You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dave Challener <ch...@us.lenovo.com> on 2006/11/06 16:34:23 UTC

[users@httpd] .htaccess

Hi all.

I am trying to get .htaccess working on my home server.  It is a RedHat 
distro version of Apache httpd.



I have done 3 things:

1) in the httpd.conf file I have added the following lines:
<Directory "/ddrive/html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI 
MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
    Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
#    AllowOverride None
     AllowOverride AuthConfig
     Options Indexes FollowSymLinks Includes
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>


2) In the subdirectory I wish to password protect itself, I have added a 
file named .htaccess which contains the following lines:

#Sample .htaccess file for UT Web Central publishers
AuthUserFile /root/SOadmin/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorization Required"
AuthType Basic

<Limit GET>
require valid-user
</Limit>


3) In the subdirectory /root/SOadmin, I used htpasswd to create a file 
.htpasswd
 (initially I used -c to create the file, then used it without to add 
passwords)
One password I added was user with password password.

The file is there, it has two users in it, and "user" is indeed one of 
them.


dchallener:SkuDfI644Y3EM
user:4bV2gKtZ0Whys



I shutdown the system and rebooted, restarted httpd.

I then went to the subdirectory.  It asked me for a userid and password 
(Hooray!... something is working)

HOWEVER... it won't accept any of the userid / password combinations I 
give it.


Any ideas?

Re: [users@httpd] .htaccess

Posted by Dave Challener <ch...@us.lenovo.com>.
Well I tried all those suggestions, and had no effect.
Then I copied the .htaccess file from the subdirectory into a <Directory>  
... </Directory> in the httpd.conf file
erased the .htaccess file.

rebooted the server...
AND IT WORKED!
Go figure.... no idea what was wrong, but I don't care now that it 
works.....:-D

Thanks for the help!

Thanks!
David Challener






sfeehan@boolecat.com (Steve Feehan) 
11/06/2006 11:57 AM
Please respond to
users@httpd.apache.org


To
users@httpd.apache.org
cc

Subject
Re: [users@httpd] .htaccess






On Mon, Nov 06, 2006 at 08:13:04AM -0800, Sander Temme wrote:
> 
> On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
> 
> >HOWEVER... it won't accept any of the userid / password 
> >combinations I give it.
> 
> What are the permissions on /root/SOadmin/.htpasswd, can the web 
> server child processes read it? They do not run as root, so you need 
> world-readable on that file. You might need world-readable on all 
> directories above it, too.
> 
> S.

The file should not be world readable, rather readable by the user
and/or group that apache runs as. The file should generally not be
writable by the apache user/group. So if apache is running as group
'www' then the following permissions would be advisable:

  chown root:www /root/SOadmin/.htpasswd
  chmod 640 /root/SOadmin/.htpasswd

Also, the parent directories don't need to be world readable, but
only executable to the user/group that apache runs as.

-- 
Steve Feehan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] .htaccess

Posted by Steve Feehan <sf...@boolecat.com>.
On Mon, Nov 06, 2006 at 08:13:04AM -0800, Sander Temme wrote:
> 
> On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:
> 
> >HOWEVER... it won't accept any of the userid / password  
> >combinations I give it.
> 
> What are the permissions on /root/SOadmin/.htpasswd, can the web  
> server child processes read it? They do not run as root, so you need  
> world-readable on that file. You might need world-readable on all  
> directories above it, too.
> 
> S.

The file should not be world readable, rather readable by the user
and/or group that apache runs as. The file should generally not be
writable by the apache user/group. So if apache is running as group
'www' then the following permissions would be advisable:

  chown root:www /root/SOadmin/.htpasswd
  chmod 640 /root/SOadmin/.htpasswd

Also, the parent directories don't need to be world readable, but
only executable to the user/group that apache runs as.

-- 
Steve Feehan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] .htaccess

Posted by Dave Challener <ch...@us.lenovo.com>.
Oh do I feel stupid.

Thanks!
David Challener, PhD
STSM
PCD
441-6891





Sander Temme <sc...@apache.org> 
11/06/2006 11:13 AM
Please respond to
users@httpd.apache.org


To
users@httpd.apache.org
cc

Subject
Re: [users@httpd] .htaccess







On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:

> HOWEVER... it won't accept any of the userid / password 
> combinations I give it.

What are the permissions on /root/SOadmin/.htpasswd, can the web 
server child processes read it? They do not run as root, so you need 
world-readable on that file. You might need world-readable on all 
directories above it, too.

S.

-- 
sctemme@apache.org            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Re: [users@httpd] .htaccess

Posted by Sander Temme <sc...@apache.org>.
On Nov 6, 2006, at 7:34 AM, Dave Challener wrote:

> HOWEVER... it won't accept any of the userid / password  
> combinations I give it.

What are the permissions on /root/SOadmin/.htpasswd, can the web  
server child processes read it? They do not run as root, so you need  
world-readable on that file. You might need world-readable on all  
directories above it, too.

S.

-- 
sctemme@apache.org            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF