FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: Password Protection
Delete Users from Password Protected Directories
Posted on 02 July 2012 12:05 AM
Question:

I have password protected various directories over the years using my CNC. In password protecting a new directory, I see user names in my Existing Users list that are no longer valid. However, some of the directories that these old users were given access to are long gone. How can I remove users from my Existing Users list?

Answer:

For a directory that still exists, you can use the File Manager in your CNC to remove the user(s) from that directory. Just click your mouse in the box in front of the password-protected directory, then click the "Password Protect" option in the bottom menu. You'll then be shown a list of users that have access to that directory. Click the [Delete] option next to the username(s) you want to remove from the access list for that directory. On the screen that follows, you'll be asked to confirm the request and will also be given the option to Delete the user from the "Password File". Selecting Yes to delete the user from the Password File will result in the removal of the user from all directories under the account.

For the users that were assigned to directories that no longer exist, you can remove them from your Existing Users list in one of three ways:

  1. Option 1 - Add Them to Remove Them

    Create a new directory under the /www/ directory in your CNC, and name it something like RemoveUsers (we'll just be using this directory temporarily).

    Select that directory by clicking the box in front of it, then click the Password Protect option. On the screen that follows, select a User from the dropdown list that you want to ultimately delete. When done, click Submit. Repeat this process for all users that you wish to ultimately remove.

    When all of the users that you want to delete have been added to this directory, select the directory again and use the Password Protect button. You'll now be removing those users and permanently deleting them from the password file. Click the [Delete] option next to the username(s) you want to remove from the access list for that directory. On the screen that follows, make sure to select Yes to delete the user from the Password File to remove that user from all directories under the account.

    When done, you can then delete the directory you created for this purpose.



  2. Option 2 - Manually Edit the Master Password File using the CNC

    Edit your .passwd file directly from the CNC by navigating to the following address:
    https://xdomain.securecnc.net/CNC/fileman.cgi?do=edit&dir=%2Fbig%2Fdom%2Fxdomain%2F.sys_opr_dir%2FCNC_Protect%2F&file=.passwd
    (Make sure you get the full URL and replace xdomain with your own xdomain the two places where it appears above.)

    When you visit your CNC using the above URL, you will see a list of usernames and their encrypted passwords, separated by a colon:
    username:password

    Remove the entire line for any users you wish to delete.



  3. Option 3 - Manually Edit the Master Password File via the Command Line (for advanced users)

    You can also edit your .passwd file using via SSH by navigating to the following directory (replacing the xdomain with your own xdomain):
    /big/dom/xdomain/.sys_opr_dir/CNC_Protect/
    (After logging in via SSH, you can just type cd ../.sys_opr_dir/CNC_Protect/ and hit Enter, and you should end up where you need to be.)

    You should then be able to edit the master .passwd file using a file editor. For example, using pico, you would issue the following command:
    pico .passwd

    If you are unfamiliar with using pico, the following guide should help:
    Using the Pico Text Editor



***
Note: When you delete a user from the master password file (.passwd), the user may still be listed in the .htaccess file of directories that still exist to which they had previous access to (you will see their name if you click Password Protect on that directory). However, as they have been removed from the master password file, they will not have access. You can manually edit the .htaccess file to remove them from it or just use the removal method detailed under "For a directory that still exists" at the beginning of this tutorial.
***