LinuxQuestions.org - Problem with HTACCESS

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Problem with HTACCESS (https://www.linuxquestions.org/questions/linux-newbie-8/problem-with-htaccess-764054/)

Problem with HTACCESS

I have a directory that contains this .htaccess file:

Quote:

AuthName "this directory"
AuthType Basic
AuthUserFile /home/MyDomain/.htpasswd
require valid-user

In /home/MyDomain I have an .htaccess file that I have added a name/password to with:

htpasswd .htpasswd SomeUser

In my httpd.conf file I have this:

Quote:

<Directory "/home/MyDomain/public_html/admin">
AllowOverride AuthConfig
</Directory>

Yet I'm getting:

Quote:

Forbidden
You don't have permission to access /admin/ on this server.

Any ideas what I should be looking for?

does the directory admin belong to the user you are trying to auth as, or does it belong to the http user?

Quote:

Originally Posted by irishbitte (Post 3730467)

does the directory admin belong to the user you are trying to auth as, or does it belong to the http user?

Why would that be an issue? I should be able to add any user/pwd combination. The .htpasswd user list is unrelated to user accounts on the particular server.

However...

I created user "MyDomain" in /home/MyDomain, I created /public_html/admin as user MyDomain. So the owner of admin is user MyDomain.

But as I said, I don't really think it matters to Apache with respect to basic authentication and .htaccess / .htpasswd.

Quote:

Originally Posted by Arty Ziff (Post 3730472)

1. You have a problem getting Apache to access a specific directory. You post an inquiry.

2. Someone asks you whether you have assured that Apache has rights to that directory.

3. Your response is "Why would that be an issue?"

No wonder you're having problems. Tell me how you think Apache can access any directory it cares to, based only on its configuration, without regard to system-wide access permissions.

Above all else, the target directory must be accessible to Apache's default user and group. Trust me on this.

also seeing as you DO have access to the httpd.conf file you do not need to use a .htaccess -- edit the httpd.conf file!!!

You can add any user/passwd combo, for people accessing this content from the net, but Apache needs to be able to see this directory and navigate in it. For example, I use scripts to backup my website to a tmp folder outside the webroot. The tmp folder has to be writable by www-data in order that apache can use it. Same goes for you. Here is a way you can do it:

Code:

chown -R MyDomain:www-data /home/MyDomain/public_html/admin

chmod -R 770 /home/MyDomain/public_html/admin

assuming 'www-data' is your http user. Do this:

Code:

getent passwd | grep www

and there should be only the http user listed.

This should sort you out! BTW, this:

Quote:

also seeing as you DO have access to the httpd.conf file you do not need to use a .htaccess -- edit the httpd.conf file!!!

is correct.

Also, NEVER put the htpasswd file in a documents dir. Anyone on the web can grab a copy and try to break it. Store it with the httpd.conf
BTW, no need to make it 'hidden' ie leading '.' is redundant.

Quote:

Originally Posted by lutusp (Post 3730630)

It is *unnecessary* to become nasty and rude. "Why would that be an issue?" is a perfectly valid question, which you go on to answer. Could you have answered without being so rude?

Thanks John VV, irishbitte, and chrism01 for providing helpful responses! Much appreciated, you have helped me solve the issue.

Just to check, is it working now? And what method(s) did you employ to achieve success? This would help future searches.