Securing Your Web Server, Part 3

By Chuck Musciano, Unix Insider |  Security, Network access control

The only remaining step is to define the entries in the password file.
To accomplish this, most servers come with a utility, usually named
htpasswd, that creates entries in the file.

To create the first entry in the file, use htpasswd with the
-c option:

     htpasswd -c /someplace/else/htpasswd larry

You'll be prompted for larry's passwd. When the command is complete,
the file will be created with an entry for larry. To add the remaining
users, drop the -c option:

     htpasswd /someplace/else/htpasswd curly
     htpasswd /someplace/else/htpasswd moe

When you're finished, the file will look something like this:

     larry:asy7Gtf56dgu1j
     curly:wIO98s.weru7ew
     moe:qwlm.7d56sANkdss

The first field is the user name, of course; the stuff after the colon
is the encrypted password.

That's it! Your password-secured directory is ready to go!

Working with groups

One way to limit access to a group of users is to list all their names
in the require user directive. This can get tedious, so
it makes more sense to define a group of allowed users instead. You do
this by using a require group directive, naming the
group(s) that are granted access to the directory. This is exactly the
same as our previous example, but uses a group instead of an explicit
user list:

     AuthUserFile /someplace/else/htpasswd
     AuthGroupFile /someplace/else/htgroup
     AuthName Stooges
     AuthType Basic

     <limit>
     require group stooges
     </limit>

Using any text editor, create /someplace/else/htgroup to
contain

     stooges: larry curly moe

When authentication occurs, the server will verify that the user name
and password are valid, and then will check to see that the user name is
in the group named stooges. It's much easier to manage
membership in the stooges group by editing the htgroup file
than it is to edit the .htaccess, especially if you have
several directories all restricted to access by the stooges. Most
importantly, the group file can be maintained by someone who does not
have the ability to write into the document directory, allowing you to
separate the security management and content management responsibilities
within your server.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness