Date: Mon, 16 Feb 2004 12:53:53 -0500 (EST) From: "Gary D. Margiotta" <gary@tbe.net> To: Lewis Thompson <purple@lewiz.net> Cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). Message-ID: <Pine.BSF.4.21.0402161246280.23339-100000@thud.tbe.net> In-Reply-To: <20040216181759.GA64843@lewiz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It's certainly possible. First, look in the Apache conf, and look for where it sets up the section for user's personal web space. You can change that directory to be anything, and you'd either need to make the config understand and serve the home directory of the user (rather than just an html subdirectory), or vice versa, make the apache-served directory the home directory as specified in the passwd file. To allow directory browsing, you simply need to add 'Indexes' into your Options configuration directive under the above Apache config section, and that will give you a directory listing, instead of encountering a forbidden error when accessing a directory without a default landing page. You can set up secure (port 443) HTTPS access only on that broswer, you just have to set it up for SSL, and disallow port 80 traffic. And, you could make a port 80 jump page, which tells the user that they've reached the right place, but they have to connect using SSL instead of regular unencrypted http sessions. You can restrict users to their directories using the .htaccess feature, and a password table, which will require authentication into the directories when accessed through the browser. Also, on top of that, you can use the ftpchroot functionality to restrict each and every user to be allowed to ftp only into their home directory and stray nowhere else on the machine. All the above can be found by looking and reading through the config files and documentation for Apache, and the appropriate man pages in FBSD for things like ftpchroot. As for the security of running this way, I'll defer to others who may have thought about and tried this approach before. -Gary Running Windows is kinda like playing blackjack: User stays on success, reboots on failure On Mon, 16 Feb 2004, Lewis Thompson wrote: > Hi, > > I was recommended to ask here for information on running Apache in a way > that regular system users can access their home directories. > > I think this is quite a straightforward question -- I'd like to allow > user fred to log in over HTTPS and have access to upload, delete, > rename, etc. all of the files he has permission to access (or possibly > restricted to just his home directory -- sort of a chroot). > > Is this possible using Apache (or maybe some other application)? And > more importantly can it be done in a secure fashion? > > Thanks very much, > > -lewiz. > > -- > I was so much older then, I'm younger than that now. --Bob Dylan, 1964. > ------------------------------------------------------------------------ > -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0402161246280.23339-100000>