bascule wrote on Tue, Sep 24, 2002 at 12:16:30AM +0100 : > to be sure we talking about the same thing :-) > i'm talking about the file generated by /usr/bin/htpasswd > i understood that you used that file for authentication whether using a > .htaccess file in the directory or using directives in the conf file - which > i want to do since the directory is read only, reading the docs i have to > specify the loaction of the password file when running htpasswd (with -c for > the first time) and i don't know where, i had thought that it should be > somewhere that only apache user could read but all the apache directories i > can find seems to have rwxr-x-r-x or rwxr--r-- perms, incl /etc/httpd/conf/
First, the file needs to be readable by user "apache". If you want to check if user apache can read it, run: su - apache -c 'cat /path/to/.htpasswd' If you see the contents of the file, it's permissions are acceptable for reading. However, I suggest you do this: cd /path/to/ chmod 750 .htpasswd chown apache:apache .htpasswd The other question is easier explained with an example. Let's say that you have www.bascule.com. The document root of this website is /var/www/html/. You have a directory named /var/www/html/admin that contains administrative stuff, so you want to protect it with a password. This is accessed by http://www.bascule.com/admin. You would put the .htpasswd file in /var/www/html/admin/.htpasswd. I also would suggest that you put a .htaccess file in there which tells apache to look at that htpasswd file. Here's a sample: [root@web08 /var/www/html/admin]# cat .htaccess AuthUserFile /var/www/html/admin/.htpasswd AuthGroupFile /dev/null AuthName bascule AuthType Basic require valid-user [root@web08 /var/www/html/admin]# cat .htpasswd bascule:sd5aNG2ARpr8 The above two files are real files on my webserver, but they are highly modified to mimic your setup. Blue skies... Todd -- ...and I will strike down upon thee with great vengeance and furious anger, those who attempt to poison and destroy my binaries, and you will know my name is root, when I lay my vengeance upon thee. Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk
msg57969/pgp00000.pgp
Description: PGP signature
