LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-12-2009, 07:41 PM   #1
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Rep: Reputation: 15
Password protect a web folder on apache


hello all


i am in need of password protecting a folder on my apache web server. how can i set it up to ask for user and password before the user is granted access to the folder?
 
Old 05-12-2009, 08:19 PM   #2
Robhogg
Member
 
Registered: Sep 2004
Location: Old York, North Yorks.
Distribution: Debian 7 (mainly)
Posts: 653

Rep: Reputation: 97
There's more than one way to do it, but one of the simplest is to add the following to your Apache config file:

Code:
<Directory "/var/www/htdocs/your/private/directory">
AuthType Basic
AuthName "My Private Directory"
AuthUserFile "/var/www/htpasswd"
Require valid-user
</Directory>
Then create the htpasswd file, and add at least one user to it (as root):
Code:
htpasswd -c /var/www/htpasswd username
This file should be outside of the directories available from the web (I'm assuming here that your document root is /var/www/htdocs - modify as necessary). You would need to have mod_auth enabled.

Note that Basic authentication is not secure (all credentials are transmitted as plain text). There is also AuthType digest (implemented in mod_auth_digest), which hashes the credentials before sending, though this is not so well supported by browsers and a little more complex.

Last edited by Robhogg; 05-12-2009 at 08:20 PM.
 
Old 05-12-2009, 10:22 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by Robhogg
Note that Basic authentication is not secure (all credentials are transmitted as plain text). There is also AuthType digest (implemented in mod_auth_digest), which hashes the credentials before sending, though this is not so well supported by browsers and a little more complex.
+1 on digest authentication. It's not much more effort than basic, and it's more secure.

Carefully read the documentation and post back if you run into issues.
 
Old 05-13-2009, 07:59 PM   #4
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Original Poster
Rep: Reputation: 15
ok ......i added this to the apache config

<Directory "/var/www/html/music">
AuthType Basic
AuthName "My music Directory"
AuthUserFile "/var/www/htpasswd"
Require valid-user
</Directory>

and that part works with no problem, buti need help with the auth part... i made the .htpasswd file and put it in a htpasswd folder located at /var/www/htpasswd but wont auth . the user is music and this is what the file looks like.

htpasswd -c /var/www/htpasswd music

what am i doing wrong?


BTW this is on Fedora 8

Last edited by andy1974; 05-13-2009 at 08:02 PM.
 
Old 05-13-2009, 08:07 PM   #5
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You probably needed

htpasswd -c /var/www/htpasswd music password

But are you saying you put that line in a file called /var/www/htpasswd/.htpasswd? htpasswd is a command to create apassword file (or add users, etc). See man htpasswd.
 
Old 05-13-2009, 08:17 PM   #6
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Original Poster
Rep: Reputation: 15
arrrrrrg , i am so confused...i am thinking i have this wrong

htpasswd -c /var/www/htpasswd music

this is the link

www.clickerpower.net/music

Last edited by andy1974; 05-13-2009 at 08:19 PM.
 
Old 05-13-2009, 08:21 PM   #7
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
If you want to create an authorized user "music" with password "password", the command

htpasswd -c /var/www/htpasswd music password

will create a file /var/www/htpassword containing user and password information for "music". Your authentication against /var/www/htpasswd should then work (or if it doesn't, the problem is somewhere else).

Edit - if you've created a directory called /var/www/htpasswd, you should probably get rid of it first, since htpasswd will try to create a file with the same name and fail.
 
Old 05-13-2009, 08:31 PM   #8
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Original Poster
Rep: Reputation: 15
ok then where does this line go ?

htpasswd -c /var/www/htpasswd music password


i made a folder called /htpasswd and put in in the /var/www/



sorry hang in there with me i will gett it soon
 
Old 05-13-2009, 08:36 PM   #9
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
That line is a command that you type from the terminal - it doesn't go into a file. It's like "ls" or "cd" commands.

You don't want a folder (directory) called htpasswd in /var/www - delete it. The command above will create a file of that name itself (that's what the -c option does - it stands for "create the following file").

From the command line in a terminal sesion, type "man htpasswd" to see what I mean - type "q" to quit.
 
Old 05-13-2009, 08:46 PM   #10
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Original Poster
Rep: Reputation: 15
ok this is what i got



[root@clickerpower ~]# htpasswd -c /var/www/htpasswd music welcome
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.




didnt seem to create the file
 
Old 05-13-2009, 08:56 PM   #11
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Make that

htpasswd -bc /var/www/htpasswd music welcome

as given by the message above.
 
Old 05-14-2009, 04:46 AM   #12
namit
Member
 
Registered: Aug 2005
Distribution: Debian
Posts: 355

Rep: Reputation: 30
if you just trying to share music best to use something that will stream it for you also and allow you to stream http://ampache.org/
 
Old 05-14-2009, 09:50 AM   #13
andy1974
Member
 
Registered: Jun 2007
Posts: 85

Original Poster
Rep: Reputation: 15
ok i did the command and this is what i got

[root@clickerpower ~]# htpasswd -bc /var/www/htpasswd music *********
Adding password for user music


it worked ....i had to change the path in the config i had a trailing /

Last edited by andy1974; 05-14-2009 at 09:53 AM.
 
Old 05-15-2009, 02:28 AM   #14
mdjww
LQ Newbie
 
Registered: May 2009
Posts: 2

Rep: Reputation: 0
Good job guys!

Last edited by win32sux; 05-15-2009 at 06:18 PM. Reason: Removed signature with suspicious link.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to protect shared folder with password in opensuse11 praveenakm Linux - Newbie 1 03-14-2009 06:07 AM
Password protect folder? sall Linux - Security 4 07-18-2005 06:57 PM
Password Protect Folder?? sall Linux - Software 5 07-18-2005 07:58 AM
How to password protect a web directory abdulber Linux - Software 1 01-28-2004 12:34 AM
Looking for a way to password protect a file within my Home folder BadKarma Linux - Security 2 12-26-2003 09:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration