611takashi<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<script src="/style/scripts/prettify.js" type="text/javascript">
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen</script>
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen
2704de98885368683621b01c8f8f4e4b01557611takashi<link href="/images/favicon.ico" rel="shortcut icon" /></head>
2704de98885368683621b01c8f8f4e4b01557611takashi<body>
2704de98885368683621b01c8f8f4e4b01557611takashi<div id="page-header">
2704de98885368683621b01c8f8f4e4b01557611takashi<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<p class="apache">Apache HTTP Server Version 2.5</p>
2704de98885368683621b01c8f8f4e4b01557611takashi<img alt="" src="/images/feather.gif" /></div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div id="path">
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div id="page-content">
987153b0772b889900365647b5afb962b80b4439nilgun<div id="preamble"><h1>Apache Module mod_authz_owner</h1>
2704de98885368683621b01c8f8f4e4b01557611takashi<div class="toplang">
2704de98885368683621b01c8f8f4e4b01557611takashi<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2704de98885368683621b01c8f8f4e4b01557611takashi<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
645cf915f6bc22be17750bc5bb34ade8de6744dfnd<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
987153b0772b889900365647b5afb962b80b4439nilgun</div>
987153b0772b889900365647b5afb962b80b4439nilgun<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Authorization based on file ownership</td></tr>
2704de98885368683621b01c8f8f4e4b01557611takashi<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
2704de98885368683621b01c8f8f4e4b01557611takashi<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_owner_module</td></tr>
2704de98885368683621b01c8f8f4e4b01557611takashi<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_owner.c</td></tr>
2704de98885368683621b01c8f8f4e4b01557611takashi<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.1 and later</td></tr></table>
2704de98885368683621b01c8f8f4e4b01557611takashi<h3>Summary</h3>
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd
2704de98885368683621b01c8f8f4e4b01557611takashi <p>This module authorizes access to files by comparing the userid used
2704de98885368683621b01c8f8f4e4b01557611takashi for HTTP authentication (the web userid) with the file-system owner or
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun group of the requested file. The supplied username and password
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun must be already properly verified by an authentication module,
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun such as <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> or
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code>
2704de98885368683621b01c8f8f4e4b01557611takashi recognizes two arguments for the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directive, <code>file-owner</code> and
2704de98885368683621b01c8f8f4e4b01557611takashi <code>file-group</code>, as follows:</p>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <dl>
2704de98885368683621b01c8f8f4e4b01557611takashi <dt><code>file-owner</code></dt>
2704de98885368683621b01c8f8f4e4b01557611takashi <dd>The supplied web-username must match the system's name for the
2704de98885368683621b01c8f8f4e4b01557611takashi owner of the file being requested. That is, if the operating system
2704de98885368683621b01c8f8f4e4b01557611takashi says the requested file is owned by <code>jones</code>, then the
2704de98885368683621b01c8f8f4e4b01557611takashi username used to access it through the web must be <code>jones</code>
987153b0772b889900365647b5afb962b80b4439nilgun as well.</dd>
987153b0772b889900365647b5afb962b80b4439nilgun
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <dt><code>file-group</code></dt>
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <dd>The name of the system group that owns the file must be present
2704de98885368683621b01c8f8f4e4b01557611takashi in a group database, which is provided, for example, by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> or <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>,
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun and the web-username must be a member of that group. For example, if
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun the operating system says the requested file is owned by (system)
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun group <code>accounts</code>, the group <code>accounts</code> must
2704de98885368683621b01c8f8f4e4b01557611takashi appear in the group database and the web-username used in the request
2704de98885368683621b01c8f8f4e4b01557611takashi must be a member of that group.</dd>
2704de98885368683621b01c8f8f4e4b01557611takashi </dl>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <div class="note"><h3>Note</h3>
2704de98885368683621b01c8f8f4e4b01557611takashi <p>If <code class="module"><a href="/mod/mod_authz_owner.html">mod_authz_owner</a></code> is used in order to authorize
2704de98885368683621b01c8f8f4e4b01557611takashi a resource that is not actually present in the filesystem
2704de98885368683621b01c8f8f4e4b01557611takashi (<em>i.e.</em> a virtual resource), it will deny the access.</p>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <p>Particularly it will never authorize <a href="/content-negotiation.html#multiviews">content negotiated
2704de98885368683621b01c8f8f4e4b01557611takashi "MultiViews"</a> resources.</p>
2704de98885368683621b01c8f8f4e4b01557611takashi </div>
2704de98885368683621b01c8f8f4e4b01557611takashi</div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div id="quickview"><h3 class="directives">Directives</h3>
987153b0772b889900365647b5afb962b80b4439nilgun<p>This module provides no
2704de98885368683621b01c8f8f4e4b01557611takashi directives.</p>
2704de98885368683621b01c8f8f4e4b01557611takashi<h3>Topics</h3>
2704de98885368683621b01c8f8f4e4b01557611takashi<ul id="topics">
2704de98885368683621b01c8f8f4e4b01557611takashi<li><img alt="" src="/images/down.gif" /> <a href="#examples">Configuration Examples</a></li>
2704de98885368683621b01c8f8f4e4b01557611takashi</ul><h3>See also</h3>
2704de98885368683621b01c8f8f4e4b01557611takashi<ul class="seealso">
2704de98885368683621b01c8f8f4e4b01557611takashi<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
2704de98885368683621b01c8f8f4e4b01557611takashi</ul></div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div class="section">
2704de98885368683621b01c8f8f4e4b01557611takashi<h2><a name="examples" id="examples">Configuration Examples</a></h2>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <h3><a name="examples.file-owner" id="examples.file-owner">Require file-owner</a></h3>
2704de98885368683621b01c8f8f4e4b01557611takashi <p>Consider a multi-user system running the Apache Web server, with
2704de98885368683621b01c8f8f4e4b01557611takashi each user having his or her own files in <code>~/public_html/private</code>. Assuming that there is a single
2704de98885368683621b01c8f8f4e4b01557611takashi <code class="directive"><a href="/mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> database
2704de98885368683621b01c8f8f4e4b01557611takashi that lists all of their web-usernames, and that these usernames match
2704de98885368683621b01c8f8f4e4b01557611takashi the system's usernames that actually own the files on the server, then
2704de98885368683621b01c8f8f4e4b01557611takashi the following stanza would allow only the user himself access to his
2704de98885368683621b01c8f8f4e4b01557611takashi own files. User <code>jones</code> would not be allowed to access
2704de98885368683621b01c8f8f4e4b01557611takashi files in <code>/home/smith/public_html/private</code> unless they
2704de98885368683621b01c8f8f4e4b01557611takashi were owned by <code>jones</code> instead of <code>smith</code>.</p>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <div class="example"><p><code>
2704de98885368683621b01c8f8f4e4b01557611takashi &lt;Directory /home/*/public_html/private&gt;<br />
2704de98885368683621b01c8f8f4e4b01557611takashi <span class="indent">
2704de98885368683621b01c8f8f4e4b01557611takashi AuthType Basic<br />
2704de98885368683621b01c8f8f4e4b01557611takashi AuthName MyPrivateFiles<br />
2704de98885368683621b01c8f8f4e4b01557611takashi AuthBasicProvider dbm<br />
2704de98885368683621b01c8f8f4e4b01557611takashi AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all<br />
2704de98885368683621b01c8f8f4e4b01557611takashi Require file-owner<br />
2704de98885368683621b01c8f8f4e4b01557611takashi </span>
2704de98885368683621b01c8f8f4e4b01557611takashi &lt;/Directory&gt;
2704de98885368683621b01c8f8f4e4b01557611takashi </code></p></div>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi <h3><a name="examples.file-group" id="examples.file-group">Require file-group</a></h3>
2704de98885368683621b01c8f8f4e4b01557611takashi <p>Consider a system similar to the one described above, but with
2704de98885368683621b01c8f8f4e4b01557611takashi some users that share their project files in
2704de98885368683621b01c8f8f4e4b01557611takashi <code>~/public_html/project-foo</code>. The files are owned by the
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd system group <code>foo</code> and there is a single <code class="directive"><a href="/mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> database that
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd contains all of the web-usernames and their group membership,
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <em>i.e.</em> they must be at least member of a group named
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd <code>foo</code>. So if <code>jones</code> and <code>smith</code>
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun are both member of the group <code>foo</code>, then both will be
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun authorized to access the <code>project-foo</code> directories of
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd each other.</p>
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd <div class="example"><p><code>
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun &lt;Directory /home/*/public_html/project-foo&gt;<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <span class="indent">
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun AuthType Basic<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun AuthName "Project Foo Files"<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun AuthBasicProvider dbm<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun <br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun # combined user/group database<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all<br />
b2a930a0c94e9fd25f8d2b3a2c53573235db3f06nilgun AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all<br />
b9f522ae1c0ed2bf3fc4444245bf28b2e2449a65nd <br />
2704de98885368683621b01c8f8f4e4b01557611takashi Satisfy All<br />
2704de98885368683621b01c8f8f4e4b01557611takashi Require file-group<br />
2704de98885368683621b01c8f8f4e4b01557611takashi </span>
2704de98885368683621b01c8f8f4e4b01557611takashi &lt;/Directory&gt;
2704de98885368683621b01c8f8f4e4b01557611takashi </code></p></div>
2704de98885368683621b01c8f8f4e4b01557611takashi
2704de98885368683621b01c8f8f4e4b01557611takashi</div>
987153b0772b889900365647b5afb962b80b4439nilgun</div>
2704de98885368683621b01c8f8f4e4b01557611takashi<div class="bottomlang">
2704de98885368683621b01c8f8f4e4b01557611takashi<p><span>Available Languages: </span><a href="/en/mod/mod_authz_owner.html" title="English">&nbsp;en&nbsp;</a> |
2704de98885368683621b01c8f8f4e4b01557611takashi<a href="/fr/mod/mod_authz_owner.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2704de98885368683621b01c8f8f4e4b01557611takashi<a href="/ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
2704de98885368683621b01c8f8f4e4b01557611takashi<a href="/ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
2704de98885368683621b01c8f8f4e4b01557611takashi</div><div id="footer">
2704de98885368683621b01c8f8f4e4b01557611takashi<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
2704de98885368683621b01c8f8f4e4b01557611takashi<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript">
2704de98885368683621b01c8f8f4e4b01557611takashi if (prettyPrint) {
2704de98885368683621b01c8f8f4e4b01557611takashi prettyPrint();
2704de98885368683621b01c8f8f4e4b01557611takashi }
2704de98885368683621b01c8f8f4e4b01557611takashi</script>
2704de98885368683621b01c8f8f4e4b01557611takashi</body></html>