From: "Rodent of Unusual Size" <[EMAIL PROTECTED]>
Sent: Friday, September 07, 2001 5:25 AM
> * On 2001-08-10 at 19:43,
> Rodent of Unusual Size <[EMAIL PROTECTED]> excited the electrons to say:
> >
> > In response to a private query, I worked up a little patch
> > to add an enhancement to mod_auth: in addition to 'require valid-user'
> > and 'require user xxx yyy zzz' the enhanced version recognises
> > 'require owner'. The idea is that access is granted if the
> > user is authenticated AND matches the username of the owner of
> > the file.
I've seen similar requests for require group. While you are cautiously
modifing the 1.3 code base, would you please consider both?
I'm -1 for the similiar SymLinkIfGroupMatch semantic in 1.3 (that dir_walk
code is frankly too fragile) but I'll look at that semantic in 2.0.
Other than that, coolness, but please document that this is not a SECURE
method from a multi-user system, since anyone can create an .htpasswd file
that might cause the user to appear as a root or admin user, but is not.
This must be documented as a convience facility, not a security facility.
