Access Permissions - Tutorial

Overview

To enable protection on the directories you wish to protect you need to create a text file named DAFAUTH.INI in each directory you wish to secure.

DAFAUTH.INI syntax

The syntax of DAFAUTH.INI file is:

[<section name1>]
<entry1>=enable or disable
<entry2>=enable or disable

[<section name2>]
<entry1>=enable or disable
<entry2>=enable or disable

<section name> can be one of the following:

Section [PreAuthentication]:
This section is processed before any other section.

Section [<file name>]:
This section define permissions for the file <file name>.

Section [Directory]:
This section defines the default permission for every file in the directory for which no specific permissions are defined in DAFAUTH.INI.

<entry> can be one of the following :

<Group name>:
This may be any group defined in the user list.

<User name>:
This may be any user defined in user list file.

Everybody:
All web users (authenticated or not).

Anonymous:
Anonymous WEB user.

Authenticated:
A username from the user list file.

default:
Last entry called for the current section.

DAFAUTH.INI files samples

In most cases, there are several ways to setup a unique access configuration for a directory. The following samples show only one unique access for each configuration.

• For all files in the directory, access is granted to any authenticated users, and denied to all anonymous users:
  
  ------------- begin file DAFAUTH.INI ---------------
  
  [PreAuthentication]
  Anonymous=disable
  Authenticated=enable
  
  ------------- end file DAFAUTH.INI -----------------
  
  
• In a public directory, access to NEWS.HTM is granted for group "group1" only.
  Access to other files is free:
  
  ------------- begin file DAFAUTH.INI ---------------
  
  [NEWS.HTM]
  group1 = enable
  default = disable
  
  [Directory]
  everybody = enable
  
  ------------- end file DAFAUTH.INI -----------------
   
  
• In a protected directory, access to NEWS.HTM is free. Access to other files is
  limited to group "grp1":
  
  ------------- begin file DAFAUTH.INI ---------------
  
  [NEWS.HTM]
  everybody = enable
  
  [Directory]
  grp1 = enable
  
  ------------- end file DAFAUTH.INI -----------------
  
  
• Access to "GOLD.HTM" is granted to only group "goldgrp"
  Access to all files (except GOLD.HTM) is granted to group "members."
  Anonymous users can access only REGISTER.HTM:
  
  ------------- begin file DAFAUTH.INI ---------------
  
  [register.htm]
  everybody=enable
  
  [gold.htm]
  goldgrp=enable
  
  [Directory]
  members=enable
  
  ------------- end file DAFAUTH.INI -----------------

Sequence followed to process authentications

If there IS NOT a file DAFAUTH.INI in the directory:

Access is GRANTED for every request for all groups.

If there IS a file DAFAUTH.INI in the directory:

1. The search stops after the first explicit right (enable or disable) is found.
2. The order in which sections and entries in DAFAUTH.INI are listed does not make a difference.
3. If no explicit right (enable or disable) is found, access is denied.

Order followed to search for rights:

1. Section [PreAuthentication],
2. Section [<file requested by the WEB user>] (the long file name must be used)
3. Section [Directory]

For each section, entries are sought in the following order:

1. Everybody
2. Anonymous
3. Authenticated
4. Groups to which the current WEB user belongs
5. The WEB user itself
6. DAFAccount
7. Default

Philippe Tenenhaus
Version: 1.0 - 09/22/98