Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:configure_group-managed_content [2016/10/08 17:56] billdozor |
linux_wiki:configure_group-managed_content [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 12: | Line 12: | ||
* server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
* server2.example.com (192.168.1.151) -> Install Apache Web Server here | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
+ | |||
+ | |||
+ | **Previous Sections Completed** | ||
+ | * [[linux_wiki: | ||
+ | * Except leave listening on port 80/tcp | ||
+ | * [[linux_wiki: | ||
+ | * [[linux_wiki: | ||
---- | ---- | ||
Line 19: | Line 26: | ||
Create directory to use | Create directory to use | ||
<code bash> | <code bash> | ||
- | mkdir /var/private | + | mkdir /data/redsite/ |
</ | </ | ||
\\ | \\ | ||
- | Create group that will have access to the directory | + | Create |
<code bash> | <code bash> | ||
- | groupadd | + | useradd robert |
+ | useradd steve | ||
+ | groupadd | ||
</ | </ | ||
Line 31: | Line 40: | ||
Add users to the group | Add users to the group | ||
<code bash> | <code bash> | ||
- | usermod -G dbadmins user1 user2 | + | usermod -G developers robert |
+ | usermod -G developers steve | ||
</ | </ | ||
Line 37: | Line 47: | ||
Set permissions of new directory | Set permissions of new directory | ||
<code bash> | <code bash> | ||
- | chown :dbadmins | + | chown :developers |
- | chmod 771 /var/private | + | chmod 771 /data/ |
</ | </ | ||
Line 44: | Line 54: | ||
Create index file | Create index file | ||
<code bash> | <code bash> | ||
- | echo "Group dbadmins | + | echo "Developers |
- | </ | + | |
- | + | ||
- | \\ | + | |
- | Create SELinux file context and restore the context | + | |
- | <code bash> | + | |
- | semanage fcontext -at httpd_sys_content_t "/ | + | |
- | restorecon -Rv / | + | |
</ | </ | ||
Line 58: | Line 61: | ||
====== Group Protected Setup ====== | ====== Group Protected Setup ====== | ||
- | Allow htaccess override for the new group directory | + | **Help**: Available if you installed ' |
- | <code bash> | + | |
- | vim /etc/httpd/conf/httpd.conf | + | |
- | + | ||
- | <Directory | + | |
- | | + | |
- | </ | + | |
- | </ | + | |
\\ | \\ | ||
- | Create | + | Create |
<code bash> | <code bash> | ||
- | vim /var/private/.htaccess | + | vim /etc/httpd/conf/ |
- | AuthType Basic | + | developers: robert steve |
- | AuthName " | + | |
- | AuthUserFile "/ | + | |
- | AuthGroupFile "/ | + | |
- | Require group dbadmins | + | |
</ | </ | ||
\\ | \\ | ||
- | Create | + | Create |
<code bash> | <code bash> | ||
- | vim / | + | htpasswd |
- | + | htpasswd / | |
- | dbadmins: user1 user2 | + | htpasswd / |
</ | </ | ||
+ | * Prompted for password each time | ||
+ | * Give ' | ||
+ | * No " | ||
\\ | \\ | ||
- | Set ownership | + | Edit the vhosts.conf |
<code bash> | <code bash> | ||
- | chown : | + | vim / |
- | chmod 640 /etc/httpd/conf/.groupdb | + | |
- | </ | + | |
- | \\ | + | < |
- | Create group password db file | + | |
- | <code bash> | + | |
- | htpasswd | + | # |
- | htpasswd | + | |
+ | | ||
+ | | ||
+ | AuthName "Group Auth - Enter Credentials" | ||
+ | AuthGroupFile "/ | ||
+ | | ||
+ | Require group developers | ||
+ | </ | ||
</ | </ | ||
- | * Prompted for password each time | + | * Now only users in the userdb |
- | * -c -> Create | + | * robert and steve should be allowed in, monty should be denied. |
- | * No "-c" the second time because it would overwrite the file instead of add to it. | + | |
\\ | \\ | ||
Line 113: | Line 113: | ||
View group protected directory | View group protected directory | ||
<code bash> | <code bash> | ||
- | elink http://testsite.example.com/ | + | elinks |
</ | </ | ||
* Prompted for username/ | * Prompted for username/ |