Configure Group-managed Content
General Information
Group managed content for collaboration.
Lab Setup
The following virtual machines will be used:
- server1.example.com (192.168.1.150) → Perform all connectivity tests from here
- server2.example.com (192.168.1.151) → Install Apache Web Server here
Previous Sections Completed
-
- Except leave listening on port 80/tcp
Basic Apache Directory Setup
Create directory to use
mkdir /data/redsite/devel-group
Create users and a developers group that will have access to the directory to manage the content
useradd robert useradd steve groupadd developers
Add users to the group
usermod -G developers robert usermod -G developers steve
Set permissions of new directory
chown :developers /data/redsite/devel-group chmod 771 /data/redsite/devel-group
Create index file
echo "Developers index file" > /data/redsite/devel-group/index.html
Group Protected Setup
Help: Available if you installed 'httpd-manual'
elinks /usr/share/httpd/manual/howto/auth.html
- Then follow the “Letting more than one person in” link
Create the groupdb file (list group members)
vim /etc/httpd/conf/groupdb developers: robert steve
Create the user entries in the userdb password file
htpasswd /etc/httpd/conf/userdb robert htpasswd /etc/httpd/conf/userdb steve htpasswd /etc/httpd/conf/userdb monty
- Prompted for password each time
- Give 'htpasswd' the -c argument if the userdb file does not exist to create it.
- No “-c” the second time because it would overwrite the file instead of add to it.
Edit the vhosts.conf and add a directory auth section for the new devel-group directory
vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:80> ServerName redsite.example.com DocumentRoot /data/redsite #....SNIP....# <Directory /data/redsite/devel-group> AuthType Basic AuthName "Group Auth - Enter Credentials" AuthGroupFile "/etc/httpd/conf/groupdb" AuthUserFile "/etc/httpd/conf/userdb" Require group developers </Directory>
- Now only users in the userdb file AND in the “developers” group are allowed to view the content.
- robert and steve should be allowed in, monty should be denied.
Restart httpd
systemctl restart httpd
View group protected directory
elinks http://redsite.example.com/devel-group
- Prompted for username/password