RHEL7: Configure Apache group-managed content.

Share this link

Note: This is an RHCE 7 exam objective.

Prerequisites

First, follow the instructions to install an Apache web server.

Main Configuration

To allow only a group of users (here nikos and steve from the team) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:

<Directory "/var/www/html/private">
AuthType Basic
AuthName "Password protected area"
AuthGroupFile /etc/httpd/conf/team
AuthUserFile /etc/httpd/conf/passwd
Require group team
</Directory>

Check the configuration file:

# apachectl configtest
Syntax OK

Create the /var/www/html/private directory and assign the correct SELinux context:

# mkdir -p /var/www/html/private
# restorecon -R /var/www/html/private

Create the /etc/httpd/conf/team file and paste the following line:

team: nikos steve

Create the /etc/httpd/conf/passwd file, add the nikos and steve accounts with their own passwords:

# htpasswd -c /etc/httpd/conf/passwd nikos
New password: nikos
Re-type new password: nikos
Adding password for user nikos
# htpasswd /etc/httpd/conf/passwd steve
New password: steve
Re-type new password: steve
Adding password for user steve

Restart the httpd service:

# systemctl restart httpd

Configuration Check

To check the configuration, type:

# yum install -y elinks
# elinks http://localhost/private/
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

11 Comments on "RHEL7: Configure Apache group-managed content."

Notify of
Sort by:   newest | oldest
chamambom
Member
chamambom
@certdepot, thanks for such an awesome blog for Redhat preparation. I will be taking my exam soon and have one grey area with regard to these 2 objectives : – configure access restrictions on directories – configure group-managed content Correct me if I am wrong but this is how I am understanding them: Configure group-managed content——this one seems to be similar to setting up group authing using this config below just like how you explained it AuthGroupFile /etc/httpd/conf/team It also overlaps with this objective Configure access restrictions on directories on the group managed content, I have seen others doing the… Read more »
Lisenet
Member

Configure group-managed content – this is chmod 2770 (content that is managed by a group).

Configure access restrictions on directories – this is AuthGroupFile /etc/httpd/conf/team.

chamambom
Member
chamambom

@Lisenet, the reason why I am saying that is because htpasswd users don’t exist in the file system and the group also doesn’t exist in the filesystem [and by filesystem I mean via useradd command] … so what group would you create the users for since the auth userfile and the authgroup file have users and groups that don’t exist in /etc/passwd or group?

Lisenet
Member

It’s very simple, therefore I’m a bit puzzled on what you don’t understand with these objectives. Group managed content is for web developers to upload files to a webserver. We do that in production all the time, configure chmod 2770 so that devs can push changes to webroots.

Access restrictions on directories are purely for web users to require login to be able to see content. These users don’t need nor don’t have to have Linux accounts. An example would be a WordPress login page which you want to configure restrictions on.

chamambom
Member
chamambom

I understand them perfectly, only they seem intertwined…and as you can see @lisenet , on this post it only validates what I have been saying and while what you are saying is true ….I guess I’ll have to take the RHCE and try to read between the lines on that kind of question.

Lisenet
Member

This post has a misleading headline – it covers access restrictions on directories, but the title says “Configure Apache group-managed content”. This is not correct.

By adding Apache users to the group file (AuthGroupFile) does not grant any management permissions for content, it only allows access on directories.

There is no reading between the lines, the fact that the post has an incorrect headline doesn’t validate your statement 🙂

CertDepot, can you fix the headline please?

Lisenet
Member

I think that changing the title of the tutorial is sufficient.

chamambom
Member
chamambom

@Lisenet ,yes group managed content is how you are explaining it ,but i guess a lot of people like me are confusing it with the apache group restricted access.I am just glad that the exams are usually explicit about what they want you to do ….. so yes ,the way you explain it is the same way that works for samba ,nfs collaborative shares .

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a caching-only DNS server to forward DNS queries.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...

Recent Comments