...
Note |
---|
This is working but has a caveat outlined in purple and a possible bug in AllowOverride which I am documenting. |
htpasswd and the directive AllowOverride in the shared.private directory block will be used to accomplish this.
...
To make his folder more private, kalel makes a request to serveradmin (who has sudo privileges) to make the following changes,
Code Block | ||
---|---|---|
| ||
# assuming the user is serveradmin or any other account with sudo privileges
sudo chmod -R 750 /home/www.krypton.com/shared.private/kalel/
sudo chown -R kalel:www-data /home/www.krypton.com/shared.private/kalel/ |
Now only kalel and user's belong to the group www-data (which is required for the Apache Web Server) can access the folder /home/www.krypton.com/shared.private/kalel/.
Update the virtual host as follows,
Code Block | ||
---|---|---|
| ||
Alias /shared/ "/home/www.krypton.com/shared"
Alias /shared "/home/www.krypton.com/shared"
<Directory /home/www.krypton.com/shared>
# Make this folder browseable
Options +Indexes
</Directory>
Alias /shared.private/ "/home/www.krypton.com/shared.private"
Alias /shared.private "/home/www.krypton.com/shared.private"
<Directory /home/www.krypton.com/shared.private>
# Allow website admin to use .htaccess - http://httpd.apache.org/docs/2.2/mod/core.html,
# AuthConfig - Authentication
# Indexes - Makes directory browseable
# As soon as I introduce Indexes it breaks with error, ".htaccess: Options not allowed here".
#AllowOverride AuthConfig Indexes
# This works but allowing all is a security risk
# AllowOverride All
# Start TEMP solution
# Allow the .htaccess file to allow authentication.
AllowOverride AuthConfig
# For some reason allowing override of indexes does not work in .htaccess so set it manually here. WAIT is this still true?
Options +Indexes
# End TEMP solution
</Directory>
ErrorLog /var/log/apache2/www.krypton.com.error.log |
Reload the configuration file,