2

I have some difficulties setting up password protection in Apache

In .htaccess, I have

AuthUserFile /var/www/vhosts/domain.net/httpdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Test Server"
AuthType Basic

require user testuser

Then in .htpasswd, I have something like

testuser:encrypted password

The problem now is I forgot what .htpasswd generator I used. When I try to add a new user and password, it doesn't work. eg. when I put require user newuser it fails always (prompt keeps reappearing). Then when I revert to testuser it works

How can I setup such that I have 1 or some "admins" that can access everything and viewers that can view only specific folders ... eg

/               - only admins
    /folder1    - only admins or folder1's users
    /folder2    - only admins or folder2's users

Also what do I do to not allow showing of directory listing

Jiew Meng
  • 21
  • 1

2 Answers2

4

The require user directive only allows for one user to access the particular resource. To allow multiple users you should configure an AuthGroupFile and use the Require group directive to allow access to the resource. The apache documentation is here

/folder1/.htaccess

AuthUserFile /var/www/vhosts/domain.net/httpdocs/.htpasswd
AuthGroupFile /var/www/vhosts/domain.net/httpdocs/.GroupFile
AuthName "Test Group1"
AuthType Basic

require group Group1

/folder2/.htaccess

AuthUserFile /var/www/vhosts/domain.net/httpdocs/.htpasswd
AuthGroupFile /var/www/vhosts/domain.net/httpdocs/.GroupFile
AuthName "Test Group2"
AuthType Basic

require group Group2

etc.

If you want to specify multiple groups then 

require group Group1 Group2 ...

and in the GroupFile

Group1: testuser admin1 admin2
Group2: testuser1 admin1 admin2
user9517
  • 114,104
  • 20
  • 206
  • 289
  • What do you use to generate passwords? – Jiew Meng Feb 21 '11 at 14:15
  • in your example above `htpasswd /var/www/vhosts/domain.net/httpdocs/.htpasswd UserName` would do it. – user9517 Feb 21 '11 at 14:20
  • I think theres various methods of encryption? also theres different string length apparently? like from http://aspirine.org/htpasswd_en.html – Jiew Meng Feb 21 '11 at 14:22
  • 1
    @jiewmeng: Yes you can specify htpasswd -m for MD5 -d for crypt -s for SHA have a look at the [**htpasswd**](http://linux.die.net/man/1/htpasswd) man page – user9517 Feb 21 '11 at 14:30
  • thanks, I can also use crypt from http://aspirine.org/htpasswd_en.html – Jiew Meng Feb 21 '11 at 14:35
  • oh and how can I specify multiple groups to allow? eg. Can I do AdminGrp: admin1 admin2 | Grp1: user1 user2 then do something like `require group AdminGrp Grp1`? – Jiew Meng Feb 21 '11 at 14:41
  • Also whats a way to debug whats wrong? – Jiew Meng Feb 21 '11 at 14:46
  • Your have answered your own question regarding multiple groups `require group AdminGrp Grp1` is correct. Regarding debugging have a look in you apache error log. – user9517 Feb 21 '11 at 15:22
1

.htaccess in root:

AuthUserFile /var/.htpasswd
AuthName "Test Server"
AuthType Basic
require user admin
Options -Indexes

.htaccess in folder1:

AuthUserFile /var/.htpasswd
AuthName "Test Server"
AuthType Basic
require user admin folder1

.htaccess in folder2:

AuthUserFile /var/.htpasswd
AuthName "Test Server"
AuthType Basic
require user admin folder2
ooshro
  • 10,874
  • 1
  • 31
  • 31