Google Git
Sign in
apache / httpd / 01b99447729a3d43891997806106be6bec3637ff / . / docs / manual / mod / mod_authz_groupfile.html.en
blob: f9cbe56867fa7c1b02a2bf4e85873dea4100095d [file] [log] [blame]
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_authz_groupfile - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_groupfile</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>Group authorization using plaintext files</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
</a></th><td>authz_groupfile_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_authz_groupfile.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3>
<p>This module provides authorization capabilities so that
authenticated users can be allowed or denied access to portions
of the web site by group membership. Similar functionality is
provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a text file containing the list
of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>AuthGroupFile <em>file-path</em></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_groupfile</td></tr></table>
<p>The <code class="directive">AuthGroupFile</code> directive sets the
name of a textual file containing the list of user groups for user
authentication. <em>File-path</em> is the path to the group
file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
<p>Each line of the group file contains a groupname followed by a
colon, followed by the member usernames separated by spaces.
Example:</p>
<div class="example"><p><code>mygroup: bob joe anne</code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
instead.</p>
<div class="note"><h3>Security</h3>
<p>Make sure that the <code class="directive">AuthGroupFile</code> is
stored outside the document tree of the web-server; do <em>not</em>
put it in the directory that it protects. Otherwise, clients will
be able to download the <code class="directive">AuthGroupFile</code>.</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzGroupFileAuthoritative" id="AuthzGroupFileAuthoritative">AuthzGroupFileAuthoritative</a> <a name="authzgroupfileauthoritative" id="authzgroupfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>AuthzGroupFileAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthzGroupFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_groupfile</td></tr></table>
<p>Setting the <code class="directive">AuthzGroupFileAuthoritative</code>
directive explicitly to <strong>'off'</strong> allows for
authorization to be passed on to lower level modules (as defined in
the <code>Configuration</code> and <code>modules.c</code> file if
there is <strong>no userID</strong> or <strong>rule</strong> matching
the supplied userID. If there is a userID and/or rule specified; the
usual password and access checks will be applied and a failure will
give an Authorization Required reply.</p>
<p>So if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the <code class="directive">AuthzGroupFileAuthoritative</code>
setting.</p>
<p>By default, control is not passed on and an unknown userID
or rule will result in an Authorization Required reply. Not
setting it thus keeps the system secure and forces an NCSA
compliant behaviour.</p>
<p>Security: Do consider the implications of allowing a user to
allow fall-through in his .htaccess file; and verify that this
is really what you want; Generally it is easier to just secure
a single .htpasswd file, than it is to secure a database which
might have more access interfaces.</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>