Redhat: Apache webserver Directories
.htaccess files
the .htaccess file can be used to simplity the options in the httpd.conf file. This is becuase it can be used to override inherited permissions for virtual hosts and directories.
To do so an option must be added to the the directory or virtual host container:
<directory>
AllowOverride Options
</directory>A .htaccess file can now be used to override inherited options by storing it in any web directory with the httpd_config_t SELinux context.
Password Protected Access
To add password access to website, a seperate database of usernames and passwords must be created. Apache provides commands to do this:
htpasswd -c /etc/httpd/webpass engineer1 #creates a file and adds user engineer1
htpasswd /etc/httpd/webpass engineer2 #adds engineer2 to the same fileHome Directory Access
The default httpd.conf file contains some options to enable home directory access.
UserDir disabed
#UserDir public_htmlEnabling this will give user access to weboages in their ~/public_html directory. But this is a security issue as as the users entire home directory would need to be give 701 permissions - in other words executable for everyone. This would allow a cracker to execute any script he finds as any logged in user.
There is an alternative: use ACLs. If the filesystem has been mounted with ACL permissions then access can be given to the apache user using the setfacl command:
setfacl -m U:apache:x /home/michael
setfacl -m U:apache:x /home/michael/public_htmlThe last thing that must be done is to enable the httpd_enable_homedirs boolean in SELlinux:
setsebool -P httpd_enable_homedirs 1