Access Control Documentation

Access Control is a simple web application for controlling separate user groups' access to a set of directories. It is released under the GPL license by Kalle Hallivuori.


  1. Overview
    1. Users
    2. Groups
    3. Directories
  2. Installation
    1. Files
    2. File Permissions
    3. Configuration
  3. Access
    1. Begin accessing
    2. Browsing directories
    3. End accessing
  4. Control
    1. Begin controlling
    2. Allowing access
    3. Denying access
    4. Restricting access
    5. End controlling


Access Control application consists of two directories: access and control. "control" is only used by the person(s) controlling access. "access" is accessible by everybody with a valid username and password.

Directory names - and basicly anything in the application - can be changed if references to them are changed in the respective files (".htaccess") as well.


Each user should be given a unique name and password with which to login into the "access" directory.

Usernames can contain 1-99 upper- and lower case letters, numbers and special characters "_.@=+-".

Passwords can contain 1-40 upper- and lower case letters, numbers, space and special characters "_.,:;@=/*+-".


Each user can be member of several groups. Groups are used to control access to subdirectories inside "access".

Group names can contain 1-20 upper- and lower case letters, numbers, and the underscore character "_".


Directories inside the "access" directory can be limited to allow access from users in a single group. (".htaccess" files are used for access control.)

Directory names can contain 1-40 upper- and lower case letters, numbers, and the underscore character ("_"). Subdirectories are separated by slash ("/"). 10 subdirectory levels are accepted.


Unpack the application package in a directory visible on your website.


Application package contains the following files:

File Permissions

You will need to give the web server application permission to write to the directories and files inside the "access" directory. Either issue the commands "sudo chgrp -R www-data access" and "sudo chmod -R g+w access", or lacking power to do that, just give the whole wide world write access to your web pages: "chmod -R o+w access".


Edit the "control/htaccess.conf" file. Especially remember to set the "basedir" variable correctly. It must be full path to the "access" directory; for example "/home/myaccount/domainname/www/access". Do the same for the paths in the ".htaccess" files in both "control" and "access" directories.

Remember to create a user that can access the "control" web pages with a unix command: "htpasswd control/.htpasswd username password".

Application web pages in the "control" directory can be freely edited. Just keep the php tags (<? ... ?>) intact.


Access to the "access" directory by WWW is controlled by the web server.

Begin accessing

User entering the "access" directory will be greeted by a web login dialog. A correct username and password set in the "control" pages is required.

Browsing directories

Each user can only access directories that are associated with a group that the user is a member of. Otherwise, an error message is shown.

End accessing

There is no way to log out of the service except to close the web browser.


Users, groups and directory access are maintained by the application in the "control" directory.

Begin controlling

Point your web browser to the address of the "control" directory and log in with the username and password set in the "control/.htpasswd" file (see configuration).

Allowing access

First create a user: Choose "users" from the control menu. Write in a username and a password. Press "create". The created user should become visible in the drop-down menu showing all usernames. After that, you can try to log into "access" directory with that username.

Second, create a group: Choose "groups" from the control menu. Write in a name for the group. Check the checkbox by the user's name to make that user a member of the group. Press "create". The new group should become visible in the drop-down menu showing all groups.

Finally, create a directory: Choose "directories" from the control menu. Write in a name for a new directory. Choose a group from the drop-down menu. Press "create". The new directory should become visible in the drop-down menu showing all directories. It should be accessible only by members of the associated group.

Note: Directories created by the web server cannot be written to by other users. If you plan to upload files to those directories by, say, FTP, you should create the directories with FTP and give the web server write access to them as explained in permissions.

Denying access

To block a user's access the controlled web pages, choose "users" from the control menu, choose that user from the "users" drop-down menu, and click "select". The user's name visible in the "user" text field, click "delete". The user account will be totally deleted from the system.

Restricting access

To disallow a user from using a directory, remove that user from the group associated with the directory. To do that, choose "directories" from the control menu. Choose the directory from the drop-down menu and click "select". You will see the group that the directory is associated with in the "group" drop-down menu. Go to the "users" view and select that user from the drop-down menu. Uncheck the checkbox beside the name of the group associated with the directory. Press "save". The user will be detached from that group and denied access to the directory.

End controlling

Remember to close the browser when you end controlling access, so that you will be properly logged out from the control web pages.