Grant HTTP access based on unix user group

Posted on

Grant HTTP access based on unix user group – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, apache-2.2, , , .

Is it possible to grant network access or HTTP access based on a user’s group?

At my company we want to set up an internal composer server using Satis to manage packages for the projects we write (e.g. on repository.mycompany.com), with the packages themselves in our SVN server (svn.mycompany.com). We have several webservers with many different users on them. Some users should be able to reach the composer and SVN server. Some should not. Users that should be able to reach these servers all belong to the same group.

How can I set up Apache on the Composer and SVN server to only grant access to those users in that group? Alternatively, can I set up the webservers in such a way that only users from that group are able to make a connection to our Composer and SVN servers?

The best thing we have come up with so far is using SSL client certificates. We simply place a client certificate on all servers which can be used to access Composer and SVN. Only the right usergroup will have read access to the certificate. A bit clunky but it may work. But I’m looking for something better.

Solution :

If you are talking about remote users, then this is tricky – HTTP authentication does not depend upon the Unix authentication/authorization system.

mod_auth_pam provided the functionality you need but is no longer being developed and doesn’t work in apache>2.1 meaning you’d have to use a pwauth based solution – you’ll also need to configure a custom pam stack to restrct access to the nominated group(s)

Leave a Reply

Your email address will not be published. Required fields are marked *