“This file will be destroyed in 15 minutes. Or whatever it was I set the cron job for.”
I have a user who’s rather obsessive about her security and privacy. Which is fine, but as a server admin, I have to figure out how best to fill her requirements. And it’s a fun challenge, too, I’ll admit.
I’m on an XS 0.6 which by default lets you define stuff in /etc/httpd/conf.d/<file>.conf instead of having to throw it into the regular httpd.conf file. Here’s the definition in the regular httpd.conf file (actually httpd-xs.conf on the XS).
# Load config files from the config directory “/etc/httpd/conf.d”.
#
Include conf.d/*.conf
Let’s call this user Jane Bond. Jane often needs to access files she keeps on my server, but sometimes she’s blocked because I run ssh on a non-standard port. What to do? Let’s put Jane in control of her own private, password protected directory in Apache so she can change her password at will. She can even use a cron job to copy the directory to be served by Apache during the hours she needs it and then another cron job to delete everything when she knows she’ll be done.
As the admin, all I need to know is where she wants to keep it and the user name she wants to use to access it. She controls everything else. So, as root, I define Jane’s private Apache directory access parameters in /etc/httpd/conf.d
[root@schoolserver conf.d]# cat jane.conf
<Directory /var/www/html/jane/private>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
AuthName “These are Jane’s Secret Files!”
AuthType Basic
AuthUserFile /var/www/html/jane/private/.htpasswd
Require user hello
</Directory>
I restart httpd and it’s all set up for her.
Jane takes it from here.
She ssh’s into my server and creates /home/jane/private, bearing in mind that everything she puts in that directory will eventually be rsync’ed to her password protected Apache directory.
She creates the password for the user that I defined in her configuration file.
htpasswd -c /home/jane/private/.htpasswd hello
It automatically prompts for the password.
New password:
Re-type new password:
Adding password for user hello
When she’s ready, Jane can simply:
rsync -avh /home/jane/private /var/www/html/jane/
sending incremental file list
private/
private/.htpasswd
private/notes.txt
sent 225 bytes received 54 bytes 558.00 bytes/sec
total size is 40 speedup is 0.14
Now she can go to http://mysite/jane and verify the private directory is not listed in the Directory listing. She’ll have to manually enter http://mysite/jane/private into the browser, enter the username and password to gain access, and now when she goes back to http://mysite/jane it will appear.
At any point, Jane can create a new password by simply
htpasswd -c /home/jane/private/.htpasswd hello
And then rsync to her Apache directory to change the password.