If I allow a user to use a .htaccess file can that user specify who has access to his directory?
It is my understanding that you create a password file with htpassword. The user does not have access to this command.
Is there another way to create the password file or can it only be done by someone who has root access
Heh, just download another copy of htpassword and you'll be able to create your own .htaccess file. To something real about it, just write-protect the .htaccess file for anyone but root.
Just checking to see if I understand correctly,
Let's say I have some space on my ISP's server and he allows me to use an .htaccess file than I can create a password file on my linux box and copy the passwordfile into the provided webspace and i just make sure that my .htaccess points to the file?
Or do I need to put the copy of htpassword into the same directory?
What do you mean, exactly? Are you wondering if you must keep the password file in the same directory as the .htaccess file?
I want to know how to create a password file if I don't have access to the htpasswd command on the server. Let's assume that the user has only access to one personal webdirectory and he is allowed to use a .htaccess file.
I am not sure what you meant with download another htpasswd. Actually, what do I do with it after that.
It is my understanding that by default only root can use this. If the user has only access to his personal space on a webserver(probably through ftp), how would he create this password file?
Would he create it on his own linux box and then upload the password file and point the .htaccess file to it?
Hope this makes sense,
Well, I haven't used that kind of authentication myself, so I can't say for sure, but from the little I've read about it, it's a simple password hash file, which means that you should just be able to create it on your own machine and then just copy it over to the web server, and then just use it as if it were created on the web server.