Public html directories for users: Difference between revisions

From XPUB & Lens-Based wiki
 
(5 intermediate revisions by the same user not shown)
Line 5: Line 5:


The recipe will use apache2 webserver, '''(TODO)''' ngnix config should be added
The recipe will use apache2 webserver, '''(TODO)''' ngnix config should be added
More on ~:
* https://tilde.club/
* [https://tilde.club/~pfhawkins/othertildes.html other tilders]


=webserver configuration=
=webserver configuration=
==apache2 ==
==apache2 ==
Create an userdir apache configuration to
Become su:
sudo su -
 
 
Create an userdir apache configuration with


Edit:
Edit:
Line 30: Line 39:
</IfModule>
</IfModule>
</source>
</source>
Restart apache
systemctl restart apache2
Check all looks good (green):
systemctl status apache2


==Nginx==
==Nginx==
Line 44: Line 59:




==
=create group and change permissions=
kudos to gnd for helping with this.
 
 
If you are no longer su, become su again :)
sudo -u
 
create script:
nano /root/permissions.sh
 
Add this sh script to it:
 
<source lang="bash">
<source lang="bash">
#!/bin/sh
#!/bin/sh
Line 72: Line 99:


</source>
</source>
Make the script executable:
chmod +x /root/permissions.sh
Run it:
./root/permissions.sh
Test it:
ls -l /home/
user dirs should have the following groups and permissions:
drwxr-x--x  8 username            publicweb 4096 Mar 22 18:40 username
ls -l /home/*
users' public_html dirs should have the following groups and permissions:
drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html
==Visit==
http://domain.nl/~username
[[Category:Cookbook]]

Latest revision as of 17:08, 23 March 2020

~

On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username

The following recipe will be explain how do it in a safe way.

The recipe will use apache2 webserver, (TODO) ngnix config should be added

More on ~:


webserver configuration

apache2

Become su:

sudo su - 


Create an userdir apache configuration with

Edit: nano /etc/apache2/mods-available/userdir.conf

Add to it:

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
    <Directory /home/*/public_html>
          AllowOverride All
          Options MultiViews Indexes SymLinksIfOwnerMatch                                              
          <Limit GET POST OPTIONS>
           Require all granted
          </Limit>
          <LimitExcept GET POST OPTIONS>
          Require all denied
          </LimitExcept>
   </Directory>
</IfModule>

Restart apache

systemctl restart apache2

Check all looks good (green):

systemctl status apache2

Nginx

TODO

user public_html dir

Each user should have inside her home folder a dir called public_html, which can be done by a user with sudo powers.

Become super user (su)

sudo su - 

Create a public_html dir for each user making the user both owner and group

for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done 


create group and change permissions

kudos to gnd for helping with this.


If you are no longer su, become su again :)

sudo -u

create script:

nano /root/permissions.sh

Add this sh script to it:

#!/bin/sh

# make a new group
groupadd publicweb 
# add apache www-data group to it
usermod -a -G publicweb www-data 

# for each user in /home
for u in `ls /home`; 
do 
        echo $u
        # add user to publicweb group
        usermod -a -G publicweb $u
        # change group of user dir to publicweb
        chown $u:publicweb /home/$u
        # give permissions rwxr-x--x  others need to be x for apache transversing
        chmod 751 /home/$u
        # just allow read permission and traversal for the group, no write to public_html dir
        chmod 750 /home/$u/public_html
        # make the files created under public_html belong to publicweb group         
        chmod g+s /home/$u/public_html
        # make group of public_html publicweb
        chgrp publicweb /home/$u/public_html
done

Make the script executable:

chmod +x /root/permissions.sh

Run it:

./root/permissions.sh


Test it:

ls -l /home/

user dirs should have the following groups and permissions:

drwxr-x--x  8 username            publicweb 4096 Mar 22 18:40 username


ls -l /home/*

users' public_html dirs should have the following groups and permissions:

drwxr-s--- 2 username publicweb 4096 Mar 23 15:24 public_html


Visit

http://domain.nl/~username