Archive for July 24th, 2007
htaccess tutorial
by DJG, djg@linuxhelp.net
Created on November 29th, 1999.
Last updated on December 19th, 1999.
htaccess is a way to password protect directories. It can also be used to give user or group specific access to directories. This guide will tell you how to setup apache for htaccess and to set up basic protection. Let’s begin.
First, I assume you have Apache installed. If you don’t, get the rpm, deb, or tarball, etc…
Now, you’ll have to know what directory you want to be able to use htaccess. Let’s say that you want to be able to use it in the /var/www directory.
In your apache config file, access.conf, (Mine is located in /etc/apache/access.conf, locations may vary. Try locate access.conf). Please note that in some cases when installing Apache 1.3.9 from the tarball, all the config files will be combined into one file called httpd.conf. Open up access.conf or httpd.conf and find the lines that look like the following:
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
Note: This is machine specific. I am working from a default Debian Apache install. In order to use htaccess, you’ll need to change the line
AllowOverride None
to
AllowOverride AuthConfig
If you have a different options in the AllowOverride line, but not AuthConfig, add it, if you have “All” then you won’t need it.
Now restart apache for the changes to take effect.
I use /etc/init.d/apache restart for that, Red Hat Linux users may use /etc/rc.d/init.d/httpd restart. Just look around your system. Also, killall -HUP httpd will restart the server.
Now that the directory and its subdirectories are htaccess enabled, you’ll need to setup the actual files.
Create a file in the dir you want to protect called .htaccess
Here’s an example .htaccess file:
AuthUserFile /var/www/.htpasswd
AuthGroupFile /www.null
AuthName “Authorization Required”
AuthType Basic
require valid-user
AuthUserFile is the path to the password file which we will create in a minute.
AuthGroupFile is the path to the group password file, for simple user protection, this is not needed, so simply send the requests for it to /www.null
AuthName Is a message to appear, I just used Authorization Required. Change it to what you’d like.
AuthType Just set this to Basic
Now, inside the
require user djg
Now that .htaccess is set up, you’ll need to create the password file. To do this, use the program htpasswd.
To create an initial .htpasswd file, use the -c tag.
The syntax is: htpasswd passwordfilename user (add -c if you’re creating the file)
So, we would use:
htpasswd -c /var/www/.htpasswd djg
It would then prompt me for a password.
To create new users in the same file, simply drop the -c.
htpasswd /var/www/.htpasswd anotherusername
When running htpasswd it will ask you for that username’s password. Now, everything should be set up, and your directory should be protected.
No tags
24
WARNING: The following packages cannot be authenticated!
No comments · Posted by nguyen in Linux Docs
haven’t use linux for a while, now cum back and got few messages like this when install pakage.
solution?
WARNING: The following packages cannot be authenticated!
foo bar baz
Install these packages without verification [y/N]?
I noticed today that google doesn’t turn up good hits for the fix. The fix is really simple:
apt-get install debian-archive-keyring
apt-get update
That’s it. You now have secure packages from Debian. Nice, eh?
# apt-get install debian-keyring debian-archive-keyring
Reading package lists… Done
Building dependency tree… Done
debian-keyring is already the newest version.
debian-archive-keyring is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 146 not upgraded.
#apt-get update
# apt-get upgrade
Reading package lists… Done
Building dependency tree… Done
The following packages will be upgraded:
adduser apt apt-utils base-files bash bsdmainutils bsdutils busybox
console-common console-data coreutils cron dash debconf debconf-i18n
No tags
