You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Admin Cyanide <ad...@cyanide-studio.com> on 2011/03/30 11:21:23 UTC
[users@httpd] Centralised path-based authorisation
Hi list,
I'm setting up an Apache server with many path-based authorisations. The
goal is to create a file server over HTTP(S). Using an FTP server is not
an option.
As far as I know, There's only two options available on Apache to set up
these kind of authorisations :
.htaccess files : can become heavy resources consuming, doesn't need to
restart Apache, needs to access the host filesystem.
vhost configuration file : far less resources consuming, needs to
restart apache to commit the changes, needs to access the host filesystem.
Is there another way to do this ?
I'm searching for something with a database authentication backend, so I
can change autorisations through a service and doesn't need to restart
the server.
Thanks,
--
Bastien Semene
Administrateur Réseau& Système
Cyanide Studio - FRANCE
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Centralised path-based authorisation
Posted by Admin Cyanide <ad...@cyanide-studio.com>.
Le 30/03/2011 15:40, Nick Kew a écrit :
> On 30 Mar 2011, at 14:32, Admin Cyanide wrote:
>
>> I just want to be sure we're talking about authorisations and not authentication. I know how to use SQL, LDAP or whatever to create authentications mechanisms.
>> What I'm searching is path based authorisations to allow acces to xxx/yyy folder to bob, while other authenticated users can't access to it (though it can be more complex).
> I can't tell you your best solution. But you could, for example, map paths to
> authz groups. Then you update your ACLs by amending group memberships.
>
> If you already knew that and thought it should be obvious, then the answer
> is no, there's nothing builtin that'll help. Unless your access maps to filesystem
> access and can be driven by file ownership.
>
I don't know about mappings between paths and authz groups, though I can
imagine what it is.
I'll dig there, thank you for your time !
--
Bastien Semene
Administrateur Réseau& Système
Cyanide Studio - FRANCE
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Centralised path-based authorisation
Posted by Nick Kew <ni...@webthing.com>.
On 30 Mar 2011, at 14:32, Admin Cyanide wrote:
> I just want to be sure we're talking about authorisations and not authentication. I know how to use SQL, LDAP or whatever to create authentications mechanisms.
> What I'm searching is path based authorisations to allow acces to xxx/yyy folder to bob, while other authenticated users can't access to it (though it can be more complex).
I can't tell you your best solution. But you could, for example, map paths to
authz groups. Then you update your ACLs by amending group memberships.
If you already knew that and thought it should be obvious, then the answer
is no, there's nothing builtin that'll help. Unless your access maps to filesystem
access and can be driven by file ownership.
--
Nick Kew
Available for work, contract or permanent
http://www.webthing.com/~nick/cv.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Centralised path-based authorisation
Posted by Admin Cyanide <ad...@cyanide-studio.com>.
Le 30/03/2011 12:30, Nick Kew a écrit :
> On 30 Mar 2011, at 10:21, Admin Cyanide wrote:
>
>> another way to do this ?
>> I'm searching for something with a database authentication backend, so I can change autorisations through a service and doesn't need to restart the server.
> How much flexibility do you need? If you use a backend such as an SQL database
> or LDAP, you can maintain that without touching your apache configuration.
>
My wish is to have an easy to maintain system. If paths and logins can
be stored in SQL this could be perfect.
I just don't know how to do this.
I just want to be sure we're talking about authorisations and not
authentication. I know how to use SQL, LDAP or whatever to create
authentications mechanisms.
What I'm searching is path based authorisations to allow acces to
xxx/yyy folder to bob, while other authenticated users can't access to
it (though it can be more complex).
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Centralised path-based authorisation
Posted by Nick Kew <ni...@webthing.com>.
On 30 Mar 2011, at 10:21, Admin Cyanide wrote:
> another way to do this ?
> I'm searching for something with a database authentication backend, so I can change autorisations through a service and doesn't need to restart the server.
How much flexibility do you need? If you use a backend such as an SQL database
or LDAP, you can maintain that without touching your apache configuration.
--
Nick Kew
Available for work, contract or permanent
http://www.webthing.com/~nick/cv.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org