Password protect w/o .htaccess

Is there anyway to password protect a whole Unix directory without using .htaccess?

What do you mean? .htaccess files protect directory content from web users and nobody else. It's an Apache mechanism, not Unix. If you want to keep people out / only allow certain people in a directory, just use the file / directory permissions that Unix offers. All you have to do is chown and chmod the directory and / or its contents properly.

Sorry, I meant Apache...

It needs to contain files that can be downloaded via HTTP, but only if they have proper credentials. But, I don't want this directory accessed directly (there has GOT to be a better way to say that...).

Probably sounds a little far fetched. I'll figure something out...

Even if there is, htaccess is the most "correct" solution. It's what it was designed for doing. What's wrong with using htaccess?

You can do this by using sessions and a gatekeeper script on each page to be protected.

You're probably right. The only thing is that I need an HTML form that will use PHP to add and remove users from the .htpasswd file.

This directory will contain other files (such as images) that need to be protected, so PHP sessions won't cut it. Thanks anyway

Whoa mates... I'm not sure what's so tough about this...

It sounds to me like all you need to do is use htpasswd to set up a user list, then set up httpd.conf accordingly. For what you're doing, it doesn't sound like you'll even need to mess with .htaccess files. If you need a tutorial:

http://www.apacheweek.com/features/userauth

Incidentally... please post Apache questions in the Apache forum to help keep the place a little better organized.

>> htaccess is the most "correct" solution. It's what it was designed for doing

Actually not. Instead, it was designed for just two things:

1) web users who don't have write access to httpd.conf
2) to do some very dynamic things without restarting the server

But mod_rewrite within httpd.conf can do the same equivalent tasks dynamically without restarting the server as well. Now there's only a single reason left.

Once again, if you have administrative access to httpd.conf you don't need to use .htaccess at all, as if there is no such thing in the Apache world.

Well I'll be damned - http://httpd.apache.org/docs/howto/htaccess.html#when

Well it does still work, you just need to store binary data out of the tree. I think getting os security prompts is pretty hokey, It is much more professional to have a proper login.

The .htpasswd file(s) that .htaccess will be using will require undergoing frequent changes (via PHP script), so this is the best solution. httpd.conf is probably out of the question anyways.

All the more reason to CENTRALIZE your settings in httpd.conf, not splatter them all over the webspace with .htaccess files.

I'm having a very difficult time envisioning your need for .htacess here. Maybe you should tell us EXACTLY what you need to do. It sounds like you're going to try and frequently change the content that users may access rather than changing the users that may access the content (but not just remove the content from the webspace). Why?

>> The .htpasswd file(s) that .htaccess will be using will require undergoing frequent changes (via PHP script)

Note, we are talking about .htaccess vs. httpd.conf.
Sound like you can't figure out how to go about writing such a PHP script and open+write to the .htpasswd file. If that's the case please go to the appropriate forum (PHP) and start a new thread. Not to mention discussing htaccess was OFF TOPIC here (Linux Forum) in the first place.

Never mind, all -- I got it.