Welcome, Guest. [ Log In ]
Question   Using shell commands to password protect directories
Search KBase

Related Links:
· What kind of password do you suggest I use?
· Password-Protecting Directories
· Custom 401 (Failed Authorization) error pages.

Top 5 in this Area:
1. Password-Protecting Directories
2. Using shell commands to password protect directories
3. Setting up WebDAV on Windows 2000 or Windows XP
4. Setting Up WebDAV on Mac OS X Using Finder
5. After installing XP SP2, WebDAV no longer works.

Using shell commands to password protect directories
If you don't have shell access turned on, you can still set up password protection using the Account Control Panel. If you do have telnet access turned on, you have the option to use to do the exact same thing using shell commands.

  1. First, create a text file named .htaccess in the directory which you want to limit access. This file should contain the following lines: (Replace username with your username).

    AuthType Basic
    AuthUserFile /home/username/pass
    AuthName "Members Area"
    require valid-user

  2. Next, create the password file and add your first user. In this case we've set your password file to be in your main login directory. Replace user with whatever username you wish to add.

    /usr/bin/htpasswd -c ~/pass user

  3. You will be prompted to enter the user's password and then re-enter it for confirmation.

  4. To add additional users, use the same command as above but without the '-c'. If you do use the -c option your existing password file will be over-written and you will lose any existing users you have created, so make sure you type it in correctly. For example:

    /usr/bin/htpasswd ~/pass user

  5. Edit your password file, and remove users by removing one user per line. You can do this using your own text editor, but we have also made one available that you can use from a command on the server.

    pico ~/pass

  6. You can can put a file in your main web directory called 'failed_auth.html' and it will be displayed if people enter an invalid username/password combo.

    You can remove password protection from a directory entirely by opening up the directory in question and typing in the following command:

    rm .htaccess

    Note that all files beginning with a '.' are hidden by default when FTPing or viewing a directory listing - even if the file exists in that location.

    After password-protecting your directory, you can also customize the error message users receive when they enter the wrong username and password. Read how to here.

    Last updated: Oct 14, 2004.