[Moin-user] (no subject)
Adam Shand
adam at personaltelco.net
Mon Aug 26 13:26:03 EDT 2002
On Mon, 2002-08-26 at 12:44, jon schull wrote:
> Is there any problem with password protecting a whole moinmoin site so only
> a select few can read OR write?
> (This is to begin as a private collaboration space.) ?
Hey Jon :-)
There is no problem with restricting access via apache's directives. I
already do this for a sub-set of our pages using apache's regex stuff.
(note that it's not bullet proof).
<LocationMatch "Node[0-9]+Details">
AuthType Basic
AuthName "Restricted To The Special Ops Team"
AuthUserFile /etc/apache/htpasswd
AuthGroupFile /etc/apache/htgroup
<limit GET POST PUT DELETE>
require group ops
</limit>
</LocationMatch>
However since moin uses the same CGI for read/write access you can't do
read only access via the mechanism, it's pretty much all or nothing.
One mechanism you can do (that I haven't played with yet) is to restrict
access to POST using apache to stop submits. Also with recent moin's
you can "chmod 444" on files to make them globally read only and moin
deals with this gracefully.
Also there is the beginning of a framework for doing these sorts of
things from with moin but as of yet there is no documentation/examples
that I've been able to follow. Perhaps your python foo is stronger then
mine :)
Adam.
--
"Make the invisible visible. Let people see." -- Bruce Sterling
More information about the Moin-user
mailing list