CentOS-6.5
httpd-2.2.15 (centos)
I am trying to understand how directory access control works in Apache-2.2.
Does a means exist to revoke access in a subdirectory if access has been
granted in a higher one? We restrict access to the entire site via htdigest
but some directories are need to be further restricted by the group a user is
assigned to. I have this situation:
<Directory />
AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup
Require group staff
AllowOverride None
Order allow,deny
allow from all
Satisfy All
Options Indexes MultiViews
IndexOptions FancyIndexing
AddDefaultCharset UTF-8
</Directory>
<Directory /Private>
Require group management
</Directory>
In this setup a member of group staff who is not a member of group management
nonetheless can list and download files in /Private. I want to prevent this.
Is this possible and if so then how is this done?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
