====== Configure Group-managed Content ======

**General Information**

Group managed content for collaboration.

----

====== Lab Setup ======

The following virtual machines will be used:
  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
  * server2.example.com (192.168.1.151) -> Install Apache Web Server here


**Previous Sections Completed**
  * [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]]
    * Except leave listening on port 80/tcp
  * [[linux_wiki:configure_a_virtual_host|Virtual Host Config]]
  * [[linux_wiki:configure_access_restrictions_on_directories|Access Restrict Directory]]

----

====== Basic Apache Directory Setup ======

Create directory to use
<code bash>
mkdir /data/redsite/devel-group
</code>

\\
Create users and a developers group that will have access to the directory to manage the content
<code bash>
useradd robert
useradd steve
groupadd developers
</code>

\\
Add users to the group
<code bash>
usermod -G developers robert
usermod -G developers steve
</code>

\\
Set permissions of new directory
<code bash>
chown :developers /data/redsite/devel-group
chmod 771 /data/redsite/devel-group
</code>

\\
Create index file
<code bash>
echo "Developers index file" > /data/redsite/devel-group/index.html
</code>

----

====== Group Protected Setup ======

**Help**: Available if you installed 'httpd-manual'<code bash>elinks /usr/share/httpd/manual/howto/auth.html</code>
  * Then follow the "Letting more than one person in" link

\\
Create the groupdb file (list group members)
<code bash>
vim /etc/httpd/conf/groupdb

developers: robert steve
</code>

\\
Create the user entries in the userdb password file
<code bash>
htpasswd /etc/httpd/conf/userdb robert
htpasswd /etc/httpd/conf/userdb steve
htpasswd /etc/httpd/conf/userdb monty
</code>
  * Prompted for password each time
  * Give 'htpasswd' the -c argument if the userdb file does not exist to create it.
    * No "-c" the second time because it would overwrite the file instead of add to it.

\\
Edit the vhosts.conf and add a directory auth section for the new devel-group directory
<code bash>
vim /etc/httpd/conf.d/vhosts.conf

<VirtualHost *:80>
  ServerName redsite.example.com
  DocumentRoot /data/redsite
  #....SNIP....#

  <Directory /data/redsite/devel-group>
    AuthType Basic
    AuthName "Group Auth - Enter Credentials"
    AuthGroupFile "/etc/httpd/conf/groupdb"
    AuthUserFile "/etc/httpd/conf/userdb"
    Require group developers
  </Directory>
</code>
  * Now only users in the userdb file AND in the "developers" group are allowed to view the content.
    * robert and steve should be allowed in, monty should be denied.

\\
Restart httpd
<code bash>
systemctl restart httpd
</code>

\\
View group protected directory
<code bash>
elinks http://redsite.example.com/devel-group
</code>
  * Prompted for username/password

----