Configure Apache to have personal websites in home directories
Q I want to set up Apache so that users have personal websites in their home directories, with /homes/user/website linking to www.blah.com/~user. I know I can do this using the userdir module. However, the problem is that users mount their home directories from a Windows box. As such, when they drop files into this folder, it does not give Apache any permissions to read the files they put in. How can I set this up so anything the user drops into their public folder is readable by the Apache user automatically? I've seen mention of something called mod rewrite but this doesn't seem to be the answer. Neither do I want the users to have to change permissions (too low-level for them!) or run some script every couple of hours to check their permissions! Is there an Apache module that can do something like this?
A mod_rewrite is a very powerful tool, but the wrong one for this job as it alters redirects-requested URLs based on regular expressions. You were right with your first choice of the userdir module. Your problem boils down to making sure the HTML and other files that users drop into their web space are readable by the server without making the whole user directory world readable, which is easily done with some carefully chosen ownerships and permissions. Working with the default Apache userdir configuration, http://hostname/~username/ is mapped to /home/username/public_html/. The first step is to make sure that the user directories are readable by the users only:
chmod 711 /home/*
Then the public_html directories need to be readable by the group under which Apache is run. This is usually 'apache', but some distros run the server as 'nobody' Look for the Group directive in the httpd.conf file:
chgrp apache /home/*/public_html chmod 750 /home/*/public_html chmod g+s /home/*/public_html
Now the users' directories can only be read by the users themselves (chmod 711) while the public_html directories belong to the 'apache' group and can be read (but not written) by members of that group. The third command makes the directory setgid, so any files created in here will automatically belong to the apache group instead of the user's normal group. Ownership of the file is still with the user. If you want to use a different directory for the user's file instead of public_html, edit the relevant part of your Apache configuration. This can vary from one distro to another but one of your config files will contain the line:
Change this to wherever you want the HTML files to be kept in each user's home directory.
- Migrating a server's DNS, websites, home directory and email
- Configure Apache to ignore WebDAV requests
- Access multiple home directories with a single FTP account
- Configuring Apache and NAT
- Locked out of /home directory