====== Configure Group-managed Content ======
**General Information**
Group managed content for collaboration.
----
====== Lab Setup ======
The following virtual machines will be used:
* server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
* server2.example.com (192.168.1.151) -> Install Apache Web Server here
**Previous Sections Completed**
* [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]]
* Except leave listening on port 80/tcp
* [[linux_wiki:configure_a_virtual_host|Virtual Host Config]]
* [[linux_wiki:configure_access_restrictions_on_directories|Access Restrict Directory]]
----
====== Basic Apache Directory Setup ======
Create directory to use
mkdir /data/redsite/devel-group
\\
Create users and a developers group that will have access to the directory to manage the content
useradd robert
useradd steve
groupadd developers
\\
Add users to the group
usermod -G developers robert
usermod -G developers steve
\\
Set permissions of new directory
chown :developers /data/redsite/devel-group
chmod 771 /data/redsite/devel-group
\\
Create index file
echo "Developers index file" > /data/redsite/devel-group/index.html
----
====== Group Protected Setup ======
**Help**: Available if you installed 'httpd-manual'elinks /usr/share/httpd/manual/howto/auth.html
* Then follow the "Letting more than one person in" link
\\
Create the groupdb file (list group members)
vim /etc/httpd/conf/groupdb
developers: robert steve
\\
Create the user entries in the userdb password file
htpasswd /etc/httpd/conf/userdb robert
htpasswd /etc/httpd/conf/userdb steve
htpasswd /etc/httpd/conf/userdb monty
* Prompted for password each time
* Give 'htpasswd' the -c argument if the userdb file does not exist to create it.
* No "-c" the second time because it would overwrite the file instead of add to it.
\\
Edit the vhosts.conf and add a directory auth section for the new devel-group directory
vim /etc/httpd/conf.d/vhosts.conf
ServerName redsite.example.com
DocumentRoot /data/redsite
#....SNIP....#
AuthType Basic
AuthName "Group Auth - Enter Credentials"
AuthGroupFile "/etc/httpd/conf/groupdb"
AuthUserFile "/etc/httpd/conf/userdb"
Require group developers
* Now only users in the userdb file AND in the "developers" group are allowed to view the content.
* robert and steve should be allowed in, monty should be denied.
\\
Restart httpd
systemctl restart httpd
\\
View group protected directory
elinks http://redsite.example.com/devel-group
* Prompted for username/password
----