[pmwiki-users] private group access question(s)

Neil Herber nospam at mail.eton.ca
Fri Mar 4 12:41:51 CST 2005 

At 2005-03-04  11:38 AM -0600, Patrick R. Michaud is rumored to have said:
>On Fri, Mar 04, 2005 at 11:26:31AM -0500, Neil Herber wrote:
> > I am running a password-protected PmWiki for a client. All users are
> > granted access via Apache basic authentication. I have a group called
> > "Private" which is used to store information that only my direct client 
> and
> > I can access (I assigned a read password to the group). However, seeing 
> the
> > Private group requires re-entry of the user's password, which is a pain.
> >
> > What magic bits of PHP can I add to config.php so that:
> >         if authorized username is "Neil" or "Bob"
> >                 allow access to Private group
> >         else
> >                 do not allow access
> >         endif
>
>When you indicate that users are granted access via Apache basic
>authentication, do you mean literally .htaccess files, or basic
>authentication through PmWiki's httpauth.php script?

I do mean .htaccess file-like authorization (no wiki scripting). However, I 
have chosen *not* to enable .htaccess files but have instead used Auth and 
Require statements in httpd.conf.


>Are there any other passwords on the Private group that I would
>need to be aware of, or just the read password on the entire
>group?

I have only put on a read password. There is a "global" attr password 
restrcited to me alone, since there is no need for others to protect pages.


>Assuming you're using .htaccess authentication, the basic
>answer is going to be something along the lines of:
>
>     if (@$_SERVER['REMOTE_USER'] != 'Neil'
>         && @$_SERVER['REMOTE_USER'] != 'Bob')  { ... }
>
>but I'm not quite sure what to put in the { ... } yet.

Hmmm ... whatever will alllow Neil and Bob to use pages in the Private 
group just like all the other pages (read, edit, upload).
And whatever will prevent others from accessing the group. I already have 
(:pagelist:) and (:searchbox:) suppression for the group.

> > One solution I can think of is to add an access restriction to Apache:
> >         <Directory "X:/path/to/wiki/Private">
> >                 AuthType Basic
> >                 AuthName "Private"
> >                 AuthUserFile userfile.name
> >                 AuthGroupFile groupfile.name
> >                 Require group private
> >         </Directory>
>
>Alas, probably not.  Since there is no /path/to/wiki/Private directory
>on the server, the above settings would never take effect.
>You might be able to get away with

Good point! I was thinking of a similar setup I used for access to the 
(nested) upload directories. But of course, there is no "Private" 
directory. I would need to do a URL match thingy. All the more reason to 
use PmWiki itself!

>     <Location "/url/to/wiki/Private">
>         ...
>     </Location>
>
>but even here I wouldn't make a strong bet on it working.
>
>Pm

Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668

More information about the pmwiki-users mailing list