docs/manual/mod/mod_authz_groupfile.xml - httpd - Git at Google

 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
 <!-- $LastChangedRevision$ -->

 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->

 <modulesynopsis metafile="mod_authz_groupfile.xml.meta">

 <name>mod_authz_groupfile</name>
 <description>Group authorization using plaintext files</description>
 <status>Base</status>
 <sourcefile>mod_authz_groupfile.c</sourcefile>
 <identifier>authz_groupfile_module</identifier>

 <summary>
     <p>This module provides authorization capabilities so that
     authenticated users can be allowed or denied access to portions
     of the web site by group membership. Similar functionality is
     provided by <module>mod_authz_dbm</module>.</p>
 </summary>

 <seealso><directive module="mod_authz_core">Require</directive></seealso>

 <section id="requiredirectives"><title>The Require Directives</title>

     <p>Apache's <directive module="mod_authz_core">Require</directive>
     directives are used during the authorization phase to ensure that
     a user is allowed to access a resource.  mod_authz_groupfile extends the
     authorization types with <code>group</code> and <code>group-file</code>.
     </p>

     <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported
     within the groupfile require directives.</p>

 <section id="reqgroup"><title>Require group</title>

     <p>This directive specifies group membership that is required for the
     user to gain access.</p>

     <highlight language="config">
       Require group admin
     </highlight>

 </section>

 <section id="reqfilegroup"><title>Require file-group</title>

     <p>When this directive is specified, the filesystem permissions on
     the file being accessed are consulted. The user must be a member of
     a group with the same name as the group that owns the file.
     See <module>mod_authz_owner</module> for more
     details.</p>

     <highlight language="config">
       Require file-group
     </highlight>

 </section>

 </section>

 <directivesynopsis>
 <name>AuthGroupFile</name>
 <description>Sets the name of a text file containing the list
 of user groups for authorization</description>
 <syntax>AuthGroupFile <var>file-path</var></syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>The <directive>AuthGroupFile</directive> directive sets the
     name of a textual file containing the list of user groups for user
     authorization. <var>File-path</var> is the path to the group
     file. If it is not absolute, it is treated as relative to the <directive
     module="core">ServerRoot</directive>.</p>

     <p>Each line of the group file contains a groupname followed by a
     colon, followed by the member usernames separated by spaces.</p>

     <example><title>Example:</title>
       mygroup: bob joe anne
     </example>

     <p>Note that searching large text files is <em>very</em>
     inefficient; <directive module="mod_authz_dbm"
     >AuthDBMGroupFile</directive> provides a much better performance.</p>

     <note type="warning"><title>Security</title>
       <p>Make sure that the <directive>AuthGroupFile</directive> is
       stored outside the document tree of the web-server; do <em>not</em>
       put it in the directory that it protects. Otherwise, clients may
       be able to download the <directive>AuthGroupFile</directive>.</p>
     </note>
 </usage>
 </directivesynopsis>

 </modulesynopsis>
	<?xml version="1.0"?>
	<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
	<!-- $LastChangedRevision$ -->

	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<modulesynopsis metafile="mod_authz_groupfile.xml.meta">

	<name>mod_authz_groupfile</name>
	<description>Group authorization using plaintext files</description>
	<status>Base</status>
	<sourcefile>mod_authz_groupfile.c</sourcefile>
	<identifier>authz_groupfile_module</identifier>

	<summary>
	<p>This module provides authorization capabilities so that
	authenticated users can be allowed or denied access to portions
	of the web site by group membership. Similar functionality is
	provided by <module>mod_authz_dbm</module>.</p>
	</summary>

	<seealso><directive module="mod_authz_core">Require</directive></seealso>

	<section id="requiredirectives"><title>The Require Directives</title>

	<p>Apache's <directive module="mod_authz_core">Require</directive>
	directives are used during the authorization phase to ensure that
	a user is allowed to access a resource. mod_authz_groupfile extends the
	authorization types with <code>group</code> and <code>group-file</code>.
	</p>

	<p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported
	within the groupfile require directives.</p>

	<section id="reqgroup"><title>Require group</title>

	<p>This directive specifies group membership that is required for the
	user to gain access.</p>

	<highlight language="config">
	Require group admin
	</highlight>

	</section>

	<section id="reqfilegroup"><title>Require file-group</title>

	<p>When this directive is specified, the filesystem permissions on
	the file being accessed are consulted. The user must be a member of
	a group with the same name as the group that owns the file.
	See <module>mod_authz_owner</module> for more
	details.</p>

	<highlight language="config">
	Require file-group
	</highlight>

	</section>

	</section>

	<directivesynopsis>
	<name>AuthGroupFile</name>
	<description>Sets the name of a text file containing the list
	of user groups for authorization</description>
	<syntax>AuthGroupFile <var>file-path</var></syntax>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>The <directive>AuthGroupFile</directive> directive sets the
	name of a textual file containing the list of user groups for user
	authorization. <var>File-path</var> is the path to the group
	file. If it is not absolute, it is treated as relative to the <directive
	module="core">ServerRoot</directive>.</p>

	<p>Each line of the group file contains a groupname followed by a
	colon, followed by the member usernames separated by spaces.</p>

	<example><title>Example:</title>
	mygroup: bob joe anne
	</example>

	<p>Note that searching large text files is <em>very</em>
	inefficient; <directive module="mod_authz_dbm"
	>AuthDBMGroupFile</directive> provides a much better performance.</p>

	<note type="warning"><title>Security</title>
	<p>Make sure that the <directive>AuthGroupFile</directive> is
	stored outside the document tree of the web-server; do <em>not</em>
	put it in the directory that it protects. Otherwise, clients may
	be able to download the <directive>AuthGroupFile</directive>.</p>
	</note>
	</usage>
	</directivesynopsis>

	</modulesynopsis>