Simple Password Protection for WWW Directories
Note: This assumes you know the basics of Project Vincent, including how to use an editor to create web pages, how to change into the right directories, etc. If you don't know that stuff already, then go learn it and come back to this page later. This is a very to-the-point, step-by-step process for doing simple password protection; the intent of this page is not to teach you how to use unix or create web pages.
Steps to implement simple password protection in a WWW subdir:
Create the desired subdir (if it doesn't yet exist) and cd into it.
Change privs in the dir to give read/list privs to the
www. Note that this user is Project
Vincent-specific; this is implemented differently in other systems,
especially non-/afs systems. The command for this is
fs sa . www rl
(within the protected directory). Use
to make sure you and
www (and, optionally, system
admins) are the only ones with privs in that directory. If there are
others (there will probably be a
fs sa . system:anyuser none
to remove those privs.
Edit a new file called
The layout should be something like this:
<Limit GET POST>
require group CHOOSE-A-GROUP-NAME
require user BOB
require user ME
For CHOOSE-A-NAME, do that. For SOMETHING,
put in the appropriate directory structure, up the the current directory.
(If you don't know that directory, use
to find it.) GET and POST are just in caps; leave them. For CHOOSE-A-GROUP-NAME, do that, too, if you want a group name. (I actually haven't played with groups much, so you might have to toy with this and figure it out yourself. Other documentation is available if you do a search elsewhere on the web, but keep in mind Project Vincent is set up somewhat differently for the privs I've already mentioned. This part would be the same, tho.) Also put in names for any users you want. These can be upper, lower, or mixed case, and they have nothing to do with Project Vincent usernames unless you make them that way.
Edit a file called
.htgroup if you
choose to play with groups. The layout for that is something like the
following; just replace the all-caps stuff with the appropriate groups and
users that you are making up.
GROUP1: USER1 USER2 USER3
GROUP2: USER3 USER4
Create passwords for each of the users you made up. I'm
not sure about groups, but I don't think you create passwords for them. I
think being a part of a group still requires your username and password,
but it could conceivably make it easier to give a group access and then
just update the group list in the
.htgroup file rather
than messing with individual users all the time in the
.htaccess file. To create a password for a user,
htpasswd -c .htpasswd JOEUSER
for the first one (the
-c creates a new file), and drop the
-c (just use
) for additional users. When you type that, it will prompt you for a password and a second time for verification (won't echo on the screen). Note that it only uuencodes the password in
.htpasswd, which is one of the reasons this isn't the
To change a password, just use
htpasswd .htpasswd OLDUSER
and it will let you enter a new one. It assumes anyone with write access in that directory should be able to change the password, so it won't ask for the old one, which is really convenient if you forgot it.
To delete a user/password, take the user out of the
and then remove the password by deleting the proper line in the
.htpasswd file. Removing it from the
.htpasswd file shouldn't be necessary, but if
you're concerned about conserving stray bits (or, more importantly, not
confusing yourself later), you can do it anyway.
Test it. Try logging in with correct and incorrect passwords. If something doesn't work, double-check your work.
This document is available at http://dsblack.public.iastate.edu/help/passwords.html.