Welcome to WebmasterWorld Guest from 220.127.116.11
Not quite sure on where this one should go. I have a small application on my hosts server (Unix), that has about 10 regular html/php pages. The admin needs access to all pages, while users should only be able to view certain pages.
Rather than go into detail and get everyone confused, what might be some ways to approach this? Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?
Thanks for any help on this!
Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?
This will depend on the method you choose to restrict access. You could do it at the application level, web server level, or even the filesystem level.
At the application level youŽd determine at login time which access level the user has. Then when a request comes in youŽd check whether the userŽs access level is high enough to be granted access to the requested resource.
At the webserver level you could use AuthGroupFile [httpd.apache.org] and AuthUserFile [httpd.apache.org] to tell [url=http://httpd.apache.org/]Apache [httpd.apache.org][/url] about your users and groups and then Require [httpd.apache.org] the right user or group to access a directory.
At the fs level you could use a setuid wrapper script that will assume the required identity to access its files on the server.