Controlling Group Read Access to a Directory

Question: I would like to restrict a web page so just my class can get in and see the contents.
Answer: The easiest way to do want you want is to make a separate directory in class www.udel.edu server directory. This way you can have a publicly available class page and a private page just for currently enrolled students. There are two ways you or any user on copland can potentially get to the pages in this directory (1) over the web or (2) from their copland account. For example, if you class directory name is ENG101 and your private directory name is spring98, then you can get to it using any web browser and the
URL = http://www.udel.edu/ENG101/spring98/
or from your copland account using the full directory name
directory = /www/htdocs/ENG101/spring98/
It is important to restrict access to this directory for both Web users and copland users. If you are using the Netscape edit/publish feature of Netscape composer then you need to set the publish URL to
URL = ftp://copland.udel.edu/www/htdocs/ENG101/spring98/
this is because ftp on copland can write to the files using the full directory name.

Once the directory is created, using the mkdir Unix command, you must do several things to safely restrict it to just your class.

  1. Put the www account name in the file access control list so the information will be available on the web.
  2. Put a special file called .htaccess in this directory so that only students in your class can get to the pages in this directory.

Initial Commands to set the access on the directory

Here we assume you already have a class directory (ENG101). Enter the following Unix commands to create and set the access to a new directory (spring98) for your class (project 0217).
[1]% cd /www/htdocs/ENG101/ [2]% mkdir spring98 [3]% setfacl -r -m u:www:r-x spring98 [4]% echo "AuthType Basic\ <limit GET>\ require group 0217\ </limit>" > spring98/.htaccess [5]% chmod a+r spring98/.htaccess
Here is an explanation of these 5 command:
[1]% cd /www/htdocs/ENG101/
This changes to your group directory, you must have execute access to this directory.
[2]% mkdir spring98
This will make a new directory in you home directory. You must have write access to your spring98 directory to do this and the class directory name must be new.
[3]% setfacl -r -m u:www:r-x spring98
This set file access control command will set things so the www user can get to your pages. This is necessary so your students can use a local web browser on a PC or Mac to get to the files.
[6]% echo ... > spring98/.htaccess
The echo command will write a file with four lines.
AuthType Basic <limit GET> require group 0217 </limit>
You can use an editor like pico to put these lines in the file if you prefer. Replace 0217 with the project number of your class.
[7]% chmod o+r spring98/.htaccess
Finally, the new .htaccess file must be readable to others so the www user can read it and decide whether or not a web browse can get to your information.

Start with the index.html file.

The index.html is the special name used for the main html file which your students will see when they enter your private web page. As the name implies, this usually has links to the various parts of your web page.

Here are the commands to set up the index.html. Issue these commands from inside the spring98 directory. (Use the cd command to change to this directory if you are not already in it.)
[1]% touch spring98/index.html [2]% chmod a+r spring98/index.html
Here is an explanation of these 2 command:

[1]% touch spring98/index.html
This touch command will create an empty file named index.html
[2]% chmod a+r spring98/index.html
This is the change permission mode command on the index.html file to allow "all read" and "group write".

What can you do now?

New Files This is all you need to get going. You should start by putting something interesting in the index.html file. This can point to graphics and other html files, which need to be added to the directory. This file may also contain a frameset if you are using frames. If you need graphics, you can create the graphics anyplace you like, and then use ftp to transfer the graphics files to this location.

The graphics and new html files should be tested before they are added to the index.html file. You can test them by typing the full location name in the Netscape "location" window. Once they are tested they can be added to the common index.html file.

Whatever method you use to put files in the directory, check to make sure your files are readable to all, so your students can see the files with a Web browser. You can set the permissions on all files in your directory with the one command: chmod a+rX your class directory/* to correct the permission modes. This command just needs to be done if you have new files, since the Netscape publishing does not change the permission modes on existing files.

Changing Files With this set up each user can create, rename and modify any file in the group directory. It is easy to destroy some other member's work, so be careful. If two members simultaneously download the same file to their PC for editing then one will be surprised to see their modifications lost when the older modified version is loaded by the other member. This should not be too much of a problem if all changes to common files are are kept short, and longer changes are put in separate files that only one member is working on. In the worst case, you may need to make your changes again.
New directories If you want to add a subdirectory to organize your information even further. This is done with the Unix mkdir command just as above. The directories should be executeable and setgroup bit set. The Unix command for correct directory permission modes is: chmod a+rX directory name