General Information

Group managed content for collaboration.

Create directory to use

mkdir /var/private

Create group that will have access to the directory

groupadd dbadmins

Add users to the group

usermod -G dbadmins user1 user2

Set permissions of new directory

chown :dbadmins /var/private
chmod 771 /var/private

Create index file

echo "Group dbadmins index file" > /var/private/index.html

Create SELinux file context and restore the context

semanage fcontext -at httpd_sys_content_t "/var/private(/.*)?"
restorecon -Rv /var/private/

Allow htaccess override for the new group directory

vim /etc/httpd/conf/httpd.conf
 
<Directory /var/private>
  AllowOverride AuthConfig
</Directory>

Create htaccess file

vim /var/private/.htaccess
 
AuthType Basic
AuthName "Password Protected DBADMIN - Enter Credentials:"
AuthUserFile "/etc/httpd/conf/.grouppassworddb"
AuthGroupFile "/etc/httpd/conf/.groupdb"
Require group dbadmins

Create groupdb file

vim /etc/httpd/conf/.groupdb
 
dbadmins: user1 user2

Set ownership and permissions

chown :apache /etc/httpd/conf/.groupdb
chmod 640 /etc/httpd/conf/.groupdb

Create group password db file

htpasswd -c /etc/httpd/conf/.grouppassworddb user1
htpasswd /etc/httpd/conf/.grouppassworddb user2

• Prompted for password each time
• -c → Create the file
• No “-c” the second time because it would overwrite the file instead of add to it.

Restart httpd

systemctl restart httpd

View group protected directory

elink http://testsite.example.com/private

• Prompted for username/password