first of all it's not a good idea to use your /etc directory for the user
files, or to chmod anything to 777 that doesn't really need it.
I suggest you try the following:
Let's assume the directory you want to password-protect is at
First you would create an .htaccess file like this:

AuthName "G-ISAC Members Only"
AuthType Basic
AuthUserFile .htpasswd
require valid-user

make sure the file is world-readable:
chmod 644 /home/apache/htdocs/mydomain.com/secure/.htaccess

Now you create the users and passwords with the help of htpasswd, which is
by default installed at /usr/local/apache/bin/htpasswd. Make sure you're in
the /home/apache/htdocs/mydomain.com/secure directory, then do this (replace
"username with a user's name"):

/usr/local/apache/bin/htpasswd -c .htpasswd username

htpasswd will ask you for a password, and create the file. Now you can add
more users by doing
/usr/local/apache/bin/htpasswd .htpasswd username2

Make sure this file is world readable as well:
chmod 644 .htpasswd

Now try to go to the protected directory, it should work.
You may wonder why the .htpasswd file and the .htaccess files must be world
readable. Well, they have to be in order for the webserver to access and
check the usernames and passwords (so technically, it could also be owned by
whatever user  runs the webserver, and then be chmod to 600), but the
configuration file of the apache webserver is by default denying any
displaying of .htaccess files and .htpasswd files. Just try it, go to
http://mydomain.com/secure/.htaccess, you will see displaying them won't

Hope that helps :-)

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to