Spring Semester 2003

Lab Notes Three: Password protected directories.


First of all in this lab you need to show two things:

  1. show that you have a properly defined crontab file
  2. show what your default editor is, and explain whether you had to change it or not

You also need to make sure you have your

hello, ..., helloFive
conspicuously indexed somewhere on your server's home page.

What follows is your


In this lab you will be setting up a password protected directory. You will be using these settings to hand in your assignments. Here's what you need to do:

  1. Log into burrowww.cs.indiana.edu and go to your ServerRoot directory

    cd /u/username/apache/apache_1.3.22

  2. Copy /u/dgerman/public/passwd to your ServerRoot

    cp /u/dgerman/public/passwd .

    Note that the command above assumes that you're in your ServerRoot already (the dot).

  3. Create a new directory under your DocumentRoot.

    Call the new directory: protected

    Your DocumentRoot is most likely htdocs.

  4. Create a index.html in your protected directory.

    Make it as simple as you want but write something in it.

  5. Open your httpd.conf and add this to the file:

    <Directory /u/username/apache/apache_1.3.22/htdocs/protected>
         AuthName       Protected 
         AuthType       Basic
         AuthUserFile   /u/username/apache/apache_1.3.22/passwd
         <Limit GET POST>
            require user dgerman 

    Add it after the comments that include this fragment:

    # Control access to UserDir directories.  The following is an example
    # for a site where these directories are restricted to read-only.
    # ... 
    and before the comment that starts like this:
    # DirectoryIndex: Name of the file or files to use as a pre-written HTML
    # directory index.  Separate multiple entries with spaces.
    Please don't forget to put your username in the TWO highlighted places.

  6. Restart your server.

    Since there's more than one way to do it, I'll let you do it your way.

You will be turning this in next lab.

This is part of your next assignment. Once your setup is complete you can start moving (copying) your assignments into this new directory where they can only be seen by username dgerman in exchange for the password listed in the file you transferred.

Make sure that the umask of the files in protected is 700.

Suppose now that you want to add another user (perhaps yourself) to access the protected directory. Here's what you need to do to add the user and define the password.

  1. Copy /u/dgerman/bin/htpasswd in your ~/bin directory.
  2. Run it, as follows:
    burrowww.cs.indiana.edu% ~/bin/htpasswd ~/apache/apache_1.3.22/passwd lbird    
    Adding user lbird
    New password:
    Re-type new password:
  3. Add the new user to your httpd.conf (just add one more require user line)

    AuthUserFile   /u/username/apache/apache_1.3.22/passwd
    <Limit GET POST>
       require user dgerman
       require user lbird
  4. Restart your server. Check access.

Be careful allowing access to your directory, and if you give access to yourself don't type your network password, use a different password, some string that you want to use for testing only.

Last updated on Jan 25, 2003, by Adrian German for A348/A548