Public html directories for users

From XPUB & Lens-Based wiki

~

On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username

The following recipe will be explain how do it in a safe way.

The recipe will use apache2 webserver, (TODO) ngnix config should be added

More on ~:


webserver configuration

apache2

Become su: 

sudo su -


Create an userdir apache configuration with

Edit: nano /etc/apache2/mods-available/userdir.conf

Add to it: 

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
    <Directory /home/*/public_html>
          AllowOverride All
          Options MultiViews Indexes SymLinksIfOwnerMatch                                              
          <Limit GET POST OPTIONS>
           Require all granted
          </Limit>
          <LimitExcept GET POST OPTIONS>
          Require all denied
          </LimitExcept>
   </Directory>
</IfModule>

Restart apache 

systemctl restart apache2

Check all looks good (green): 

systemctl status apache2

Nginx

TODO

user public_html dir

Each user should have inside her home folder a dir called public_html, which can be done by a user with sudo powers.

Become super user (su) 

sudo su -

Create a public_html dir for each user making the user both owner and group 

for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done


create group and change permissions

kudos to gnd for helping with this.


If you are no longer su, become su again :) 

sudo -u

create script: 

nano /root/permissions.sh

Add this sh script to it: 

#!/bin/sh

# make a new group
groupadd publicweb 
# add apache www-data group to it
usermod -a -G publicweb www-data 

# for each user in /home
for u in `ls /home`; 
do 
        echo $u
        # add user to publicweb group
        usermod -a -G publicweb $u
        # change group of user dir to publicweb
        chown $u:publicweb /home/$u
        # give permissions rwxr-x--x  others need to be x for apache transversing
        chmod 751 /home/$u
        # just allow read permission and traversal for the group, no write to public_html dir
        chmod 750 /home/$u/public_html
        # make the files created under public_html belong to publicweb group         
        chmod g+s /home/$u/public_html
        # make group of public_html publicweb
        chgrp publicweb /home/$u/public_html
done

Make the script executable: 

chmod +x /root/permissions.sh

Run it: 

./root/permissions.sh


Test it: 

ls -l /home/

user dirs should have the following groups and permissions: 

drwxr-x--x  8 username            publicweb 4096 Mar 22 18:40 username



ls -l /home/*

users' public_html dirs should have the following groups and permissions: 

drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html


Visit

http://domain.nl/~username

Retrieved from "https://pzwiki.wdka.nl/mw-mediadesign/index.php?title=Public_html_directories_for_users&oldid=167480"