On Mon, 3 May 1999, Schlomo Schapiro wrote:
> Anyway, in my httpd.conf the user dirs are set as follows:
> <Directory /*/public_html>
> AllowOverride All
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
for the symbolic link, this option ^^^^^^ sais that apache will follow a
symbolic link only if the owner of the link is the same as the owner of
the file the link points to. If you want to remove this limitation,
replace this keyword with 'FollowSymLinks', and restart apache.
> <Limit GET POST OPTIONS PROPFIND>
> Order allow,deny
> Allow from all
> </Limit>
> <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
> Order deny,allow
> Deny from all
> </Limit>
> </Directory>
>
> I think that this is a reasonable config put there by my distri.
seems to be so.
> The point is, what do I have to put in the .htaccess in ~/public_html to
> allow all the things I need.
you shouldn't need to use any '.htaccess' file in your public_html
directory, just to let symboli links work properly.
> The problem is very simple. I made a dir
> (public_html/film) and when i tell the browser ..../~schapiro/film I get
> an access denied page. dir rights are 755 and should be fine. It seems to
> me that apache doesn't allow entrance into subdirs in the userdirs at all
> and I wonder how to tell it in my .htaccess that for this specific dir it
> should allow it.
1. can you access files that are place directly in the public_html
directory?
2. Did you put any file (index.html in particular) under your 'film'
directory? if not, apache thinks you're trying to get a listing of the
directory's contents, and for some reason this fails - you should check
the 'error_log' file of apache (found in its logs directory) for an
error message that _might_ give you soe hint regarding the problem.
finally, as for doing password authentication, there are two parts for the
answer.
first, for the '.htaccess' file in the protected direcotyr, it should look
something like this:
AuthType Basic
AuthName shlomo_film_files
AuthUserFile /home/choo/some_safe_dir/choo.pwd
<Limit GET POST>
require valid-user
</Limit>
note that the 'authname' may contain any string, and that 'authuserfile'
should point to a file that is readable only by you and the user under
which apache is running, NOT by all system users (as it contains passwords
for this protection). you ought to look up 'AuthType', 'AuthName' and
'AuthUserFile' on apache's documentation at www.apache.org .
as for authenticating against your local /etc/passwd file, there is a
solution for that (some module you can download from apache's web page),
but it is NOT recommended for use only a web site, because it means people
can try brute-force attacks on your system without the server making
proper logs or having any 'flow control' on these attempts.
guy
