Latest revision as of 17:08, 23 March 2020

~

On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username

The following recipe will be explain how do it in a safe way.

The recipe will use apache2 webserver, (TODO) ngnix config should be added

webserver configuration

apache2

Become su:

sudo su -

Create an userdir apache configuration with

Edit: nano /etc/apache2/mods-available/userdir.conf

Add to it:

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
    <Directory /home/*/public_html>
          AllowOverride All
          Options MultiViews Indexes SymLinksIfOwnerMatch                                              
          <Limit GET POST OPTIONS>
           Require all granted
          </Limit>
          <LimitExcept GET POST OPTIONS>
          Require all denied
          </LimitExcept>
   </Directory>
</IfModule>

Restart apache

systemctl restart apache2

Check all looks good (green):

systemctl status apache2

Nginx

TODO

user public_html dir

Each user should have inside her home folder a dir called public_html, which can be done by a user with sudo powers.

Become super user (su)

sudo su -

Create a public_html dir for each user making the user both owner and group

for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done

create group and change permissions

kudos to gnd for helping with this.

If you are no longer su, become su again :)

sudo -u

create script:

nano /root/permissions.sh

Add this sh script to it:

#!/bin/sh

# make a new group
groupadd publicweb 
# add apache www-data group to it
usermod -a -G publicweb www-data 

# for each user in /home
for u in `ls /home`; 
do 
        echo $u
        # add user to publicweb group
        usermod -a -G publicweb $u
        # change group of user dir to publicweb
        chown $u:publicweb /home/$u
        # give permissions rwxr-x--x  others need to be x for apache transversing
        chmod 751 /home/$u
        # just allow read permission and traversal for the group, no write to public_html dir
        chmod 750 /home/$u/public_html
        # make the files created under public_html belong to publicweb group         
        chmod g+s /home/$u/public_html
        # make group of public_html publicweb
        chgrp publicweb /home/$u/public_html
done

Make the script executable:

chmod +x /root/permissions.sh

Run it:

./root/permissions.sh

Test it:

ls -l /home/

user dirs should have the following groups and permissions:

drwxr-x--x  8 username            publicweb 4096 Mar 22 18:40 username

ls -l /home/*

users' public_html dirs should have the following groups and permissions:

drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html

Visit

http://domain.nl/~username

Public html directories for users: Difference between revisions