Home/ Questions/Q 7168009
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T14:41:35+00:00

Here’s what I need to do — either : include an external file in

  • 0

Here’s what I need to do — either:

  1. include an external file in my .htaccess file that resides on Server B, or
  2. parse the .htaccess file on Server A using PHP, or
  3. even a more clever solution (which I can’t dream up at this time given my limited experience with httpd.conf and apache directives)

Background

I have an .htaccess file on Server A. I set its permissions to -rw-rw-rw (0666) and build it dynamically based on events throughout the day on Server B in order to achieve certain objectives of my app on Server A. I have since discovered that my hosting provider sweeps their server (Server A) each night and removes world writable files files and changes their permissions to 0664. Kudo’s to them for securing the server. [Please no comments on my method for wanting to make my .htaccess file world writeable — I truly understand the implications]

The .htacess file on Server A simply exists to provide Shibboleth authentication. I state this because the only aspect of the apache directives that is dynamic is the Require user stack.

Is it possible to include the “user stack” that resides on Server B in my .htaccess file that resides on Server A?

Or can I parse the .htaccess file on Server A via the PHP engine?

Thanks for helping my solve this problem.

Here’s what the .htaccess looks like:

AuthType shibboleth
AuthName "Secure Login"
ShibRequireSession on
Header append Cache-Control "private"
Require user bob jill steve

All I want to do is update the bob jill steve list portion of the file each and every time I add/change/delete users in my application in an effort to make my Shibboleth required users (on Server A) synch with my MySQL/PHP web app (living on Server B).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s how I solved the problem a few days ago.

    Given my HSP sweeps the server every night and changes any world writable file to 664 I thought about a different approach.

    I did this:

    1. during the day I made the directory containing my non-writable .htaccess file to 0777
    2. then I deleted my .htaccess file
    3. then I re-ran my script — my fopen() command uses mode “w” (so I thought…if the file doesn’t exist right now, why not let my php script create it brand new.)
    4. because I said somewhere above here that my php runs as “nobody” — voila!!!! I now had a file owned by nobody in the directory

    Later that night my HSP swept the server and changed my directory from world writable — but no big deal … I got my .htaccess file owned by “nobody’ and I can update the Require user directive automatically.

    Thanks for everyone’s help on this.

    • 0