If there are multiples users on a web server, each user may be allowed to host a web site in his home directory. By this way the to access the web site hosted in the home directory of safeer on the server www.myhostingteam.net use the URL: http://www.myhostingteam.net/~safeer. This is most often used in Universities and research labs, where each staff/scholar will have a user account in the organization's web server.
Apache HTTPD
In apache, this is achieved by using the UserDir directive. This feature will be disabled by default. The web contents will be supplied from the directory public_html inside the users home directory. The directive for this is:
UserDir public_html
This directive will be commented out by default. If the directory path does not start with a leading slash, the path will be considered relative to the user home directory.In this case the user direcory can be anywhere in the file system. Apache will search the user database (/etc/passwd) to find out the home directory of the user and will fetch the web contents from the public_html subdirectory there.
If the path starts with a leading slash, apache will not search the user database, instead the path will be constructed by appending the username to the path given. That is, if
UserDir /home
when you access http://www.myhostingteam.net/~safeer the contents will be supplied from /home/safeer. This setting has a disadvantage that every world readable file and world executable directory in your home directory will be accessible to the public, if they know that such a file or directory exists. Another disadvantage(?) is that apache will treat every directory under /home as a user. That is, if i create a directory "nouser" in the home directory and the public_html stuff under that, the contents can be accessed as http://www.myhostingteam.net/~nouser.
We can solve the first of these issues by using another format for UserDir:
UserDir /home/*/public_html
The asteric (*) will be replaced by the username. In this and the first approach, only the subdirectory public_html will be accessible by apache, and this is a better choice from a security point of view.
For UserDir to work, the file system permissions should be set properly:
The home directory should be world executable ( chmod 711/a+x),
The files/directories under/including public_html should be world readable & executable ( chmod 755/a+rx).
We can restrict which user has permission to use this feature by using additional UserDir directives.
As in any access restriction scheme there are two approaches here, mostly open and mostly closed.
Mostly Open:
All users will be granted access, except for somebody,
UserDir disabled safeer nebu
Here, all users except safeer & nebu will be granted access
Mostly Closed:
All users will be granted access, except for somebody,
UserDir disabled
UserDir enabled safeer nebu
Here, all users except safeer & nebu will be denied access
By default the feature is disabled by the single directive UserDir disabled. If a user is listed in both disabled and enabled, he will be denied access.
Tomcat
In tomcat, the user web application configurations(and many other features) are configured using the Listener element which is included in the Host element. A "className" attribute of the Listener element determines what feature is to be implemented. For per user web applications, the className attribute will be "org.apache.catalina.startupe.UserConfig".
Here we have two approaches , in the first user home directory information is collected from the password database (/etc/passwd) and in the second all directories under a particular directory will be considered as user home directories. The later approach is used mainly in windows and other systems that do not have /etc/passwd user database. This approaches are implemented using the userClass attribute of the Listener element. A "directoryName" attribute is used to specify the name of the directory under user home directory where the user web applications will be deployed.
First Scenario:
<Host name=. . . . . . . . . . >
. . . . . . . .
< Listener className="org.apache.catalina.startup.UserConfig"
directoryName="public_html"
userClass="org.apache.catalina.startup.PasswdUserDatabase" />
. . . . . . . . . . . . < /Host>
Second Scnario:
< Host name=. . . . . . . . . . >
. . . . . . . .
< Listener className="org.apache.catalina.startup.UserConfig"
directoryName="public_html"
homeBase="C:\TomcatHomes
userClass="org.apache.catalina.startup.HomesUserDatabase" / >
. . . . . . . . . . . . < /Host>
In the first scenario, contents for the request to http://www.myhostingteam.net/~safeer will be
rendered from /home/safeer/public_html where as in second scenario it will be from C:\TomcatHomes\safeer\public_html
No comments:
Post a Comment