restrict access on host and/or user basis

restrict access on host and/or user basis

Post by Stefan Muelle » Wed, 15 Sep 1999 04:00:00



Hi!

I've the following problem:

I want to restrict acess to my server an a password
basis. This is simple: I use the basic authentification
mechanism for this.

Now comes the hard part:
I'd like to access my server from one host WITHOUT
any password.

This is a part of my standard httpd.conf file:
<Directory "C:/Programme/Apache Group/Apache/htdocs">
    Order allow,deny
    Allow from all
           AuthName "restricted stuff"
           AuthType Basic
           AuthUserFile /programme/apache~1/apache/passwd
      require valid-user  
</Directory>

I tried to set up a second <directory> directive which
allows everything for this special host, but I still
get the password box popping up.

I use: Apache 1.3.9

Thanks for help.
   Stefan.

--------------------------------------------
Dipl.-Ing. Stefan Mueller
Ruhr-University Bochum
AG f. num. Meth. i.d. Mechanik und
  Simulationstechnik
--------------------------------------------

 
 
 

restrict access on host and/or user basis

Post by Hans Waasdor » Wed, 15 Sep 1999 04:00:00


Hi there,

you have to add satisfy with a value (any or all)
In your case it would be any because you want,

If
    request from "any" within .localdomain
    then no need for http auth.
else
    require http auth
end

So it would look like this:

<Directory "C:/Programme/Apache Group/Apache/htdocs">
    Order allow,deny
    Allow from .localdomain
           AuthName "restricted stuff"
           AuthType Basic
           AuthUserFile /programme/apache~1/apache/passwd
      require valid-user
      satisfy any
</Directory>


> Hi!

> I've the following problem:

> I want to restrict acess to my server an a password
> basis. This is simple: I use the basic authentification
> mechanism for this.

> Now comes the hard part:
> I'd like to access my server from one host WITHOUT
> any password.

> This is a part of my standard httpd.conf file:
> <Directory "C:/Programme/Apache Group/Apache/htdocs">
>     Order allow,deny
>     Allow from all
>            AuthName "restricted stuff"
>            AuthType Basic
>            AuthUserFile /programme/apache~1/apache/passwd
>       require valid-user
> </Directory>

> I tried to set up a second <directory> directive which
> allows everything for this special host, but I still
> get the password box popping up.

> I use: Apache 1.3.9

> Thanks for help.
>    Stefan.

> --------------------------------------------
> Dipl.-Ing. Stefan Mueller
> Ruhr-University Bochum
> AG f. num. Meth. i.d. Mechanik und
>   Simulationstechnik
> --------------------------------------------


 
 
 

1. Restricting ftp directory access on a per user basis

I have been having difficulty configuring restricted directory access on a per
user basis.  We cannot use an anonymous ftp setup because each user should only
be able to access particular files.  Therefore, I intended to assign individual
id's as guest ftp logins with "/bin/true" shells, and thought that restricting
them to their home directory structure would be fairly straightforward.    
However, these login id's are free to "cd" outside of their home directory; not
only are they allowed to "cd", but they can then get files outside of their root
structure.  
I've heard a few references to "sublogins" but I don't really know what these
are.  I've also heard someone recommend modifying the source for ftpd to add a
line chrooting to a user's directory, but after looking at the source code for
ftpd.c I'm afraid it's a little beyond my C programming skills.  What is the
easiest way to achieve this restriction on an individual user basis?  I am
getting desparate to solve this problem; any help would be appreciated.

My ftptest login entry in /etc/passwd looks like this:
ftptest:!:555:204:WUFTP Test User ID:/ftp/./ftptest:/bin/true

My ftpaccess file looks like this:
----------------------------------------------
class   all   real,guest,anonymous  *

limit   all   5   Any              /usr/local/etc/msgs/msg.toomany

loginfails 3

banner /usr/local/etc/msgs/msg.login

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             local remote
tar             yes             local remote

log commands real anonymous guest
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 enforce

path-filter anonymous,guest,real /ftp/pub/incoming ^[-A-Za-z0-9._]*$ ^[-._]

upload /ftp/pub/incoming upload yes root system 0600
--------------------------------------------------------------------------------
Thanks,
Susan Malisch

2. help ... auido CDs and Linux

3. restricting ftp on a per user basis

4. how to use the GCC C compiler?

5. Restricting Simultaneous Host Accesses?

6. XF86Config for S3

7. How do Virtual Hosting services restrict access to ftp only?

8. netscape dies when java enabled.

9. Restricting Services On A NIC Basis

10. Restricted Host IP to access internal for IP Forwarding

11. Restricting Host Access with Linux CMU SNMP

12. restricting telnet port access with hosts.deny?

13. Restricting ssh access to selected hosts