On a system with many UNIX users, you may want to allow each user to create his own set of web pages. Instead of creating a subdirectory for each user under some document root directory, you can instead designate a subdirectory in each user's home directory as a location for web page files. Typically, this subdirectory is called public_html and its contents are made available at a URL like http://www.example.com/~username/.
The special ~username path in the URL is converted by Apache to a directory under the home of the user named username, no matter what document root directory is being used for the rest of the files on the website. It is also possible for files in the user's actual home directory to be made available instead, so that ~username actually maps to the user's home directory and not a subdirectory. This is a bad idea, however, as it makes all of the user's files available to anyone with access to the website.
To turn on Apache's user web directories feature so ~username URL paths can be used, follow these steps:
Similarly, you can enter a URL into the directory field, which will be used by Apache to generate a URL to redirect browsers to when a user web directory is requested. For example, if you enter http://home.example.com/users/ and the URL path ~jcameron/foo.html is requested by a browser, it will be redirected to http://home.example.com/users/jcameron/foo.html instead. This is useful if you want to move user web directory hosting to a separate server, while allowing URLs on your main server to be used to access them.
Even though the above are sufficient to enable user web directories, there are some other things that you might want to do. As the earlier Section 29.16 “Editing .htaccess Files” explains, you may want to limit the kinds of directives that users can put in their .htaccess files so that they cannot execute CGI programs or use server-side includes. You can also change the default directory indexing and document options that apply to user web directories. To accomplish both of these tasks, follow these steps:
1. | On the module's main page, click on the icon for the virtual server in which user web directories were enabled, or the default server. |
2. | Assuming all your users have their home directories under /home and the web subdirectory is named public_html, enter /home/*/public_html into the Path field of the create per-directory, files, or location options form at the bottom of the page. |
3. | |
4. | Click the Create button to create a new set of options that will apply to users' web directories, then click on its newly created icon. This will bring up the document options page shown in Figure 29.5. |
5. | |
6. | Change the Directory options field to Selected below and set to Yes those options that you want to apply to user web directories. It is advisable to turn on Generate directory indexes and safe to enable Server-side includes, but not Execute CGI programs or Server-side includes and execs. The Follow symbolic links option is relatively safe to turn on as well, but will allow users to make available via the web files that are not in their public_html subdirectory by creating links to them. |
7. | To prevent users from overriding these settings in .htaccess files, change the Options file can override field to Selected below and deselect the MIME types and encodings and Directory options checkboxes. The others control options that present no security risk and so can be safely left selected. |
8. | Click the Save button and then the Apply Changes link to save and activate the restrictions. |
9. | If you want to turn on server-side includes, set some custom MIME types or IP access controls for user web directories, you can do it by following the instructions in the appropriate sections for this directory. Because server-side includes are quite harmless with the ability to execute external programs disabled, they can be safely enabled for users by setting the right content handler for .html or .shtml files, as Section 29.9 “Setting Up Server-Side Includes” explains. |
3.137.181.66