Public html directories for users: Difference between revisions

From XPUB & Lens-Based wiki
Line 8: Line 8:
=webserver configuration=
=webserver configuration=
==apache2 ==
==apache2 ==
Create an userdir apache configuration to
Become su:
sudo su -
 
 
Create an userdir apache configuration with


Edit:
Edit:

Revision as of 16:57, 23 March 2020

~

On shared servers users can be given public web folders often represented in the url as http://domain.nl/~username

The following recipe will be explain how do it in a safe way.

The recipe will use apache2 webserver, (TODO) ngnix config should be added

webserver configuration

apache2

Become su:

sudo su - 


Create an userdir apache configuration with

Edit: nano /etc/apache2/mods-available/userdir.conf

Add to it:

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
    <Directory /home/*/public_html>
          AllowOverride All
          Options MultiViews Indexes SymLinksIfOwnerMatch                                              
          <Limit GET POST OPTIONS>
           Require all granted
          </Limit>
          <LimitExcept GET POST OPTIONS>
          Require all denied
          </LimitExcept>
   </Directory>
</IfModule>

Restart apache

systemctl restart apache2

Check all looks good (green):

systemctl status apache2

Nginx

TODO

user public_html dir

Each user should have inside her home folder a dir called public_html, which can be done by a user with sudo powers.

Become super user (su)

sudo su - 

Create a public_html dir for each user making the user both owner and group

for u in `ls /home`; do mkdir /home/$u/public_html; chown $u:$u /home/$u/public_html; done 


==

#!/bin/sh

# make a new group
groupadd publicweb 
# add apache www-data group to it
usermod -a -G publicweb www-data 

# for each user in /home
for u in `ls /home`; 
do 
        echo $u
        # add user to publicweb group
        usermod -a -G publicweb $u
        # change group of user dir to publicweb
        chown $u:publicweb /home/$u
        # give permissions rwxr-x--x  others need to be x for apache transversing
        chmod 751 /home/$u
        # just allow read permission and traversal for the group, no write to public_html dir
        chmod 750 /home/$u/public_html
        # make the files created under public_html belong to publicweb group         
        chmod g+s /home/$u/public_html
        # make group of public_html publicweb
        chgrp publicweb /home/$u/public_html
done