www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Birnbaum <dav...@flatiron.org>
Subject mod_auth-any/735: require user/require group step on each other
Date Fri, 13 Jun 1997 15:40:01 GMT

>Number:         735
>Category:       mod_auth-any
>Synopsis:       require user/require group step on each other
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jun 13 08:40:00 1997
>Originator:     davidb@flatiron.org
>Release:        1.2
SunOS spaten 5.5.1 Generic_103640-03 sun4m sparc SUNW,SPARCstation-20
built with gcc
Not sure if this is a bug or a feature - in trying to set up require's to limit
access, one finds that "require user" and "require group" step on each other in
a non-intuitive (for me) way.  For example, one might expect that:

  require user davidb
  require group foo

would allow the user davidb in and anybody in group foo in.  However, davidb is
denied access unless he is a member of foo.  Thus, it appears that "require user"
directives are ignored if a "require group" directive exists.
See above.
Logically, I would prefer that the requires be done as the union of all
possibilities.  Otherwise, it seems to make sense that the user should override
group.  At the very least, the documentation might state that fact.

Great work on the server - please keep it up%2

View raw message