Results 1 to 11 of 11

Hybrid View

  1. #1
    Join Date
    Oct 2005
    Posts
    43

    Question possible for multiple sites on same server to "share" one .htpasswd file?

    the subject pretty much sums it up, is there a method or solution for multiple websites (whic reside on the same dedicated server) to share just one .htpasswd, or automate the mirroring of said .htpasswd file?

    if so any suggestions for methodology or products that would facilitate this action would be most welcome, thx in advance friends..!


  2. #2
    Just pointing to the same .htpasswd file in "AuthUserFile" directives. Should not be a problem at all.
    LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
    Apache drop-in replacement. Triple server capacity with 10X performance increases.
    Ultimate web serving platform for WordPress, Magento and other web applications.
    Turbo charging all WordPress sites hosted on your server with a single click!

  3. #3
    Join Date
    Oct 2005
    Posts
    43
    Quote Originally Posted by mistwang View Post
    Just pointing to the same .htpasswd file in "AuthUserFile" directives. Should not be a problem at all.
    thx for your speedy reply friend, i will research the AuthUserFile reference and see what i can find. can i ask you this then... would it be possible to just have one .htpasswd located somewhere safe/deep, and have both sites use symbolic links to point to that one? the issue i have w/ just sharing one of them is that both are modified externally by scripts, so if there is a way to just have one .htpasswd file that can be modified and accessed by both websites transparently that would be ideal...

    thx again for your help and have a good one friend..!

  4. #4
    You don't have to use symbolic links, just point to the location of the file directly.

    For the sake of security, just make the .htpasswd file only readable by the user that web server run as, and run PHP and CGIs with suEXEC, so the .htpasswd file is not readable from PHP and CGI.
    LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
    Apache drop-in replacement. Triple server capacity with 10X performance increases.
    Ultimate web serving platform for WordPress, Magento and other web applications.
    Turbo charging all WordPress sites hosted on your server with a single click!

  5. #5
    Join Date
    Oct 2005
    Posts
    43
    Quote Originally Posted by mistwang View Post
    You don't have to use symbolic links, just point to the location of the file directly.

    For the sake of security, just make the .htpasswd file only readable by the user that web server run as, and run PHP and CGIs with suEXEC, so the .htpasswd file is not readable from PHP and CGI.
    thx once again for your reply, but unfortunately i cannot modify the path pointed to the current two .htpasswd's in some of the scripts in question, hence the wish to replace them both w/ symbolic links if possible, both pointing to (and being able to write to) the one real .htpasswd..

  6. #6
    You can use symbolic link if you need to. But it will not make the .htpasswd file safer in term of security.

    So, you are not using web server's builtin password protection feature, it was inside the script, right?
    Then, you have to be careful with the file permission of the .htpasswd, it has to be readable to the user that the script run as.
    LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
    Apache drop-in replacement. Triple server capacity with 10X performance increases.
    Ultimate web serving platform for WordPress, Magento and other web applications.
    Turbo charging all WordPress sites hosted on your server with a single click!

  7. #7
    Join Date
    Oct 2005
    Posts
    43
    hmm... i really need the .htpasswd to be modifiable by the scripts from either website, both to add new password pairs and to remove them, am i looking in the wrong direction here for this task? really i am trying to find a way that doesn't involve changing the existing scripts, the .htpasswd is currently set at 666 and the scripts can change it properly now, would having the symbolic links pointing to the new location w/ it also set as 666 not work then..?

  8. #8
    Quote Originally Posted by frameRelay View Post
    hmm... i really need the .htpasswd to be modifiable by the scripts from either website, both to add new password pairs and to remove them, am i looking in the wrong direction here for this task? really i am trying to find a way that doesn't involve changing the existing scripts, the .htpasswd is currently set at 666 and the scripts can change it properly now, would having the symbolic links pointing to the new location w/ it also set as 666 not work then..?
    I thought you want to secure the .htpasswd file.
    Yes, it should still work via symbolic links if permission of .htpasswd is set to 0666.
    LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
    Apache drop-in replacement. Triple server capacity with 10X performance increases.
    Ultimate web serving platform for WordPress, Magento and other web applications.
    Turbo charging all WordPress sites hosted on your server with a single click!

  9. #9
    Join Date
    Oct 2005
    Posts
    43
    Quote Originally Posted by mistwang View Post
    I thought you want to secure the .htpasswd file.
    Yes, it should still work via symbolic links if permission of .htpasswd is set to 0666.
    thx again... yes, the goal is not to enhance security per say (although i'd hate to do anything that hampered current security!) but to allow two different websites w/ their own set of .php scripts to both make changes to the one .htpasswd file on the fly, in effect mirroring changes to the file so when a user is removed on one side they lose access at the other as well (and vice-versa)... i will speak w/ my host about setting up the links in the fashion and greatly appreciate your time and insight friend..!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •