We’ll see how to use the UserDir directive (for more on UserDir, refer to PCQuest, November 2001, page 62) to assign a Web directory to users with login accounts on a Linux machine running the Apache Web Server. We’ll also see the use of .htaccess file, which will let Linux users host their Web pages. This can be used in an educational institution where each student can host Web pages in his home directory, or in an organization, where the HR department can use it to maintain records of all the employees. A basic homepage template can be made for all the employees, and subsequently filled up for each one. It’s a simple task and you won’t have to go through the hassles of configuring virtual hosting. Using the UserDir directive, you need to just specify the directory name relative to the Linux user’s home directory, ie /home/
UserDir public_html
in httpd.conf specifies that Linux users can host Web pages in a subdirectory named public_ html within their home directory.
The Web pages of each user can be accessed using the URL:
http://
Note the tilde (~) before the login name. Let’s start from scratch by creating a user account. Issue the following command at the Linux command line as root:
useradd shekhar
passwd shekhar
These commands will create a login name ‘shekhar’ and will prompt to assign a password to it. Use your own login name instead of ‘shekhar’ to login. You will be dropped into the home directory, which in our case is /home/ shekhar. Create a directory named public_html within this directory. Next, create a simple HTML page. Type in the following HTML tags using a Linux text editor.
Welcome to Shekhar’s home page
Save this file with the name index.html in the public_html directory. To know why we named the file ‘index.html’, read about the directive named ‘DirectoryIndex’ in our November 2001 issue. The home directory of shekhar, ie, /home/shekhar must have the worldwide x (execute) permission set. This is done by issuing the command:
chmod o+x
/home/shekhar
Also, the files created or copied (like the index.html file) in the public_html directory must be world readable (chmod o+r
In November we also talked about the Options directive, which can be used to set options for a Web directory, for instance, /var/www/html (the document root). Since the directory defined by UserDir is also a Web directory, we can use the Options directive for it too. Insert the following lines below the UserDir directive.
Options Indexes MultiViews Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
This defines settings for the Web directory public_html. The asterisk (*) is substituted by the
suEXEC does not permit to escape from the Web directory into the file system and the ‘ls’ command is located in /bin directory. So the SSI page we had written in November will not work. But with some tweaking we can make CGI scripts work with suEXEC. A restriction imposed by suEXEC is the directory specified by the UserDir directive as well as the CGI script file must be writable only by the owner (shekhar), not even by the group. So we remove the write permission for the group by:
chmod g-w /home/shekhar/public_html
chmod g-w /home/shekhar/public _html/test.cgi
Now the script will work when invoked by the URL:
http://127.0.0.1/~shekhar/test.cgi
If you want to disable susEXEC altogether, then move the file named suexec from the /usr/sbin directory to some other directory and then restart Apache. To enable suEXEC again, copy the file again to the /usr/sbin directory. The log file showing errors related to suEXEC is suexec_log. You can find this file in /var/ log/httpd. You may refer to http://httpd. apache.org/ docs/ suexec.html to know more on suEXEC.
Giving access to httpd.conf to any user can be a security hazard. We can use the ‘Options’ and ‘Limit’ values for the AllowOverride directive. The former allows delegation of ‘Options’ directive and the later allows delegation of ‘Order’, ‘Allow’ and ‘Deny’ directives. The modified lines for public_html Web directory will now look like:
AllowOverride Options Limit
Now login as user ‘shekhar’ and create a file named ‘.htaccess’ in public_html directory and insert the removed directives in this file. So now the ‘.htaccess’ file will look like:
Options Indexes MultiViews Includes ExecCGI
Order allow,deny
Allow from all
User ‘shekhar’ can modify this file to include or exclude directives without touching httpd.conf. This file must be readable by others (chmod o+r .htaccess). The Allowoverride directive can accept three more values– FileInfo, Indexes, AuthConfig–besides Options and Limit. The former two are related to Web document types, Web directory presentation, language icons, etc. The AuthConfig directive is used to password protect user directory (or any Web directory).
Shekhar Govindarajan