Join Log in
Score:0
Anish G. avatar Server

Apache 2.4 unixgroup authentication not working

tr flag
Anish G.

Require unix-group is not working for me when configuring the VirtualHost for my Apache server. Whenever I log in using pwauth, the server still authenticates users who are not members of the group that I specify. The attempted changes to /etc/apache2/sites-enabled/000-default.conf can be shown below:

<VirtualHost *:80>
    ServerAdmin ratman@localhost
    DocumentRoot /var/www/aperture-apache-server

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    AddExternalAuth pwauth /usr/sbin/pwauth
    SetExternalAuthMethod pwauth pipe
    
    <Directory /var/www/aperture-apache-server/employees>
            Options Indexes FollowSymLinks MultiViews
            IndexIgnore ..
            IndexOptions FancyIndexing
            DirectoryIndex index.html /employees/_h5ai/public/index.php
            
            AuthType Basic
            AuthName "Login"
            AuthBasicProvider external
            AuthExternal pwauth
            
            Require valid-user
            Require unix-group aperturestaff
    </Directory>
</VirtualHost>

So, I decided to switch away from mod_authnz_unix_group to a more primitive method: the unixgroup binary that you can install alongside pwauth. I ran chmod u+s pwauth on it and moved it to /usr/sbin/. My resultant configuration changes to /etc/apache2/sites-enabled/000-default.conf are shown below:

<VirtualHost *:80>
    ServerAdmin ratman@localhost
    DocumentRoot /var/www/aperture-apache-server

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    AddExternalAuth pwauth /usr/sbin/pwauth
    SetExternalAuthMethod pwauth pipe
    AddExternalGroup unixgroup /usr/sbin/unixgroup
    SetExternalGroupMethod unixgroup environment
    
    <Directory /var/www/aperture-apache-server/employees>
            Options Indexes FollowSymLinks MultiViews
            IndexIgnore ..
            IndexOptions FancyIndexing
            DirectoryIndex index.html /employees/_h5ai/public/index.php
            
            AuthType Basic
            AuthName "Login"
            AuthBasicProvider external
            AuthExternal pwauth
            GroupExternal unixgroup
            
            Require valid-user
            Require group aperturestaff
    </Directory>
</VirtualHost>

But then, Apache fails to start, saying:

Aug 22 17:43:39 aperture-mainframe systemd[1]: Failed to start The Apache HTTP Server. Subject: A start job for unit apache2.service has failed Defined-By: systemd Support: http://www.ubuntu.com/support A start job for unit apache2.service has finished with a failure. The job identifier is 2860 and the job result is failed.

Please help me configure group-based authentication on my Apache server (no, I do not want to use a .htpasswd file for protecting this directory, I want it done via VirtualHost)! I am using Ubuntu 22.04 LTS.

51
0 + 2
ws flag
symcbean
Try `apachectl configtest` and `apachectl start`. Check the error_log if the reason is not explained on stderr.
0
Reply
Anish G. avatar
tr flag
Anish G.
The error given to me when I run a config test is ```AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/000-default.conf: Unknown Authz provider: group ```
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.