You are responsible for setting up password protection for your web
site
http://www.cs.dal.ca/~yourLoginName
You should place your files for assignment N in subdirectory
3136/aN-x in your web site, where x is a random string of length
at least 8.
The due time is midnight of the due date, as per the time stamp
on the files.
The assignment will receive zero if the time stamp of any file is
after the due time, or if the subdirectory access is improperly set.
The following are detailed instructions on how to do this.
Instructions on how to password protect your web page
-------------------------------------------------------
1. Telnet to borg.cs.dal.ca
2. Create password protection for your web site using commands a-f:
(you can cut these commands from your browser and paste them into
telnet to save typing. Use the delete key in telnet to edit your
commands).
a. mkdir public_html
cd public_html
mkdir 3136
cd 3136
mkdir a1-x
b. cp ~eem/www/3136/passfiles/htaccess .htaccess
c. cp ~eem/www/3136/passfiles/htpasswd .htpasswd
d. /opt/apache/bin/htpasswd .htpasswd yourLoginName
e. chmod go+rx .htaccess
f. chmod go+rx .htpasswd
g. edit .htaccess to have the current directory (the one you
are protecting) shown in its first line.
The "htpasswd" command (d) will ask you for a password that protects
your web pages for user yourLoginName. You can supply the same or a
different password from the one you chose in step 3. Using a different
password is recommended for better security. The default htpasswd file
copied over in step (c) already contains user inst and its
password. Executing the "htpasswd" command (d) will add user
yourLoginName with your specified password.
3. Check that files .htaccess and .htpasswd have the right form after
reading the following explanation. Syntactically incorrect files will
prevent everyone from accessing the web sites.
EXPLANATION
Password protection involves the installation of two files in your
public_html directory, ".htaccess" and ".htpasswd". Both file names
start with a . for a reason too obscure to mention here.
".htaccess" contains information about the user names allowed to
access this web site, and about the location of the password
file. ".htaccess" does not contain the passwords.
".htpasswd" contains a list of user names allowed and the associated
passwords in encrypted form.
The "cp" command copies the .htaccess file already created for you
into the right place.
The htpasswd command adds to the default password file (containing
the inst user and a password, for use by the instructors), user
yourLoginName and your own password.
Typical .htaccess and .htpasswd files are shown below
%%%%%%%%%%% .htaccess File %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
AuthUserFile /users/cs/yourLoginName/public_html/.htpasswd
AuthGroupFile /dev/null
AuthName "yourLoginName"
AuthType Basic
require user inst
require user yourLoginName
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%% .htpasswd %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
inst:XNoRKkAlskb2.
yourLoginName:sdlwerxller
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
TO PASSWORD PROTECT A WEB PAGE FROM SCRATCH
1. copy the above .htaccess file to the directory to be protected
2. fix the pathname of AuthUserFile
3. put a suitable message for AuthName
4. edit/add one such line for each userid
require user xxx
5. run for each userid
/opt/apache/bin/htpasswd .htpasswd xxx
to add the password
6. run
chmod go+rx .htaccess
chmod go+rx .htpasswd
ADVANCED PROTECTION
If you would like to restrict access to a portion of your web
hierarchy, you can do this with the .htaccess file. The .htaccess file
is placed in the directory in which you wish to restrict access. Here
is a sample .htaccess file for restricting access to web pages to York
addresses:
order deny,allow
deny from all
allow from .yorku.ca
In this example, first all hosts are denied access, and then the
"allow" line allows accesses from York machines only. If you allow
".cs.yorku.ca", this allows access to your web pages from only
Computer Science machines. If you allow access to "milo.cs.yorku.ca",
this allows access to your web pages from only the specific machine
milo. The .htaccess file affects all the web pages created underneath
the directory where the .htaccess file resides.
Troubleshooting
If you cannot access your protected directory, check that the
permissions are such that the web server can access your course
directory. Mode 755 is best.
If you get a "forbidden" message when trying to access your course
web page, it may be that the file is not readable, or you may have
used a .htaccess file to limit access and you may have excluded your
own access.
SETTING UP PERMISSIONS FOR WEB FILES AND DIRECTORIES
* Check that the permissions are such that the web server can get into
the newly created directory. A mode of 755 (go+rx) is a good standard mode to
use for your web directory.
$ ls -ld 4352
drwx------ 9 bob faculty 512 Nov 19 13:12 4352/
$ chmod 755 4352
$ ls -ld 4352
drwxr-xr-x 9 bob faculty 512 Nov 19 13:12 4352/
* Place a Welcome.html or index.html file in the new directory as the
home page for the course. This way if someone points to the directory
does NOT get a listing of all the files in it.
* Make sure that the home page is readable by the web server. Mode 644
(go+r) is a good standard mode for web files.
$ ls -al index.html
-rwx------ 1 bob faculty 1527 Nov 19 13:13 index.html
$ chmod 644 index.html
$ ls -al index.html
-rw-r--r-- 1 bob faculty 1527 Nov 19 13:13 index.html
****************************************************************
* To prevent UNIX users from being able to find out the names of the
files in your directory by just listing them, remove "read" permission
for group and others for the directory itself, for example:
chmod go-r Faculty
This way only if a UNIX user knows the exact filename in the protected
directory "Faculty" can he access it. That's why you are asked to
give a semirandom name to your assignment directories.
****************************************************************