Protecting "private" web pages on a Unix timesharing machine

Protecting "private" web pages on a Unix timesharing machine

"Private" web pages can be password protected by using the .htaccess/.htpasswd mechanism, but since the server needs the files to be world readable in order to read them, everyone else on the machine can read them also. Sometimes, of course, this is not desirable.

By proper use of directory ownership and group protections, it is possible to restrict the accessibility to a single group. This mechanism is demonstrated at 

    https://www.cs.rutgers.edu/demo/
Users with access to the directory can see that they are accessible only by the corresponding groups.

The need for the path to the files to be publicly readable is avoided in this demonstration by making the directory of files owned by the user under which the http server runs. The users who need to be able to maintain the web pages get access to the protected directory via group access. If the directory is then protected 770, the world (that is, local users other than those in the specific group) cannot read those files locally. Since this requires privs to do, send an email to help on the machine on which you need the directory ownership changed (and reference this page so your request makes sense).

This page last updated July 6, 2004.