Access Keys:
Skip to content (Access Key - 0)

Protecting a Web Directory via Certificates - more technical background

Context

You have a web directory, and you want to use certificates to limit who has access.

The basic instructions are here: Web Publishing - Access privileges on web.mit.edu. A more technical explanation of how it works follows.

Protecting a Directory

In order to certificate-protect a directory, you need to do some setup
with "fs sa", and also some setup with a .htaccess.mit file.

"fs sa" controls what the AFS server will allow you to do.
.htaccess.mit controlls what the web.mit.edu server will allow you to do.

- You use "fs sa" to ensure that your authors have "rlidwka" permisson,
  which will let you upload new web pages and administer the file.
- You use "fs sa" to ensure that the group "system:anyuser" has no
  permission, to make sure that people can't sneak in behind your back
  and read the files straight out of AFS, bypassing the web server.
- You use "fs sa" to ensure that the group "system:htaccess.mit"
  (the web.mit.edu servers) has "rl" permission, which lets the
  web servers read the HTML code in your files.

- Because the web server has "rl" permission, it can read the files
  and can show them to people who go to http://web.mit.edu/.../
  You use the .htaccess.mit file to give the web server instructions
  about who it is allowed to show the files to.


So...

If you want members of "museum-photos" to be able to see the files via
http://web.mit.edu/museum/photos/ , then yes, you need to put 
 require group museum-photos
into the .htaccess.mit file, which will instruct the web server to
check certificates and only show the pages to the right people.

But you also need to use "fs sa" to set things up so that the web
server can read the files, and so that you can update the files.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

June 05, 2014

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-web-publishing c-web-publishing Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki