Friday 24 June 2011

HTTP/HTTPS -- Configure private directories

I'm not 100% sure whether this objective refers to making the home directory of system users available via Apache or simply to configuring a private area, whose access is controlled via user name. I will cover the former in this post and refer you to this post for the latter.

Again we'll be editing the httpd config file (etc/httpd/conf/httpd.conf). Make sure that you have the following directives set:
UserDir public_html
 #  UserDir disabled
And then simply uncomment the example provided, which will give you read access to the user files:
<Directory /home/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>
You'll now need to create a public_html directory for all users and make sure that permissions and SELinux are configured correctly. This is for a user called myuser.
mkdir /home/myuser/public_html;chmod 701 /home/myuser; chmod 705 /home/myuser/public_html
Now create a test page and give it the right permissions:
echo 'A Simple User Page' >> public_html/index.html; chmod 604 public_html/index.html
Finally, set the SELinux settings to enable home directories:
setsebool -P httpd_enable_homedirs 1
and change the user contexts to the Apache user context (you can get this command from the manual page for httpd_selinux):
 chcon -R -t httpd_sys_content_t /home/myuser/public_html
Restart Apache and you should be able to visit myuser's fancy page:
elinks 127.0.0.1/~myuser
You can create by public_html directory and even a simple page for all new users by modifying the skeleton directory, like so:
mkdir /etc/skel/public_html
echo 'A Simple User Page' >> public_html/index.html;
chmod -R 705 /etc/skel/public_html/
This only helps for new users, but for existing users the process could be scripted like this:
#!/bin/bash 
if [ -n "$1" ]
then
  user=$1
else
   echo "Usage prepare username"
exit
fi

##Set appropriate permissions for home directory
chmod 701 /home/$user

##Create public_html
mkdir /home/$user/public_html

##Create Index.html file
echo "A Simple User Page for $user" >> /home/$user/public_html/index.html;

##Change permissions and ownership
chown -R $user:$user /home/$user/public_html
chmod -R 705 /home/$user/public_html/

##Change SELinux context
chcon -R -t httpd_sys_content_t /home/$user/public_html
This script can be improved by looping through the accounts and checking that public_html does not exist, but it does the work.

No comments:

Post a Comment