Sitemap 1l1p

Apache HTTP Server Version 2.4

<-
Apache > HTTP Server > Documentation > Modules

Apache Module mod_authz_owner 4h3225

Available Languages:  ko 

Description: Authorization based on file ownership
Status: Extension
Module Identifier: authz_owner_module
Source File: mod_authz_owner.c
Compatibility: Available in Apache 2.1 and later

Summary 6m2os

This module authorizes access to files by comparing the id used for HTTP authentication (the web id) with the file-system owner or group of the requested file. The supplied name and must be already properly verified by an authentication module, such as Require directive, file-owner and file-group, as follows:

file-owner
The supplied web-name must match the system's name for the owner of the file being requested. That is, if the operating system says the requested file is owned by jones, then the name used to access it through the web must be jones as well.
file-group
The name of the system group that owns the file must be present in a group database, which is provided, for example, by mod_authz_dbm, and the web-name must be a member of that group. For example, if the operating system says the requested file is owned by (system) group s, the group s must appear in the group database and the web-name used in the request must be a member of that group.

Note 196q6v

If mod_authz_owner is used in order to authorize a resource that is not actually present in the filesystem (i.e. a virtual resource), it will deny the access.

Particularly it will never authorize content negotiated "MultiViews" resources.

Apache!

Topics 2c136y

Directives 1a4l6m

This module provides no directives.

Bugfix checklist 4i2533

See also 27136x

top

Configuration Examples 1f5226

Require file-owner l1c2e

Consider a multi- system running the Apache Web server, with each having his or her own files in ~/public_html/private. Assuming that there is a single AuthDBMFile database that lists all of their web-names, and that these names match the system's names that actually own the files on the server, then the following stanza would allow only the himself access to his own files. jones would not be allowed to access files in /home/smith/public_html/private unless they were owned by jones instead of smith.

<Directory "/home/*/public_html/private">
    AuthType Basic
    AuthName MyPrivateFiles
    AuthBasirovider dbm
    AuthDBMFile "/usr/local/apache2/etc/.htdbm-all"
    Require file-owner
</Directory>

Require file-group 3o3t5c

Consider a system similar to the one described above, but with some s that share their project files in ~/public_html/project-foo. The files are owned by the system group foo and there is a single AuthDBMGroupFile database that contains all of the web-names and their group hip, i.e. they must be at least member of a group named foo. So if jones and smith are both member of the group foo, then both will be authorized to access the project-foo directories of each other.

<Directory "/home/*/public_html/project-foo">
    AuthType Basic
    AuthName "Project Foo Files"
    AuthBasirovider dbm
    
    # combined /group database
    AuthDBMFile  "/usr/local/apache2/etc/.htdbm-all"
    AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
    
    Satisfy All
    Require file-group
</Directory>

Available Languages:  ko 

top

Comments 2p1l6j

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our s if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.