Note: This is an RHCE 7 exam objective.
Prerequisites
First, follow the instructions to install an Apache web server.
Note: Don’t forget to install the httpd-manual package. This could help you a lot with any syntax issue.
Main Configuration
To allow only a group of users (here nikos and steve from the team) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:
<Directory "/var/www/html/private"> AuthType Basic AuthName "Password protected area" AuthGroupFile /etc/httpd/conf/team AuthUserFile /etc/httpd/conf/passwd Require group team </Directory>
Check the configuration file:
# apachectl configtest Syntax OK
Create the /var/www/html/private directory and assign the correct SELinux context:
# mkdir -p /var/www/html/private # restorecon -R /var/www/html/private
Create the /etc/httpd/conf/team file and paste the following line:
team: nikos steve
Create the /etc/httpd/conf/passwd file, add the nikos and steve accounts with their own passwords:
# htpasswd -c /etc/httpd/conf/passwd nikos New password:nikosRe-type new password:nikosAdding password for user nikos # htpasswd /etc/httpd/conf/passwd steve New password:steveRe-type new password:steveAdding password for user steve
Restart the httpd service:
# systemctl restart httpd
Configuration Check
To check the configuration, type:
# yum install -y elinks # elinks http://localhost/private/
@certdepot, thanks for such an awesome blog for Redhat preparation. I will be taking my exam soon and have one grey area with regard to these 2 objectives :
– configure access restrictions on directories
– configure group-managed content
Correct me if I am wrong but this is how I am understanding them:
Configure group-managed content——this one seems to be similar to setting up group authing using this config below just like how you explained it
AuthGroupFile /etc/httpd/conf/team
It also overlaps with this objective Configure access restrictions on directories
on the group managed content, I have seen others doing the same configurations we do when setting up samba or nfs group collaborations
using the chmod 2770 and chmod g+t
I am against the chmod 2770 as the objectives seem to be in relation to access via apache not via the filesytem but I might be wrong.
I think you are correct.
Configure group-managed content – this is chmod 2770 (content that is managed by a group).
Configure access restrictions on directories – this is AuthGroupFile /etc/httpd/conf/team.
@Lisenet, the reason why I am saying that is because htpasswd users don’t exist in the file system and the group also doesn’t exist in the filesystem [and by filesystem I mean via useradd command] … so what group would you create the users for since the auth userfile and the authgroup file have users and groups that don’t exist in /etc/passwd or group?
It’s very simple, therefore I’m a bit puzzled on what you don’t understand with these objectives. Group managed content is for web developers to upload files to a webserver. We do that in production all the time, configure chmod 2770 so that devs can push changes to webroots.
Access restrictions on directories are purely for web users to require login to be able to see content. These users don’t need nor don’t have to have Linux accounts. An example would be a WordPress login page which you want to configure restrictions on.
I understand them perfectly, only they seem intertwined…and as you can see @lisenet , on this post it only validates what I have been saying and while what you are saying is true ….I guess I’ll have to take the RHCE and try to read between the lines on that kind of question.
This post has a misleading headline – it covers access restrictions on directories, but the title says “Configure Apache group-managed content”. This is not correct.
By adding Apache users to the group file (AuthGroupFile) does not grant any management permissions for content, it only allows access on directories.
There is no reading between the lines, the fact that the post has an incorrect headline doesn’t validate your statement 🙂
CertDepot, can you fix the headline please?
I understand you concern. However, can you let me what you want to change?
The content of the tutorial or the title of the tutorial?
I think that changing the title of the tutorial is sufficient.
What are you proposing for the title?
@Lisenet ,yes group managed content is how you are explaining it ,but i guess a lot of people like me are confusing it with the apache group restricted access.I am just glad that the exams are usually explicit about what they want you to do ….. so yes ,the way you explain it is the same way that works for samba ,nfs collaborative shares .