With a little side of applesauce...

Sunday, January 28, 2007

Apache - Controlling read-only and read/write access to same directory

I have found that I can control read-only and read/write access to the same directory by placing the following in the .htaccess file:

<LimitExcept >
require group my_read_write_group
require group admin
</LimitExcept>

<Limit GET PROPFIND OPTIONS>
require group my_read_only_group
</Limit>

The LimitExcept blocks all access from anyone, except for the “my_read_write_group” and the “admin” group. If your user is not a member of one of those groups, then it drops to the Limit directive, which allows a member of the “my_read_only_group” to login with a webDAV client to view the source code, but not edit it. (In cadaver, Apache prompts me for a login when I try to edit a file). You have two options here:

1. Only allow the user to browse the source code through a web browser:

<Limit GET>
require group my_read_only_group
</Limit>

2. Allow the user to browse the source code through a web browser, _or_ a webDAV client:

<Limit GET PROPFIND OPTIONS>
require group my_read_only_group
</Limit>

No comments: