docs/manual/mod/mod_authz_groupfile.xml - httpd - Git at Google

 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
 <!-- $Revision: 1.8 $ -->

 <!--
  Copyright 2002-2004 The Apache Software Foundation

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->

 <modulesynopsis metafile="mod_authz_groupfile.xml.meta">

 <name>mod_authz_groupfile</name>
 <description>Group authorization using plaintext files</description>
 <status>Base</status>
 <sourcefile>mod_authz_groupfile.c</sourcefile>
 <identifier>authz_groupfile_module</identifier>
 <compatibility>Available in Apache 2.1 and later</compatibility>

 <summary>
     <p>This module provides authorization capabilities so that
     authenticated users can be allowed or denied access to portions
     of the web site by group membership. Similar functionality is
     provided by <module>mod_authz_dbm</module>.</p>
 </summary>

 <seealso><directive module="core">Require</directive></seealso>
 <seealso><directive module="core">Satisfy</directive></seealso>

 <directivesynopsis>
 <name>AuthGroupFile</name>
 <description>Sets the name of a text file containing the list
 of user groups for authentication</description>
 <syntax>AuthGroupFile <var>file-path</var></syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>The <directive>AuthGroupFile</directive> directive sets the
     name of a textual file containing the list of user groups for user
     authentication. <var>File-path</var> is the path to the group
     file. If it is not absolute, it is treated as relative to the <directive
     module="core">ServerRoot</directive>.</p>

     <p>Each line of the group file contains a groupname followed by a
     colon, followed by the member usernames separated by spaces.</p>

     <example><title>Example:</title>
       mygroup: bob joe anne
     </example>

     <p>Note that searching large text files is <em>very</em>
     inefficient; <directive module="mod_authz_dbm"
     >AuthDBMGroupFile</directive> provides a much better performance.</p>

     <note type="warning"><title>Security</title>
       <p>Make sure that the <directive>AuthGroupFile</directive> is
       stored outside the document tree of the web-server; do <em>not</em>
       put it in the directory that it protects. Otherwise, clients may
       be able to download the <directive>AuthGroupFile</directive>.</p>
     </note>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>AuthzGroupFileAuthoritative</name>
 <description>Sets whether authorization will be passed on to lower level
 modules</description>
 <syntax>AuthzGroupFileAuthoritative On|Off</syntax>
 <default>AuthzGroupFileAuthoritative On</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>Setting the <directive>AuthzGroupFileAuthoritative</directive>
     directive explicitly to <code>Off</code> allows for
     group authorization to be passed on to lower level modules (as defined
     in the <code>modules.c</code> files) if there is <strong>no
     group</strong> matching the supplied userID.</p>

     <p>By default, control is not passed on and an unknown group
     will result in an Authentication Required reply. Not
     setting it thus keeps the system secure and forces an NCSA
     compliant behaviour.</p>

     <note type="warning"><title>Security</title>
       <p>Do consider the implications of allowing a user to
       allow fall-through in his <code>.htaccess</code> file; and verify
       that this is really what you want; Generally it is easier to just
       secure a single <code>.htpasswd</code> file, than it is to secure
       a database which might have more access interfaces.</p>
     </note>
 </usage>
 </directivesynopsis>

 </modulesynopsis>
	<?xml version="1.0"?>
	<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
	<!-- $Revision: 1.8 $ -->

	<!--
	Copyright 2002-2004 The Apache Software Foundation

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<modulesynopsis metafile="mod_authz_groupfile.xml.meta">

	<name>mod_authz_groupfile</name>
	<description>Group authorization using plaintext files</description>
	<status>Base</status>
	<sourcefile>mod_authz_groupfile.c</sourcefile>
	<identifier>authz_groupfile_module</identifier>
	<compatibility>Available in Apache 2.1 and later</compatibility>

	<summary>
	<p>This module provides authorization capabilities so that
	authenticated users can be allowed or denied access to portions
	of the web site by group membership. Similar functionality is
	provided by <module>mod_authz_dbm</module>.</p>
	</summary>

	<seealso><directive module="core">Require</directive></seealso>
	<seealso><directive module="core">Satisfy</directive></seealso>

	<directivesynopsis>
	<name>AuthGroupFile</name>
	<description>Sets the name of a text file containing the list
	of user groups for authentication</description>
	<syntax>AuthGroupFile <var>file-path</var></syntax>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>The <directive>AuthGroupFile</directive> directive sets the
	name of a textual file containing the list of user groups for user
	authentication. <var>File-path</var> is the path to the group
	file. If it is not absolute, it is treated as relative to the <directive
	module="core">ServerRoot</directive>.</p>

	<p>Each line of the group file contains a groupname followed by a
	colon, followed by the member usernames separated by spaces.</p>

	<example><title>Example:</title>
	mygroup: bob joe anne
	</example>

	<p>Note that searching large text files is <em>very</em>
	inefficient; <directive module="mod_authz_dbm"
	>AuthDBMGroupFile</directive> provides a much better performance.</p>

	<note type="warning"><title>Security</title>
	<p>Make sure that the <directive>AuthGroupFile</directive> is
	stored outside the document tree of the web-server; do <em>not</em>
	put it in the directory that it protects. Otherwise, clients may
	be able to download the <directive>AuthGroupFile</directive>.</p>
	</note>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>AuthzGroupFileAuthoritative</name>
	<description>Sets whether authorization will be passed on to lower level
	modules</description>
	<syntax>AuthzGroupFileAuthoritative On\|Off</syntax>
	<default>AuthzGroupFileAuthoritative On</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>Setting the <directive>AuthzGroupFileAuthoritative</directive>
	directive explicitly to <code>Off</code> allows for
	group authorization to be passed on to lower level modules (as defined
	in the <code>modules.c</code> files) if there is <strong>no
	group</strong> matching the supplied userID.</p>

	<p>By default, control is not passed on and an unknown group
	will result in an Authentication Required reply. Not
	setting it thus keeps the system secure and forces an NCSA
	compliant behaviour.</p>

	<note type="warning"><title>Security</title>
	<p>Do consider the implications of allowing a user to
	allow fall-through in his <code>.htaccess</code> file; and verify
	that this is really what you want; Generally it is easier to just
	secure a single <code>.htpasswd</code> file, than it is to secure
	a database which might have more access interfaces.</p>
	</note>
	</usage>
	</directivesynopsis>

	</modulesynopsis>