In order to certificate-protect a directory, you need to do some setup
with "fs sa", and also some setup with a .htaccess.mit file.
"fs sa" controls what the AFS server will allow you to do.
.htaccess.mit controlls what the web.mit.edu server will allow you to do.
- You use "fs sa" to ensure that your authors have "rlidwka" permisson,
which will let you upload new web pages and administer the file.
- You use "fs sa" to ensure that the group "system:anyuser" has no
permission, to make sure that people can't sneak in behind your back
and read the files straight out of AFS, bypassing the web server.
- You use "fs sa" to ensure that the group "system:htaccess.mit"
(the web.mit.edu servers) has "rl" permission, which lets the
web servers read the HTML code in your files.
- Because the web server has "rl" permission, it can read the files
and can show them to people who go to http://web.mit.edu/.../
You use the .htaccess.mit file to give the web server instructions
about who it is allowed to show the files to.
If you want members of "museum-photos" to be able to see the files via
http://web.mit.edu/museum/photos/ , then yes, you need to put
require group museum-photos
into the .htaccess.mit file, which will instruct the web server to
check certificates and only show the pages to the right people.
But you also need to use "fs sa" to set things up so that the web
server can read the files, and so that you can update the files.
Documentation and information provided by IS&T staff members →