You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dave Challener <ch...@us.lenovo.com> on 2006/11/06 16:34:23 UTC
[users@httpd] .htaccess
Hi all.
I am trying to get .htaccess working on my home server. It is a RedHat
distro version of Apache httpd.
I have done 3 things:
1) in the httpd.conf file I have added the following lines:
<Directory "/ddrive/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
AllowOverride AuthConfig
Options Indexes FollowSymLinks Includes
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
2) In the subdirectory I wish to password protect itself, I have added a
file named .htaccess which contains the following lines:
#Sample .htaccess file for UT Web Central publishers
AuthUserFile /root/SOadmin/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorization Required"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
3) In the subdirectory /root/SOadmin, I used htpasswd to create a file
.htpasswd
(initially I used -c to create the file, then used it without to add
passwords)
One password I added was user with password password.
The file is there, it has two users in it, and "user" is indeed one of
them.
dchallener:SkuDfI644Y3EM
user:4bV2gKtZ0Whys
I shutdown the system and rebooted, restarted httpd.
I then went to the subdirectory. It asked me for a userid and password
(Hooray!... something is working)
HOWEVER... it won't accept any of the userid / password combinations I
give it.
Any ideas?
Re: [users@httpd] .htaccess
Posted by Dave Challener <ch...@us.lenovo.com>.
Well I tried all those suggestions, and had no effect.
Then I copied the .htaccess file from the subdirectory into a <Directory>
... </Directory> in the httpd.conf file
erased the .htaccess file.
rebooted the server...
AND IT WORKED!
Go figure.... no idea what was wrong, but I don't care now that it
works.....:-D
Thanks for the help!
Thanks!
David Challener
sfeehan@boolecat.com (Steve Feehan)
11/06/2006 11:57 AM
Please respond to
users@httpd.apache.org
To
users@httpd.apache.org
cc
Subject
Re: [users@httpd] .htaccess
On Mon, Nov 06, 2006 at 08:13:04AM -0800, Sander Temme wrote:
>
> On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
>
> >HOWEVER... it won't accept any of the userid / password
> >combinations I give it.
>
> What are the permissions on /root/SOadmin/.htpasswd, can the web
> server child processes read it? They do not run as root, so you need
> world-readable on that file. You might need world-readable on all
> directories above it, too.
>
> S.
The file should not be world readable, rather readable by the user
and/or group that apache runs as. The file should generally not be
writable by the apache user/group. So if apache is running as group
'www' then the following permissions would be advisable:
chown root:www /root/SOadmin/.htpasswd
chmod 640 /root/SOadmin/.htpasswd
Also, the parent directories don't need to be world readable, but
only executable to the user/group that apache runs as.
--
Steve Feehan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess
Posted by Steve Feehan <sf...@boolecat.com>.
On Mon, Nov 06, 2006 at 08:13:04AM -0800, Sander Temme wrote:
>
> On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
>
> >HOWEVER... it won't accept any of the userid / password
> >combinations I give it.
>
> What are the permissions on /root/SOadmin/.htpasswd, can the web
> server child processes read it? They do not run as root, so you need
> world-readable on that file. You might need world-readable on all
> directories above it, too.
>
> S.
The file should not be world readable, rather readable by the user
and/or group that apache runs as. The file should generally not be
writable by the apache user/group. So if apache is running as group
'www' then the following permissions would be advisable:
chown root:www /root/SOadmin/.htpasswd
chmod 640 /root/SOadmin/.htpasswd
Also, the parent directories don't need to be world readable, but
only executable to the user/group that apache runs as.
--
Steve Feehan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess
Posted by Dave Challener <ch...@us.lenovo.com>.
Oh do I feel stupid.
Thanks!
David Challener, PhD
STSM
PCD
441-6891
Sander Temme <sc...@apache.org>
11/06/2006 11:13 AM
Please respond to
users@httpd.apache.org
To
users@httpd.apache.org
cc
Subject
Re: [users@httpd] .htaccess
On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
> HOWEVER... it won't accept any of the userid / password
> combinations I give it.
What are the permissions on /root/SOadmin/.htpasswd, can the web
server child processes read it? They do not run as root, so you need
world-readable on that file. You might need world-readable on all
directories above it, too.
S.
--
sctemme@apache.org http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [users@httpd] .htaccess
Posted by Sander Temme <sc...@apache.org>.
On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
> HOWEVER... it won't accept any of the userid / password
> combinations I give it.
What are the permissions on /root/SOadmin/.htpasswd, can the web
server child processes read it? They do not run as root, so you need
world-readable on that file. You might need world-readable on all
directories above it, too.
S.
--
sctemme@apache.org http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF