120

I am using .htpasswd to password protect certain directory on my server. However, I noticed that everytime I do this sudo htpasswd -c /etc/apache2/.htpasswd newuser my current contents of .htpasswd will be overwritten. Every directory of my site has their own user on .htpasswd.

How can I not overwrite instead add a new user on my .htpasswd?

Richard Simões
  • 12,401
  • 6
  • 41
  • 50
fishcracker
  • 2,401
  • 5
  • 23
  • 28

2 Answers2

196

Exact same thing, just omit the -c option. Apache's docs on it here.

htpasswd /etc/apache2/.htpasswd newuser

Also, htpasswd typically isn't run as root. It's typically owned by either the web server, or the owner of the files being served. If you're using root to edit it instead of logging in as one of those users, that's acceptable (I suppose), but you'll want to be careful to make sure you don't accidentally create a file as root (and thus have root own it and no one else be able to edit it).

Datageek
  • 25,977
  • 6
  • 66
  • 70
Corbin
  • 33,060
  • 6
  • 68
  • 78
  • Good gracious! Never thought that switch is the answer, pardon my innocence. – fishcracker Jan 30 '13 at 02:04
  • However, it won't let me modify the existing `.htpasswd` it insists the use of `-c` switch. – fishcracker Jan 30 '13 at 02:07
  • @fishcracker What's the error? `htpasswd /path/to/file username` is perfectly valid (syntactically anyway) and even the first example on the Apache docs. – Corbin Jan 30 '13 at 02:08
  • My bad. I am trying to do `htpasswd -c /etc/apache2/.htpasswd newuser` in my CentOS server! Sorry, didn't notice I'm at the wrong window. Will accept your answer in 5 mins. Thanks! – fishcracker Jan 30 '13 at 02:12
28

FWIW, htpasswd -n username will output the result directly to stdout, and avoid touching files altogether.

Curtis Mattoon
  • 4,642
  • 2
  • 27
  • 34
  • 1
    Then just append the user:hash to a new line in the old file. This option is also valid for other cases, such as generating from one system to another without apache installed, but which can use apache's htpasswd file (such as lighttpd, for example) – pdropi Oct 07 '21 at 22:58