- Overview
- Installation & Uninstallation
- Local and remote management using IIS 7
- Context and processing order
- Apache compatibility
- Modules
- core functions
- mod_antibot
- mod_asis
- mod_auth_basic
- mod_auth_digest
- mod_authn_anon
- mod_authn_dbd
- mod_authn_default
- mod_authn_file
- mod_authz_default
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
- mod_cache
- mod_dbd
- mod_deflate
- mod_developer
- mod_dir
- mod_disk_cache
- mod_env
- mod_evasive
- mod_expires
- mod_filter
- mod_gzip
- mod_headers
- mod_hotlink
- mod_linkfreeze
- mod_log_config
- mod_logio
- mod_mem_cache
- mod_mime
- mod_proxy
- mod_replace
- mod_rewrite
- mod_seo
- mod_setenvif
- mod_so
- mod_speling
- mod_usertrack
- mod_xsendfile
- Articles
- Release history
- Troubleshooting
- License agreement
mod_authz_groupfile
Overview
mod_authz_groupfile module provides authorization to specific parts of the site based on user's group membership.
Quick start
Sample mod_auth_basic & mod_authz_groupfile configuration in .htaccess
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Path to password file
AuthUserFile c:\inetpub\users\.htpasswds
# Path to group file
AuthGroupFile c:\inetpub\users\.groups
# Access will be granted to all authenticated users from 'admins' group
Require group admins
Sample of
.htpasswds
file:
john:jhnpswd
bill:billsecret
jack:jack123
Sample of
.groups
file:
# admins group
admins: john jack
# users group
users: john bill jackRelated articles and topics
- HTTP Authentication and Authorization
- Enabling site authentication not using Windows users
- mod_auth_basic
- mod_auth_digest
- mod_authn_dbd
- mod_authn_file
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
Directives
| Name | Context | Description |
|---|---|---|
| AuthGroupFile | S V D .h | sets the name of a text file containing the list of user groups for authorization |
| AuthzGroupFileAuthoritative | S V D .h | sets whether authorization will be passed on to lower level modules |
AuthGroupFile
AuthGroupFile
directive specifies the name of the text file
containing the list of user groups for user authorization.
File-path
is the path to the group file. If it is not absolute, it is treated as relative
to the current configuration file (
httpd.conf
or
.htaccess
).
Syntax
AuthGroupFile file-pathEach line of the group file contains a groupname, colon and space-separated members usernames.
operators: bill george barak
Security note!
Don't locate
AuthGroupFile
inside the directory that it protects
and inside web-server document tree. Otherwise, clients will have a chance to
download groups file.
AuthzGroupFileAuthoritative
Sets whether authorization will be passed on to lower level modules.
If
AuthzGroupFileAuthoritative
is set to
off
and no group got matched against specified userID, group authorization will
be passed to lower level modules (if any).
Syntax
AuthzGroupFileAuthoritative On|OffDefault
AuthzGroupFileAuthoritative On