Disabling access for git to specific Directory with Apache Basic Authentication

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Disabling access for git to specific Directory with Apache Basic Authentication

qvc99@gmx.de

I have git setup with my Apache2 server and it serves git request just fine. Now I want to setup Basic Authentication for this, so not everybody can use every directory. My goal is that only the ADMIN group has access to the complete `/var/www/html/git` directory and my GITGROUP can access *only* `/var/www/html/git/subdir` directories. However, while Apache is asking for credentials, with the setup (below) GITGROUP is still allowed to access *all* git directories. What am I doing wrong?


SetEnv GIT_PROJECT_ROOT /var/www/html/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Directory /usr/lib/git-core>
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AuthType Basic
    AuthName "Authentication Required"
    AuthUserFile "/etc/apache2/.htpasswd"
    AuthGroupFile "/etc/apache2/groups"
    Require group ADMIN GITGROUP

    Order allow,deny
    Allow from all
</Directory>
<Directory /var/www/html/git>
    AuthType Basic
    AuthName "Authentication Required"
    AuthUserFile "/etc/apache2/.htpasswd"
    AuthGroupFile "/etc/apache2/groups"
    Require group ADMIN
    Options -Indexes

    Order allow,deny
    Allow from all
</Directory>
<Directory /var/www/html/git/subdir>
    AuthType Basic
    AuthName "Authentication Required"
    AuthUserFile "/etc/apache2/.htpasswd"
    AuthGroupFile "/etc/apache2/groups"
    Require group ADMIN GITGROUP
    Options -Indexes

    Order allow,deny
    Allow from all
</Directory>


Reply | Threaded
Open this post in threaded view
|

Re: Disabling access for git to specific Directory with Apache Basic Authentication

Antony Stone
On Thursday 23 July 2020 at 22:13:38, [hidden email] wrote:

> I have git setup with my Apache2 server and it serves git request just
> fine. Now I want to setup Basic Authentication for this, so not
> everybody can use every directory. My goal is that only the ADMIN group
> has access to the complete `/var/www/html/git` directory and my GITGROUP
> can access *only* `/var/www/html/git/subdir` directories. However, while
> Apache is asking for credentials, with the setup (below) GITGROUP is
> still allowed to access *all* git directories. What am I doing wrong?

Maybe you could post the following in a more readable format so we have a
better idea of how to help?

> |SetEnv GIT_PROJECT_ROOT /var/www/html/git SetEnv GIT_HTTP_EXPORT_ALL
> ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <Directory
> /usr/lib/git-core> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> AuthType Basic AuthName "Authentication Required" AuthUserFile
> "/etc/apache2/.htpasswd" AuthGroupFile "/etc/apache2/groups" Require
> group ADMIN GITGROUP Order allow,deny Allow from all </Directory>
> <Directory /var/www/html/git> AuthType Basic AuthName "Authentication
> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
> "/etc/apache2/groups" Require group ADMIN Options -Indexes Order
> allow,deny Allow from all </Directory> <Directory
> /var/www/html/git/subdir> AuthType Basic AuthName "Authentication
> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
> "/etc/apache2/groups" Require group ADMIN GITGROUP Options -Indexes
> Order allow,deny Allow from all </Directory>|

Antony.

--
"640 kilobytes (of RAM) should be enough for anybody."

 - Bill Gates

                                                   Please reply to the list;
                                                         please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [users@httpd] Disabling access for git to specific Directory with Apache Basic Authentication

qvc99@gmx.de
Sorry about that, let's try that with a pastebin:
https://pastebin.com/UHcZ3KJz

On 23/07/2020 22:23, Antony Stone wrote:

> On Thursday 23 July 2020 at 22:13:38, [hidden email] wrote:
>
>> I have git setup with my Apache2 server and it serves git request just
>> fine. Now I want to setup Basic Authentication for this, so not
>> everybody can use every directory. My goal is that only the ADMIN group
>> has access to the complete `/var/www/html/git` directory and my GITGROUP
>> can access *only* `/var/www/html/git/subdir` directories. However, while
>> Apache is asking for credentials, with the setup (below) GITGROUP is
>> still allowed to access *all* git directories. What am I doing wrong?
>
> Maybe you could post the following in a more readable format so we have a
> better idea of how to help?
>
>> |SetEnv GIT_PROJECT_ROOT /var/www/html/git SetEnv GIT_HTTP_EXPORT_ALL
>> ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <Directory
>> /usr/lib/git-core> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>> AuthType Basic AuthName "Authentication Required" AuthUserFile
>> "/etc/apache2/.htpasswd" AuthGroupFile "/etc/apache2/groups" Require
>> group ADMIN GITGROUP Order allow,deny Allow from all </Directory>
>> <Directory /var/www/html/git> AuthType Basic AuthName "Authentication
>> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
>> "/etc/apache2/groups" Require group ADMIN Options -Indexes Order
>> allow,deny Allow from all </Directory> <Directory
>> /var/www/html/git/subdir> AuthType Basic AuthName "Authentication
>> Required" AuthUserFile "/etc/apache2/.htpasswd" AuthGroupFile
>> "/etc/apache2/groups" Require group ADMIN GITGROUP Options -Indexes
>> Order allow,deny Allow from all </Directory>|
>
> Antony.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]