2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_authz_dbm.xml.meta">
25 <name>mod_authz_dbm</name>
26 <description>Group authorization using DBM files</description>
27 <status>Extension</status>
28 <sourcefile>mod_authz_dbm.c</sourcefile>
29 <identifier>authz_dbm_module</identifier>
32 <p>This module provides authorization capabilities so that
33 authenticated users can be allowed or denied access to portions
34 of the web site by group membership. Similar functionality is
35 provided by <module>mod_authz_groupfile</module>.</p>
38 <seealso><directive module="mod_authz_core">Require</directive></seealso>
40 <section id="requiredirectives"><title>The Require Directives</title>
42 <p>Apache's <directive module="mod_authz_core">Require</directive>
43 directives are used during the authorization phase to ensure that
44 a user is allowed to access a resource. mod_authz_dbm extends the
45 authorization types with <code>dbm-group</code>.</p>
47 <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
48 within the DBM require directives.</p>
50 <section id="reqgroup"><title>Require dbm-group</title>
52 <p>This directive specifies group membership that is required for the
53 user to gain access.</p>
55 <highlight language="config">
56 Require dbm-group admin
61 <section id="reqfilegroup"><title>Require dbm-file-group</title>
63 <p>When this directive is specified, the user must be a member of the group
64 assigned to the file being accessed.</p>
66 <highlight language="config">
67 Require dbm-file-group
74 <section id="examples">
75 <title>Example usage</title>
76 <p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
77 instead of <code>group</code>:</em>
79 <highlight language="config">
80 <Directory "/foo/bar">
82 AuthName "Secure Area"
84 AuthDBMUserFile site/data/users
85 AuthDBMGroupFile site/data/users
86 Require dbm-group admin
92 <name>AuthDBMGroupFile</name>
93 <description>Sets the name of the database file containing the list
94 of user groups for authorization</description>
95 <syntax>AuthDBMGroupFile <var>file-path</var></syntax>
96 <contextlist><context>directory</context><context>.htaccess</context>
98 <override>AuthConfig</override>
101 <p>The <directive>AuthDBMGroupFile</directive> directive sets the
102 name of a DBM file containing the list of user groups for user
103 authorization. <var>File-path</var> is the absolute path to the
106 <p>The group file is keyed on the username. The value for a
107 user is a comma-separated list of the groups to which the users
108 belongs. There must be no whitespace within the value, and it
109 must never contain any colons.</p>
111 <note type="warning"><title>Security</title>
112 <p>Make sure that the <directive>AuthDBMGroupFile</directive> is
113 stored outside the document tree of the web-server. Do
114 <strong>not</strong> put it in the directory that it protects.
115 Otherwise, clients will be able to download the
116 <directive>AuthDBMGroupFile</directive> unless otherwise
120 <p>Combining Group and Password DBM files: In some cases it is
121 easier to manage a single database which contains both the
122 password and group details for each user. This simplifies any
123 support programs that need to be written: they now only have to
124 deal with writing to and locking a single DBM file. This can be
125 accomplished by first setting the group and password files to
126 point to the same DBM:</p>
128 <highlight language="config">
129 AuthDBMGroupFile /www/userbase
130 AuthDBMUserFile /www/userbase
133 <p>The key for the single DBM is the username. The value consists
137 Encrypted Password : List of Groups [ : (ignored) ]
140 <p>The password section contains the encrypted
141 password as before. This is followed by a colon and the comma
142 separated list of groups. Other data may optionally be left in the
143 DBM file after another colon; it is ignored by the authorization
144 module. This is what www.telescope.org uses for its combined
145 password and group database.</p>
150 <name>AuthzDBMType</name>
151 <description>Sets the type of database file that is used to
152 store list of user groups</description>
153 <syntax>AuthzDBMType default|SDBM|GDBM|NDBM|DB</syntax>
154 <default>AuthzDBMType default</default>
155 <contextlist><context>directory</context><context>.htaccess</context>
157 <override>AuthConfig</override>
160 <p>Sets the type of database file that is used to store the list
162 The default database type is determined at compile time. The
163 availability of other types of database files also depends on
164 <a href="../install.html#dbm">compile-time settings</a>.</p>
166 <p>It is crucial that whatever program you use to create your group
167 files is configured to use the same type of database.</p>
projects / apache / blob