Mailing List Archive

Disabling access for git to specific Directory with Apache Basic Authentication
I have git setup with my Apache2 server and it serves git request just
fine. Now I want to setup Basic Authentication for this, so not
everybody can use every directory. My goal is that only the ADMIN group
has access to the complete `/var/www/html/git` directory and my GITGROUP
can access *only* `/var/www/html/git/subdir` directories. However, while
Apache is asking for credentials, with the setup (below) GITGROUP is
still allowed to access *all* git directories. What am I doing wrong?


|SetEnv GIT_PROJECT_ROOT /var/www/html/git SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <Directory
/usr/lib/git-core> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AuthType Basic AuthName "Authentication Required" AuthUserFile
"/etc/apache2/.htpasswd" AuthGroupFile "/etc/apache2/groups" Require
group ADMIN GITGROUP Order allow,deny Allow from all </Directory>
<Directory /var/www/html/git> AuthType Basic AuthName "Authentication
Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
"/etc/apache2/groups" Require group ADMIN Options -Indexes Order
allow,deny Allow from all </Directory> <Directory
/var/www/html/git/subdir> AuthType Basic AuthName "Authentication
Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
"/etc/apache2/groups" Require group ADMIN GITGROUP Options -Indexes
Order allow,deny Allow from all </Directory>|
Re: Disabling access for git to specific Directory with Apache Basic Authentication [ In reply to ]
On Thursday 23 July 2020 at 22:13:38, qvc99@gmx.de wrote:

> I have git setup with my Apache2 server and it serves git request just
> fine. Now I want to setup Basic Authentication for this, so not
> everybody can use every directory. My goal is that only the ADMIN group
> has access to the complete `/var/www/html/git` directory and my GITGROUP
> can access *only* `/var/www/html/git/subdir` directories. However, while
> Apache is asking for credentials, with the setup (below) GITGROUP is
> still allowed to access *all* git directories. What am I doing wrong?

Maybe you could post the following in a more readable format so we have a
better idea of how to help?

> |SetEnv GIT_PROJECT_ROOT /var/www/html/git SetEnv GIT_HTTP_EXPORT_ALL
> ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <Directory
> /usr/lib/git-core> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> AuthType Basic AuthName "Authentication Required" AuthUserFile
> "/etc/apache2/.htpasswd" AuthGroupFile "/etc/apache2/groups" Require
> group ADMIN GITGROUP Order allow,deny Allow from all </Directory>
> <Directory /var/www/html/git> AuthType Basic AuthName "Authentication
> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
> "/etc/apache2/groups" Require group ADMIN Options -Indexes Order
> allow,deny Allow from all </Directory> <Directory
> /var/www/html/git/subdir> AuthType Basic AuthName "Authentication
> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
> "/etc/apache2/groups" Require group ADMIN GITGROUP Options -Indexes
> Order allow,deny Allow from all </Directory>|

Antony.

--
"640 kilobytes (of RAM) should be enough for anybody."

- Bill Gates

Please reply to the list;
please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Re: Disabling access for git to specific Directory with Apache Basic Authentication [ In reply to ]
Sorry about that, let's try that with a pastebin:
https://pastebin.com/UHcZ3KJz

On 23/07/2020 22:23, Antony Stone wrote:
> On Thursday 23 July 2020 at 22:13:38, qvc99@gmx.de wrote:
>
>> I have git setup with my Apache2 server and it serves git request just
>> fine. Now I want to setup Basic Authentication for this, so not
>> everybody can use every directory. My goal is that only the ADMIN group
>> has access to the complete `/var/www/html/git` directory and my GITGROUP
>> can access *only* `/var/www/html/git/subdir` directories. However, while
>> Apache is asking for credentials, with the setup (below) GITGROUP is
>> still allowed to access *all* git directories. What am I doing wrong?
>
> Maybe you could post the following in a more readable format so we have a
> better idea of how to help?
>
>> |SetEnv GIT_PROJECT_ROOT /var/www/html/git SetEnv GIT_HTTP_EXPORT_ALL
>> ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <Directory
>> /usr/lib/git-core> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>> AuthType Basic AuthName "Authentication Required" AuthUserFile
>> "/etc/apache2/.htpasswd" AuthGroupFile "/etc/apache2/groups" Require
>> group ADMIN GITGROUP Order allow,deny Allow from all </Directory>
>> <Directory /var/www/html/git> AuthType Basic AuthName "Authentication
>> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
>> "/etc/apache2/groups" Require group ADMIN Options -Indexes Order
>> allow,deny Allow from all </Directory> <Directory
>> /var/www/html/git/subdir> AuthType Basic AuthName "Authentication
>> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
>> "/etc/apache2/groups" Require group ADMIN GITGROUP Options -Indexes
>> Order allow,deny Allow from all </Directory>|
>
> Antony.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org