linux_wiki:configure_access_restrictions_on_directories

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_access_restrictions_on_directories [2016/10/08 17:56]
billdozor 		linux_wiki:configure_access_restrictions_on_directories [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure Access Restrictions On Directories ====== 
- 
-**General Information** 
- 
-Access restrictions on Apache Web Server/private directories. 
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install Apache Web Server here 
- 
----- 
- 
-====== Prerequisite: Basic Setup ====== 
- 
-\\ 
-Setup host name resolution (**Most likely not needed on exam as they should have proper DNS**) 
-<code bash> 
-vim /etc/hosts 
- 
-192.168.1.150 server1 testsite.example.com 
-</code> 
-  * IP Address will differ depending upon network setup 
- 
-\\ 
-Change website name in main config file 
-<code bash> 
-vim /etc/httpd/conf/httpd.conf 
- 
-ServerAdmin root@testsite.example.com 
-ServerName testweb.example.com 
-</code> 
- 
-\\ 
-Check syntax 
-<code bash> 
-httpd -t 
-</code> 
- 
-\\ 
-Apply Config 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
----- 
- 
-====== Restrict Access to a Directory ====== 
- 
-===== Setup Directory and SELinux ===== 
-Create a directory 
-<code bash> 
-mkdir /var/user1dir 
-</code> 
- 
-\\ 
-Change permissions 
-<code bash> 
-chown user1:user1 /var/user1dir 
-chmod 711 /var/user1dir 
-</code> 
- 
-\\ 
-Create an index file 
-<code bash> 
-echo "This is user1's index.html" > /var/user1dir/index.html 
-</code> 
- 
-\\ 
-SELinux: Check normal httpd content contexts vs new directory 
-<code bash> 
-ls -lZ /var/www 
- 
-ls -lZ /var/user1dir 
-</code> 
-  * You will see that /var/www/html has "httpd_sys_content_t" and /var/user1dir/index.html does not. This will need to be changed. 
- 
-\\ 
-SELinux: Give new directory the correct SELinux httpd context 
-<code bash> 
-semanage fcontext -at httpd_sys_content_t "/var/user1dir(/.*)?" 
-restorecon -Rv /var/user1dir/ 
-</code> 
- 
-===== Restrict Access ===== 
- 
-Change document root 
-<code bash> 
-vim /etc/httpd/conf/httpd.conf 
- 
-DocumentRoot "/var" 
-</code> 
- 
-\\ 
-Allow an "AuthConfig" override (htaccess file) for the /var/user1dir file 
-<code bash> 
-<Directory /var/user1dir> 
-  AllowOverride AuthConfig 
-</Directory> 
-</code> 
- 
-\\ 
-Create htaccess file in user1's directory 
-<code bash> 
-vim /var/user1dir/.htaccess 
- 
-AuthType Basic 
-AuthName "Password Protected Private Dir - Enter Login Credentials:" 
-AuthUserFile "/etc/httpd/conf/.userdb" 
-Require user valid-user 
-</code> 
- 
-\\ 
-Create password for the user 
-<code bash> 
-htpasswd -c /etc/httpd/conf/.userdb user1 
-</code> 
-  * Prompted for a password 
- 
-\\ 
-Change permissions on the userdb file 
-<code bash> 
-chown :apache /etc/httpd/conf/.userdb 
-chmod 640 /etc/httpd/conf/.userdb 
-</code> 
- 
-\\ 
-Restart Apache 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
-\\ 
-Visit restricted directory 
-<code bash> 
-elinks http://testsite.example.com/user1dir 
-</code> 
-  * elinks may need to be installed first (yum install elinks) 
- 
----- 
  
  • linux_wiki/configure_access_restrictions_on_directories.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)