linux_wiki:configure_group-managed_content

Configure Group-managed Content

General Information

Group managed content for collaboration.


Lab Setup

The following virtual machines will be used:

  • server1.example.com (192.168.1.150) → Perform all connectivity tests from here
  • server2.example.com (192.168.1.151) → Install Apache Web Server here

Previous Sections Completed


Basic Apache Directory Setup

Create directory to use

mkdir /data/redsite/devel-group


Create users and a developers group that will have access to the directory to manage the content

useradd robert
useradd steve
groupadd developers


Add users to the group

usermod -G developers robert
usermod -G developers steve


Set permissions of new directory

chown :developers /data/redsite/devel-group
chmod 771 /data/redsite/devel-group


Create index file

echo "Developers index file" > /data/redsite/devel-group/index.html

Group Protected Setup

Help: Available if you installed 'httpd-manual'

elinks /usr/share/httpd/manual/howto/auth.html
  • Then follow the “Letting more than one person in” link


Create the groupdb file (list group members)

vim /etc/httpd/conf/groupdb
 
developers: robert steve


Create the user entries in the userdb password file

htpasswd /etc/httpd/conf/userdb robert
htpasswd /etc/httpd/conf/userdb steve
htpasswd /etc/httpd/conf/userdb monty
  • Prompted for password each time
  • Give 'htpasswd' the -c argument if the userdb file does not exist to create it.
    • No “-c” the second time because it would overwrite the file instead of add to it.


Edit the vhosts.conf and add a directory auth section for the new devel-group directory

vim /etc/httpd/conf.d/vhosts.conf
 
<VirtualHost *:80>
  ServerName redsite.example.com
  DocumentRoot /data/redsite
  #....SNIP....#
 
  <Directory /data/redsite/devel-group>
    AuthType Basic
    AuthName "Group Auth - Enter Credentials"
    AuthGroupFile "/etc/httpd/conf/groupdb"
    AuthUserFile "/etc/httpd/conf/userdb"
    Require group developers
  </Directory>
  • Now only users in the userdb file AND in the “developers” group are allowed to view the content.
    • robert and steve should be allowed in, monty should be denied.


Restart httpd

systemctl restart httpd


View group protected directory

elinks http://redsite.example.com/devel-group
  • Prompted for username/password

  • linux_wiki/configure_group-managed_content.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)