linux_wiki:configure_access_restrictions_on_directories

This is an old revision of the document!

Configure Access Restrictions On Directories

General Information

Access restrictions on Apache Web Server/private directories.

Lab Setup

The following virtual machines will be used:

  • server1.example.com (192.168.1.150) → Perform all connectivity tests from here
  • server2.example.com (192.168.1.151) → Install Apache Web Server here

Prerequisite: Basic Setup


Setup host name resolution (Most likely not needed on exam as they should have proper DNS) 

vim /etc/hosts
 
192.168.1.150 server1 testsite.example.com
  • IP Address will differ depending upon network setup


Change website name in main config file 

vim /etc/httpd/conf/httpd.conf
 
ServerAdmin root@testsite.example.com
ServerName testweb.example.com


Check syntax 

apachectl configtest


Apply Config 

apachectl restart

Restrict Access to a Directory

Setup Directory and SELinux

Create a directory 

mkdir /var/user1dir


Change permissions 

chown user1:user1 /var/user1dir
chmod 711 /var/user1dir


Create an index file 

echo "This is user1's index.html" > /var/user1dir/index.html


SELinux: Check normal httpd content contexts vs new directory 

ls -lZ /var/www
 
ls -lZ /var/user1dir
  • You will see that /var/www/html has “httpd_sys_content_t” and /var/user1dir/index.html does not. This will need to be changed.


SELinux: Give new directory the correct SELinux httpd context 

semanage fcontext -at httpd_sys_content_t "/var/user1dir(/.*)?"
restorecon -Rv /var/user1dir/

Restrict Access

Change document root 

vim /etc/httpd/conf/httpd.conf
 
DocumentRoot "/var"


Allow an “AuthConfig” override (htaccess file) for the /var/user1dir file 

<Directory /var/user1dir>
  AllowOverride AuthConfig
</Directory>


Create htaccess file in user1's directory 

vim /var/user1dir/.htaccess
 
AuthType Basic
AuthName "Password Protected Private Dir - Enter Login Credentials:"
AuthUserFile "/etc/httpd/conf/.userdb"
Require user valid-user


Create password for the user 

htpasswd -c /etc/httpd/conf/.userdb user1
  • Prompted for a password


Change permissions on the userdb file 

chown :apache /etc/httpd/conf/.userdb
chmod 640 /etc/httpd/conf/.userdb


Restart Apache 

systemctl restart httpd


Visit restricted directory 

elinks http://testsite.example.com/user1dir
  • elinks may need to be installed first (yum install elinks)
  • linux_wiki/configure_access_restrictions_on_directories.1523133715.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)