Very Computer

by **adam** » Thu, 26 Oct 2000 04:00:00

Do you want the UNIX userid the process is running under or the
authenticated name the web client used to gain access? The first should
be easily got through what ever programming language you're using (all
have a way to determine what uid they're running as, both real and
effective). The second should be available in the env variable
REMOTE_USER. (Note, these may very likely be different.)

You might also find this link helpful:

http://www.apache.org/docs/misc/FAQ.html#remote-user-var

-adam

> Hi all,

> I have just created some secure directories on a website using htaccess. Now
> when i start a CGI from one of those dirs i need to know who is actually
> accessing this directory, i.e. i want to know the userid of the one who
> actually has gained access to the site. Isn't there any environment variable
> that displays this ? Strangely enough, when i run a CGI that shows me the
> available variables, the username is nowhere to be found, or should i
> protect the CGI directory as well to get this ?

> Thanks
> Bob Lefevere

by **Dan Wilg** » Thu, 26 Oct 2000 04:00:00

> Hi all,

> I have just created some secure directories on a website using htaccess. Now
> when i start a CGI from one of those dirs i need to know who is actually
> accessing this directory, i.e. i want to know the userid of the one who
> actually has gained access to the site. Isn't there any environment variable
> that displays this ? Strangely enough, when i run a CGI that shows me the
> available variables, the username is nowhere to be found, or should i
> protect the CGI directory as well to get this ?

Yes, the directory containing any CGI script you want to display the env var
of the username must be protected as well. The name of the variable is
HTTP_USER.

** Remove the REMOVE in my address address to reply reply **

by **Rafael Garcia-Suar** » Fri, 27 Oct 2000 04:00:00

Bob Lefevere wrote in comp.infosystems.www.servers.unix:

Quote:>Yep, i just found out i have to protect the cgi-bin as well then.. Which is
>logical if you think about it- if you start a cgi script you go to the
>unprotected cgi-bin directory, so there is no point for Apache to keep the
>REMOTE_USER variable.

>Is there a way to open up the CGI-BIN for all and still have htaccess
>security in place ?

Just a clue: you can make a subdir of cgi-bin and place the .htaccess
and the protected scripts there.

--
# Rafael Garcia-Suarez / http://rgarciasuarez.free.fr/

by **Dan Wilg** » Fri, 27 Oct 2000 22:32:37

> > Yes, the directory containing any CGI script you want to display the env
> > var
> > of the username must be protected as well. The name of the variable is
> > HTTP_USER.

> I think you meant to say REMOTE_USER.

D'oh! As usual, you're right, Joshua.

** Remove the REMOVE in my address address to reply reply **

by **Alan Sincla** » Sun, 05 Nov 2000 12:51:46

Quote:>Hi all,

>I have just created some secure directories on a website using htaccess.
>Now when i start a CGI from one of those dirs i need to know who is
>actually accessing this directory, i.e. i want to know the userid of the
>one who actually has gained access to the site. Isn't there any
>environment variable that displays this ? Strangely enough, when i run a
>CGI that shows me the available variables, the username is nowhere to be
>found, or should i protect the CGI directory as well to get this ?

>Thanks
>Bob Lefevere

I think you are referring to REMOTE_USER. You need to place the CGI script
in the secured directory otherwise Apache will not set the REMOTE_USER env
variable.

hth,

Very Computer

Question on htaccess

Question on htaccess

Question on htaccess

Question on htaccess

Question on htaccess

Question on htaccess