If you can see this check that

           prev section up prev page next page

User Authentication in Apache

Basic Authentication
User:
Password:

This tutorial is concerned with the configuration of Basic Authentication in apache.

Question 1: Create TOM

Build a user called "tom" to experiment with. Use 

adduser tom

You also need to have the apache service (httpd) running.

Make sure your httpd.conf file supports User public_html directories. Look through the /etc/httpd/conf/httpd.conf file for a line: 

  UserDir disable
Then look on a little further to find: 
    #UserDir public_html
Delete the '#' comment character from the front of this line. As you have changed the configuration remember to reload the httpd service!

When you find this line delete it, or put a # infront of it.

Now create a user called "tom", create a public_html directory in tom's home directory, and create a file p1.html in the public_html. The contents of this file should be: 

<html>
<body>
<h1>TOM</h1>
<p>
Document body goes here.
</p>
</body>
</html>

Change the appropriate permissions on the /home/tom directories and files by the minimum amount possible to give apache permission to use the file.

Finally, SELinux is enabled in enforcing mode in Fedora 15 by default. This means you need even more security to overcome (configure). You need to make sure that the SELinux boolean httpd_read_user_content is enabled. By default SELinux is forbidden from reading any file in /home. Check with 

getsebool  httpd_read_user_content
and if needed set it with 
setsebool -P httpd_read_user_content 1
"setsebool" may take 20 or more seconds to run. It will finish, honest!

Tests - not attempted
Apache Running UNTESTED
UserDir seems to be disabled UNTESTED
Tom exists UNTESTED
Tom has a public_html which he owns UNTESTED
Tom has a home directory executable by others UNTESTED
Tom has a public_html executable by others UNTESTED
Tom has a file p1.html which he owns UNTESTED
p1.html is readable by others UNTESTED
p1.html contains the word TOM (case sensitive) UNTESTED
SELinux has been configured with httpd_read_user_content true UNTESTED
http://host/~tom/p1.html actually works UNTESTED

Question 2: Add two new directories/files

Create the following directories, each of which must be executable by others:

  • /home/tom/public_html/richard
  • /home/tom/public_html/harry

In each of these new directories create a file similar to p1.html, but called:

  • /home/tom/public_html/richard/p2.html
  • /home/tom/public_html/harry/p3.html

In "richard/p2.html" replace the word TOM with RICHARD. In "harry/p3.html" replace the word TOM with HARRY. Case is important.

Tests - not attempted
Can read http://../~tom/richard/p2.html UNTESTED
http://../~tom/richard/p2.html contains RICHARD UNTESTED
Can read http://../~tom/harry/p3.html UNTESTED
http://../~tom/harry/p3.html contains HARRY UNTESTED

Question 3: Allow AuthConfig for public_html

Using the <Directory> tag in the httpd.conf file to allow AuthConfig for public_html directories. Look for something like: 

# <Directory /home/*/public_html>
#   AllowOverride FileInfo AuthConfig Limit

and just before this try something like: 

<Directory /home/*/public_html>
    AllowOverride AuthConfig
</Directory>

Do not forget the reload or restart your apache server after making this change!

Tests - not attempted
Directory detected for public_html UNTESTED

Question 4: Basic Auth file

Create a password file for basic authentication. Remember this has nothing to do with normal unix users, and even less to do with /etc/passwd!

The htpasswd command allows you to create the file, and to add users to the file. Use it to create a basic authentication password file called "/home/tom/webpasswd". Put into this file two users with the following passwords: 

User: richard              Password: pass1
User: harry                Password: pass2
Tests - not attempted
/home/tom/webpasswd exists and seems readable UNTESTED
Contents semi-sensible for richard? UNTESTED
Contents semi-sensible for harry? UNTESTED

Question 5: Secure richard/

Secure the public_html/richard directory so only a user with the basic authentication details of richard, password pass1, can access the files.

Tests - not attempted
Basic Auth needed on ~tom/richard/p2.html UNTESTED
Basic Auth using richard/pass1 works for ~tom/richard/p2.html UNTESTED
Basic Auth using harry/pass2 fails for ~tom/richard/p2.html UNTESTED

Question 6: Secure harry/

Secure the public_html/harry directory so only a user with the basic authentication details of group "magic" can access the contents.

To answer this question, create a group file "/home/tom/webgroup" with the following contents: 

magic: richard harry

Make sure in the .htaccess file in the harry directory you use only "Require group" and not some sort of "Require user" command.

Tests - not attempted
/home/tom/webgroup exists and seems readable UNTESTED
/home/tom/webgroup contains right magic: definition UNTESTED
No Require User in .htaccess UNTESTED
Using Require Group magic in .htaccess UNTESTED
Basic Auth needed on ~tom/harry/p3.html UNTESTED
Basic Auth using richard/pass1 works for ~tom/harry/p3.html UNTESTED
Basic Auth using harry/pass2 works for ~tom/harry/p3.html UNTESTED
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net fwall DNS diag Apache1 Apache2 MySQL1 MySQL2
Caine 3.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7 | 8a | 8b | WebBrowserA | WebBrowserB | Registry
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Copyright @ 2004-2012 Gordon Russell. All rights reserved.