Public html directories for users: Difference between revisions
Andre Castro (talk | contribs) No edit summary |
Andre Castro (talk | contribs) |
||
Line 60: | Line 60: | ||
=create group and change permissions= | =create group and change permissions= | ||
kudos to gnd for helping with this. | |||
If you are no longer su, become su again :) | If you are no longer su, become su again :) |
Latest revision as of 17:08, 23 March 2020
~
On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username
The following recipe will be explain how do it in a safe way.
The recipe will use apache2 webserver, (TODO) ngnix config should be added
More on ~:
webserver configuration
apache2
Become su:
sudo su -
Create an userdir apache configuration with
Edit: nano /etc/apache2/mods-available/userdir.conf
Add to it:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
</IfModule>
Restart apache
systemctl restart apache2
Check all looks good (green):
systemctl status apache2
Nginx
TODO
user public_html dir
Each user should have inside her home folder a dir called public_html
, which can be done by a user with sudo powers.
Become super user (su)
sudo su -
Create a public_html dir for each user making the user both owner and group
for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done
create group and change permissions
kudos to gnd for helping with this.
If you are no longer su, become su again :)
sudo -u
create script:
nano /root/permissions.sh
Add this sh script to it:
#!/bin/sh
# make a new group
groupadd publicweb
# add apache www-data group to it
usermod -a -G publicweb www-data
# for each user in /home
for u in `ls /home`;
do
echo $u
# add user to publicweb group
usermod -a -G publicweb $u
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# make group of public_html publicweb
chgrp publicweb /home/$u/public_html
done
Make the script executable:
chmod +x /root/permissions.sh
Run it:
./root/permissions.sh
Test it:
ls -l /home/
user dirs should have the following groups and permissions:
drwxr-x--x 8 username publicweb 4096 Mar 22 18:40 username
ls -l /home/*
users' public_html dirs should have the following groups and permissions:
drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html