Public html directories for users: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
The recipe will use apache2 webserver, '''(TODO)''' ngnix config should be added | The recipe will use apache2 webserver, '''(TODO)''' ngnix config should be added | ||
More on ~: | |||
* https://tilde.club/ | |||
* [https://tilde.club/~pfhawkins/othertildes.html other tilders] | |||
=webserver configuration= | =webserver configuration= | ||
==apache2 == | ==apache2 == | ||
Become su: | |||
sudo su - | |||
Create an userdir apache configuration with | |||
Edit: | |||
nano /etc/apache2/mods-available/userdir.conf | |||
Add to it: | |||
<source lange="conf"> | <source lange="conf"> | ||
<IfModule mod_userdir.c> | <IfModule mod_userdir.c> | ||
Line 26: | Line 39: | ||
</IfModule> | </IfModule> | ||
</source> | </source> | ||
Restart apache | |||
systemctl restart apache2 | |||
Check all looks good (green): | |||
systemctl status apache2 | |||
==Nginx== | ==Nginx== | ||
Line 40: | Line 59: | ||
== | =create group and change permissions= | ||
kudos to gnd for helping with this. | |||
If you are no longer su, become su again :) | |||
sudo -u | |||
create script: | |||
nano /root/permissions.sh | |||
Add this sh script to it: | |||
<source lang="bash"> | <source lang="bash"> | ||
#!/bin/sh | #!/bin/sh | ||
Line 68: | Line 99: | ||
</source> | </source> | ||
Make the script executable: | |||
chmod +x /root/permissions.sh | |||
Run it: | |||
./root/permissions.sh | |||
Test it: | |||
ls -l /home/ | |||
user dirs should have the following groups and permissions: | |||
drwxr-x--x 8 username publicweb 4096 Mar 22 18:40 username | |||
ls -l /home/* | |||
users' public_html dirs should have the following groups and permissions: | |||
drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html | |||
==Visit== | |||
http://domain.nl/~username | |||
[[Category:Cookbook]] |
Latest revision as of 17:08, 23 March 2020
~
On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username
The following recipe will be explain how do it in a safe way.
The recipe will use apache2 webserver, (TODO) ngnix config should be added
More on ~:
webserver configuration
apache2
Become su:
sudo su -
Create an userdir apache configuration with
Edit: nano /etc/apache2/mods-available/userdir.conf
Add to it:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
</IfModule>
Restart apache
systemctl restart apache2
Check all looks good (green):
systemctl status apache2
Nginx
TODO
user public_html dir
Each user should have inside her home folder a dir called public_html
, which can be done by a user with sudo powers.
Become super user (su)
sudo su -
Create a public_html dir for each user making the user both owner and group
for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done
create group and change permissions
kudos to gnd for helping with this.
If you are no longer su, become su again :)
sudo -u
create script:
nano /root/permissions.sh
Add this sh script to it:
#!/bin/sh
# make a new group
groupadd publicweb
# add apache www-data group to it
usermod -a -G publicweb www-data
# for each user in /home
for u in `ls /home`;
do
echo $u
# add user to publicweb group
usermod -a -G publicweb $u
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# make group of public_html publicweb
chgrp publicweb /home/$u/public_html
done
Make the script executable:
chmod +x /root/permissions.sh
Run it:
./root/permissions.sh
Test it:
ls -l /home/
user dirs should have the following groups and permissions:
drwxr-x--x 8 username publicweb 4096 Mar 22 18:40 username
ls -l /home/*
users' public_html dirs should have the following groups and permissions:
drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html