Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: .htaccess allow at directory level
Top Forums Web Development .htaccess allow at directory level Post 302738083 by molwiko on Friday 30th of November 2012 10:19:40 AM
Old 11-30-2012
Wrench .htaccess allow at directory level
Hi Guys

I have a web a site at the following directory
/var/www/
the website is containing a lot of sub directories.
/var/www/mywebsite/folder1
/var/www/mywebsite/folder2
/var/www/mywebsite/folder3
I would like to block all the website expect one user ex: user1 password1
who can see everything and another user who can see only folder2 ex: user2 password1

Code:
AuthType Basic
AuthName htaccess
AuthUserFile /var/www/.secret
AuthGroupFile /dev/null
#<Limit GET POST>
#order deny,allow
#deny from all
#require user Loylogic
#require user Ates
#</Limit>
require user user1
SetEnvIf Request_URI "(/var/www/mywebsite)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
require user user2
SetEnvIf Request_URI "(/var/www/mywebsite/folder1)$" allow
Order allow,deny
Allow from env=allow
Satisfy any

the issue this code doesn't work can you please help to sort to this our thanks
Last edited by Corona688; 11-30-2012 at 11:30 AM..
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

htaccess

Something is wrong. I do everything right make the .htaccess file and stuff, but when I try the htpasswd command it says command not found. I use Putty SSH client and I think server is running RedHat 7.1 with Apache some version. HELP!!! (1 Reply)
Discussion started by: _hp_
1 Replies

2. UNIX for Advanced & Expert Users

MV files from one directory structure(multiple level) to other directory structure

Hi, I am trying to write a script that will move all the files from source directory structure(multiple levels might exist) to destination directory structure. If a sub folder is source doesnot exist in destination then I have to skip and goto next level. I also need to delete the files in... (4 Replies)
Discussion started by: srmadab
4 Replies

3. Shell Programming and Scripting

How to exclude top level directory with find?

I'm using bash on cygwin/windows. I'm trying to use find and exclude the directory /cygdrive/c/System\ Volume\ Information. When I try to use the command below I get the error "rm: cannot remove `/cygdrive/c/System Volume Information': Is a directory. Can someone tell me what I am doing... (3 Replies)
Discussion started by: siegfried
3 Replies

4. Solaris

Difference between run level & init level

what are the major Difference Between run level & init level (2 Replies)
Discussion started by: rajaramrnb
2 Replies

5. Shell Programming and Scripting

How to parse filename and one level up directory name?

Hello Experts, I need little help with parsing. I want to parse filename and one level up directory name. sample $1 will consists of /home/username/ABC1/rstfiles4.log /home/username/ABC4/rstfiles2.log /home/username/EDC7/rstfiles23.log /home/username/EDC6/rstfiles55.log... (8 Replies)
Discussion started by: Shirisha
8 Replies

6. UNIX for Dummies Questions & Answers

Redirect with htaccess to upper level folder, how to?

Hello, Well I have a web with a very bad structure (a vBulletin forum) and I want it redirected to a newer folder in the same server but with a upper level folder. Current structure is: https://www.unix.com/vbulletin/upload/index.php And I want it to be:... (0 Replies)
Discussion started by: Rafaweb
0 Replies

7. Shell Programming and Scripting

How to get top level parent directory

Hi All, I have a directory like this: /u01/app/oracle/11gSE1/11gR203 How do i get the top level directory /u01 from this? Tried dirname and basename but dint help. I can this using echo $ORACLE_HOME | awk -F"/" '{print "/"$2}'. But I am trying to find out if there is a better way of doing it... (4 Replies)
Discussion started by: nilayasundar
4 Replies

8. Red Hat

SSL certificate generation on OS level or application level

We have a RHEL 5.8 server at the production level and we have a Java application on this server. I know of the SSL certificate generation at the OS (RHEL) level but it is implemented on the Java application by our development team using the Java keytool. My doubt is that is the SSL generation can... (3 Replies)
Discussion started by: RHCE
3 Replies

9. UNIX for Beginners Questions & Answers

Move all files one directory level up

I want to move all the files in a given directory up one level. For example: Dir1 Subdir1 I want to move all the files in Subdir1 up to Dir1 (then I want to ultimately delete Subdir1) Thanks, Ted (10 Replies)
Discussion started by: ftrobaugh
10 Replies

LEARN ABOUT CENTOS

webadm_selinux

webadm_selinux(8)					webadm SELinux Policy documentation					 webadm_selinux(8)

NAME

       webadm_r - Web administrator role. - Security Enhanced Linux Policy

DESCRIPTION

       SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.

       Note: Examples in this man page will use the staff_u SELinux user.

       Non  login  roles  are usually used for administrative tasks. For example, tasks that require root privileges.  Roles control which types a
       user can run processes with. Roles often have default types assigned to them.

       The default type for the webadm_r role is webadm_t.

       The newrole program to transition directly to this role.

       newrole -r webadm_r -t webadm_t

       sudo is the preferred method to do transition from one role to another.	You setup sudo to transition to webadm_r by adding a similar  line
       to the /etc/sudoers file.

       USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND

       sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL

       When using a a non login role, you need to setup SELinux so that your SELinux user can reach webadm_r role.

       Execute the following to see all of the assigned SELinux roles:

       semanage user -l

       You need to add webadm_r to the staff_u user.  You could setup the staff_u user to be able to use the webadm_r role with a command like:

       $ semanage user -m -R 'staff_r system_r webadm_r' staff_u

BOOLEANS

       SELinux policy is customizable based on least access required.  webadm policy is extremely flexible and has several booleans that allow you
       to manipulate the policy and run webadm with the tightest access possible.

       If you want to determine whether webadm can manage generic user files, you must turn on the webadm_manage_user_files boolean.  Disabled	by
       default.

       setsebool -P webadm_manage_user_files 1

       If  you	want  to  determine  whether  webadm can read generic user files, you must turn on the webadm_read_user_files boolean. Disabled by
       default.

       setsebool -P webadm_read_user_files 1

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the  authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If  you want to deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable
       should be reported in bugzilla, you must turn on the deny_execmem boolean. Enabled by default.

       setsebool -P deny_execmem 1

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow logging in and using the system from /dev/console, you must turn on  the  login_console_enabled  boolean.  Enabled	by
       default.

       setsebool -P login_console_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default.

       setsebool -P nscd_use_shm 1

       If  you	want  to  disallow  programs, such as newrole, from transitioning to administrative user domains, you must turn on the secure_mode
       boolean. Enabled by default.

       setsebool -P secure_mode 1

       If you want to allow unconfined executables to make their stack executable.  This should never, ever be	necessary.  Probably  indicates  a
       badly  coded  executable,  but  could  indicate	an  attack.  This  executable  should be reported in bugzilla, you must turn on the selin-
       uxuser_execstack boolean. Enabled by default.

       setsebool -P selinuxuser_execstack 1

       If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean. Disabled by default.

       setsebool -P ssh_sysadm_login 1

       If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn  on  the	xdm_sysadm_login  boolean.
       Disabled by default.

       setsebool -P xdm_sysadm_login 1

MANAGED FILES

       The SELinux process type webadm_t can manage files labeled with the following file types.  The paths listed are the default paths for these
       file types.  Note the processes UID still need to have DAC permissions.

       httpd_config_t

	    /etc/httpd(/.*)?
	    /etc/nginx(/.*)?
	    /etc/apache(2)?(/.*)?
	    /etc/cherokee(/.*)?
	    /etc/lighttpd(/.*)?
	    /etc/apache-ssl(2)?(/.*)?
	    /var/lib/openshift/.httpd.d(/.*)?
	    /var/lib/stickshift/.httpd.d(/.*)?
	    /etc/vhosts
	    /etc/thttpd.conf

       httpd_lock_t

       httpd_log_t

	    /srv/([^/]*/)?www/logs(/.*)?
	    /var/www(/.*)?/logs(/.*)?
	    /var/log/glpi(/.*)?
	    /var/log/cacti(/.*)?
	    /var/log/httpd(/.*)?
	    /var/log/nginx(/.*)?
	    /var/log/apache(2)?(/.*)?
	    /var/log/php-fpm(/.*)?
	    /var/log/cherokee(/.*)?
	    /var/log/lighttpd(/.*)?
	    /var/log/suphp.log.*
	    /var/log/thttpd.log.*
	    /var/log/apache-ssl(2)?(/.*)?
	    /var/log/cgiwrap.log.*
	    /var/www/stickshift/[^/]*/log(/.*)?
	    /var/www/miq/vmdb/log(/.*)?
	    /var/log/roundcubemail(/.*)?
	    /var/log/php_errors.log.*
	    /var/log/dirsrv/admin-serv(/.*)?
	    /var/lib/openshift/.log/httpd(/.*)?
	    /var/www/openshift/console/log(/.*)?
	    /var/www/openshift/broker/httpd/logs(/.*)?
	    /var/www/openshift/console/httpd/logs(/.*)?
	    /etc/httpd/logs

       httpd_modules_t

	    /usr/lib/httpd(/.*)?
	    /usr/lib/apache(/.*)?
	    /usr/lib/cherokee(/.*)?
	    /usr/lib/lighttpd(/.*)?
	    /usr/lib/apache2/modules(/.*)?
	    /etc/httpd/modules

       httpd_php_tmp_t

       httpd_script_exec_type

       httpd_suexec_tmp_t

       httpd_tmp_t

	    /var/run/user/apache(/.*)?
	    /var/www/openshift/console/tmp(/.*)?

       httpd_unit_file_t

	    /usr/lib/systemd/system/httpd.*
	    /usr/lib/systemd/system/jetty.*
	    /usr/lib/systemd/system/nginx.*
	    /usr/lib/systemd/system/php-fpm.*

       httpd_var_run_t

	    /var/run/mod_.*
	    /var/run/wsgi.*
	    /var/run/httpd.*
	    /var/run/nginx.*
	    /var/run/apache.*
	    /var/run/php-fpm(/.*)?
	    /var/run/lighttpd(/.*)?
	    /var/lib/php/session(/.*)?
	    /var/lib/php/wsdlcache(/.*)?
	    /var/run/dirsrv/admin-serv.*
	    /var/www/openshift/broker/httpd/run(/.*)?
	    /var/www/openshift/console/httpd/run(/.*)?
	    /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?
	    /var/run/thttpd.pid
	    /var/run/gcache_port
	    /var/run/cherokee.pid

       httpdcontent

       public_content_rw_t

	    /var/spool/abrt-upload(/.*)?

       systemd_passwd_var_run_t

	    /var/run/systemd/ask-password(/.*)?
	    /var/run/systemd/ask-password-block(/.*)?

       user_home_t

	    /home/[^/]*/.+

       user_tmp_t

	    /var/run/user(/.*)?
	    /tmp/hsperfdata_root
	    /var/tmp/hsperfdata_root
	    /tmp/gconfd-.*

       webadm_tmp_t

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), webadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

mgrepl@redhat.com						      webadm							 webadm_selinux(8)
All times are GMT -4. The time now is 05:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy