LinHES Forums
http://forums.linhes.org/

How to enable web security with R6?
http://forums.linhes.org/viewtopic.php?f=21&t=20844		 Page 1 of 1
Author:  ceenvee703 [ Sat Feb 13, 2010 9:20 pm ]
Post subject:  How to enable web security with R6?
How does one do this from the command line when one doesn't have access to the service menu?

Thanks.
Author:  Martian [ Sun Feb 14, 2010 7:25 am ]
Post subject: 
You should be able to set / change the web password by editing /etc/lighttpd/lighttpd.user

The format is:

user:pass
other-user:pass

for example:

mythtv:secret
ceenvee703:supersecret


Then be sure to restart lighttpd with: sv restart lighttpd

Hope this helps!

Martian
Author:  ceenvee703 [ Sun Feb 14, 2010 10:59 am ]
Post subject: 
Martian, thanks for the help. Unfortunately I think I need to edit something else besides creating that lighttpd.user file.... I added that and I got no prompt for a password when trying to access the server.

I then went into lighttpd.conf and about line 295 (in mine anyway) there's a section for "auth module" that was all commented out. I can uncomment the first three lines (auth.backend, auth.backend.plain.userfile and auth.backend.plain.groupfile) and everything's fine, but if I uncomment the "auth.require" section the webserver gives me "unable to connect" errors.

It also takes suspiciously long to do the "sv restart lighttpd" after uncommenting that section, and I have to do it three or four times to get it to give me an "ok" prompt (it says "timeout: down lighttpd: 1s, normally up, want up" when it doesn't restart).

I'll nose around some more about editing lighttpd.conf for authentication, but if you have it working and can check that part of your lighttpd.conf file, I'd appreciate it. Thanks again.
Author:  Martian [ Sun Feb 14, 2010 1:19 pm ]
Post subject: 
Ah yes, I think I know what the problem is. I also have a file named "auth-inc.conf"

which contains:

Code:
auth.backend               = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"


auth.require               = ( "/mythweb" =>
                               (
                                 "method"  => "basic",
                                 "realm"   => "MythWeb",
                                 "require" => "valid-user",
                               )
                             )


You can replace "valid-user" with "user=your username"

You will need to have the following line in your lighttpd.conf (mine is just after #### include)

Code:
include "/etc/lighttpd/auth-inc.conf"


Hopefully I haven't forgotten anything else.

Martian
Author:  ceenvee703 [ Sun Feb 14, 2010 7:49 pm ]
Post subject: 
Thanks, that got me 99% of the way there. I already had the "auth-inc.conf" file and it contained the same code yours did.

My lighttpd.conf file also had the include line, but it was commented out, so I uncommented and restarted. Still no luck.

Then I realized I still had those other auth module lines uncommented at line 295. I recommented those and viola, authorization was working.

Thanks again for the help.
Author:  Martian [ Mon Feb 15, 2010 8:46 am ]
Post subject: 
Great!!! - Glad to hear you got it.

I case you want to take this a little further - to secure phpMyAdmin perhaps? you can do something like this:

Code:
auth.backend               = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"


auth.require               = ( "/mythweb" =>
                               (
                                 "method"  => "basic",
                                 "realm"   => "MythWeb",
                                 "require" => "valid-user",
                               ),

                               "/phpMyAdmin" =>
                               (
                                 "method"  => "basic",
                                 "realm"   => "phpMyAdmin",
                                 "require" => "user=myuser",
                               ),

                               "/torrent" =>
                               (
                                 "method"  => "basic",
                                 "realm"   => "Torrents",
                                 "require" => "user=myuser",
                               )
                             )


I'm running rutorrent (which is a web frontend to rtorrent) which is why I have the /torrent section.
Author:  ceenvee703 [ Mon Feb 15, 2010 1:52 pm ]
Post subject: 
Just to confirm, if I wanted to authenticate everything, rather than directory by directory, I could just change "/mythweb" to "/" ?
Author:  Martian [ Mon Feb 15, 2010 2:04 pm ]
Post subject: 
ceenvee703 wrote:
Just to confirm, if I wanted to authenticate everything, rather than directory by directory, I could just change "/mythweb" to "/" ?


I believe that will work although I haven't tried it.

The Lighttpd way is fairly new to me, I'm used to .htaccess files in Apache. Should be easy to test and see though.

Martian
Author:  ceenvee703 [ Mon Feb 15, 2010 3:44 pm ]
Post subject: 
Yep, that was it. Thanks again.
Author:  alien [ Tue Feb 16, 2010 2:40 am ]
Post subject: 
I opened a flyspray to enable security on all pages a while ago. In lists the necessary changes.

http://linhes.org/flyspray/index.php?do ... ask_id=421
Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/