20061204
From Wsms
previous next
GO TO:
Linux Class Notes
The apache web server
Contents |
Daily administrative tasks
Checking that output from aide, we see that the weekly yum update updated a lot of files.
.htaccess files and required passwords for specific directories
We are going to implement some directives in places other places than the configuration folders. The key file of interest is named ".htaccess".
We will explore access control, and control access via ip.
We will also study how to control access via userid.
This week we are going to expand the way of doing things with the apache configuration file.
Generally you will do that as an administrator by editing the configuration file.
You must be the administrator to do it.
We will spend almost all this session looking at a facility known as the .htacces file which allows users to configure apache for their own directories.
This is a facility that is unique to apache and is not found in IIS.
View to the aide file in our server
Most of the things we see in the aide files are changes. The reason is there was an update done by yum on saturday morning (we guess). So, we will accept those changes. Most of them deal with graphic aplications like open office, photoshop, etc. Allright, Joe moves the database, and runs the aide --update & command
Making the users capable to make changes in their own configuration files
Tipically users can include in their folders files that have the name .htaccess (this files are hidden by default) This is aconfigurtion file, actually, and it contains apache configuration directives. If everything else is set correctly, as apache is returning document to a browser, so the web pages can be dispayed, it looks if the .htaccess file is present, and then apache may cross the directives in this files, with the main configuration directives (it may, only if the directives are not conflictive with the main configurations, and if they are allowed).
The problem here is that the .htaccess might contain configuration information that are esentially part of the data structure, rather than the configuration structure. As a consequence of this, the .htaccess may have impact in the main performance of apache. Besides, if there are syntax errors in the .htaccess file, then apache will return the 500 message of internal error .
As an administrator of the server, this gives the ability to enpower users to administrate their documents. But if users don't have enough skills apache, they can make mistakes, and then final users can retrieve a very generic error (500).
It is possible to put a parameter in usermin, to create an modify the .htaccess file. The good news is that our enpowered users can know a little less about apache. This will kind of guarantee that the syntax will be correct. This doesn't mean that all things will be automated, but at least, it helps a little.
Example: empower the ability to password protect a part or a website
Joe tries to open his web page in the server, and now, the server is asking him for a password and a valid userid. This happens because during the weekend, he made some changes to his .htaccess file. Now we will learn how to do it...
He has created a .htaccess file, and it contains the following:AuthName "Joes Directory" AuthType Basic Require valid-user AuthUserFile /home/joemcg/goodguysHe remarks that he have done this through usermin, and did nothing directly.
Remember that none of this stuff works if there are not certain modules loaded. So, our duty for the upcoming quiz is to know wich modules are necesary for doing this.
So, after doing all of our execrises, we could place a .htaccess to our home directory. We can do it by editing the file, or we can go to usermin and go to apache options and create the apropiate file.
Step-by-step
Check /etc/httpd/conf/http.conf
The first step only really applies of your are the administrator of the server in question. You must have root privileges to change /etc/httpd/conf/httpd.conf and to restart apache. Make sure your /etc/httpd/conf/httpd.conf allows you to override stuff with .htaccess files. Your /etc/httpd/conf/httpd.conf needs to have a stanza that reads something like this:
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
Don't forget to restart apache if you change /etc/httpd/conf/httpd.conf:
[root@arthur ~]# apachectl graceful
Create your password file
Use htpasswd to create a password file
[georgeg@rop ~]$ htpasswd -c htusers guest New password: Re-type new password: Adding password for user guest [georgeg@rop ~]$ cat htusers guest:Re6HSi5ziULzo
Create your .htaccess file
Use vi or another editor, or usermin, to create your .htaccess file. In needs to look something like this:
AuthType Basic AuthName "Password Required" AuthUserFile /home/georgeg/htusers AuthGroupFile /home/georgeg/htgroups Require valid-user
The new file needs to go into the directory you are wish to a password protect. So, it will be something like /home/georgeg/public_html/.htaccess.
References
There was a new handout: http://wsms.wikiplanet.com/html/class_handouts/usermin-passwd.htm
The apache manual includes a howto. See http://localhost/manual/howto/htaccess.html
