Re: previous message.

Emanuel Knill (knill@c3serve.c3.lanl.gov)
Thu, 14 Oct 1993 09:20:47 -0600


In-reply-to: Your message of "Wed, 13 Oct 1993 22:23:42 CDT."

--------
>From: robm@ncsa.uiuc.edu (Rob McCool)
>Subject: Re: previous message.

About NCSA httpd by directory access controls:

>Also, if you have any suggestions for the access setup as far as making it
>less confusing, or more powerful, send them this way. We don't use them at
>all on our server, so I really don't have much of an idea of what people
>want.
>

On our system basically everyone is able to link in any
information they want in controlled subdirectories
using a couple of perl scripts to generate listings.html.
I set this up just before you came out with the ~username
feature. I was hoping to disable features
such as <inc srv...> where arbitrary users can
add their scripts, but not disable access control.
That way a user can further restrict access if they want.

I would have liked it if there was an ordering
on access controls (less strict than) such that
local access in a directory is determined
by the strictest restriction in this directory or a parent directory.
Following symbolic links is determined by the access restriction
in the directory where the symbolic link is found (I think
this is almost how it works now, though an entry
with Options None for directory x in access.conf will deny
access to the directory if the directory itself is a symbolic
link). Anyway, consistent access operation of this nature
could be easily described, simply by specifying the
strictness ordering on access types.
On the other hand, it is desirable to be able
to override parent's access control locally to some extent, even
if that complicates things a bit.
One possibility is to have a modifier for each access type,
depending on whether it can be overridden in subdirectories.

Before I think more about it, what are your priorities?
How are these by directory access controls going to interact
with the access controls which are part of the http/1.0 spec?
How much interest in these types of access controls is there?

Manny