certificate_group_checker
An example .htaccess
file and a simple Python CGI script that uses
SSL client certificates with a specified group membership to return
files in a local directory.
If you put these files in a directory served by Apache (and Apache is
configured with the correct CSAIL server certificate and allows
.htaccess
overrides), you can use get.py
as a secure way to get
files in that directory.
Example:
Files in /afs/csail/group/cgs/www/data/
are served at
https://groups.csail.mit.edu/cgs/
by TIG (update: and now also at
http://cgs.csail.mit.edu as our main group
site).
Access to files in the slides
subdirectory is done by using
get.py
, for instance:
https://groups.csail.mit.edu/cgs/slides/get.py?file=20150311_Matt.pdf
Remember to lock down AFS so that other users can't see the files.
You need to have permissions for a group to write there (cgs
for us)
and for the web server to read the directory (www
in CSAIL). As a
reference:
groups2014:/afs/csail/group/cgs/www/data/slides$ fs la
Access list for . is
Normal rights:
cgs rlidwk
cgs-admin rlidwka
www rl