PDA

View Full Version : Question about .htpasswd



avila
10-02-2003, 09:26 PM
I just noticed while editing files with FTP that .htpasswd for one of my sites is in /www/ .

This is a bit alarming. I thought .htpasswd should be in /home/ directory. It's not in /home/ and I'm not sure whether I can delete it from /www/ or not.

Any ideas?

Thanks in advance.

wildjokerdesign
10-02-2003, 10:41 PM
Have the same here when I look in the Remote Site window it shows I am in /var/local/apache I imagin this is for perhaps sitmanger access. I would not delete it. I still have not been able to figure out all the directories and sym link stuff.

Shawn

jalal
10-03-2003, 04:06 AM
.htpasswd is accessed by .htaccess files.

I have two .htpasswd files on my VDS, one at /usr/local/apache/ and the other at /etc/httpd/. The second is a symlink to the first. It contains the password for my account logon.

There are about 20 .htaccess files on the VDS, those with a password file entry all point to /usr/local/apache/.htpasswd

To check which, if any , .htaccess is pointing to the .htpasswd, you could try running this from the SSH:

$ find / -name ".htaccess" -exec grep -H ".htpasswd" {} \; 2>/dev/null

and look at the output.

If none of the .htaccess files is using the .htpasswd file, it *should* be possible to remove it. (I'm not 100% sure on that tho, so tread carefully).

More on .htaccess/.htpasswd in the Apache docs (probably at apache.org)

HTH

FZ
10-03-2003, 11:59 AM
Avila,

That /www folder in itself is not the folder that is accessible from the web. That file is the "central" password storage file - it stores your "global" password - i.e. the password for your Site Manager, main POP3, FTP and SSH. Do NOT remove it! It's in a central location so that when you change your (main) password, only that file is updated and the changes are global across the things mentioned above.

jalal
10-03-2003, 01:32 PM
You're right Fayez, '/www' is just a symlink from '/usr/local/apache'.

So, yes, ya need it!

The 'actual' file tho is at /usr/local/apache/.htaccess

avila
10-04-2003, 11:29 PM
Avila,

That /www folder in itself is not the folder that is accessible from the web. That file is the "central" password storage file - it stores your "global" password - i.e. the password for your Site Manager, main POP3, FTP and SSH. Do NOT remove it! It's in a central location so that when you change your (main) password, only that file is updated and the changes are global across the things mentioned above.

Thank you, Fayez. My concerns were that .htpasswd could be viewed in a browser window, and secondly, that .htpasswd might be accidentally deleted by one of our users in the /www/ directory. Thankfully, neither of these scenarios are possible as far as I can determine.