Apache for Secret Agents

“This file will be destroyed in 15 minutes.  Or whatever it was I set the cron job for.”

I have a user who’s rather obsessive about her security and privacy.  Which is fine, but as a server admin, I have to figure out how best to fill her requirements.  And it’s a fun challenge, too, I’ll admit.

I’m on an XS 0.6 which by default lets you define stuff in /etc/httpd/conf.d/<file>.conf instead of having to throw it into the regular httpd.conf file.  Here’s the definition in the regular httpd.conf file (actually httpd-xs.conf on the XS).

# Load config files from the config directory “/etc/httpd/conf.d”.
Include conf.d/*.conf

Let’s call this user Jane Bond.  Jane often needs to access files she keeps on my server, but sometimes she’s blocked because I run ssh on a non-standard port.  What to do?  Let’s put Jane in control of her own private, password protected directory in Apache so she can change her password at will.  She can even use a cron job to copy the directory to be served by Apache during the hours she needs it and then another cron job to delete everything when she knows she’ll be done.

As the admin, all I need to know is where she wants to keep it and the user name she wants to use to access it.  She controls everything else.  So, as root, I define Jane’s private Apache directory access parameters in /etc/httpd/conf.d

[root@schoolserver conf.d]# cat jane.conf
<Directory /var/www/html/jane/private>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride AuthConfig
  AuthName “These are Jane’s Secret Files!”
  AuthType Basic
  AuthUserFile /var/www/html/jane/private/.htpasswd
  Require user hello

I restart httpd and it’s all set up for her.

Jane takes it from here. 

She ssh’s into my server and creates /home/jane/private, bearing in mind that everything she puts in that directory will eventually be rsync’ed to her password protected Apache directory.

She creates the password for the user that I defined in her configuration file.

htpasswd -c /home/jane/private/.htpasswd hello

It automatically prompts for the password.

New password:
Re-type new password:
Adding password for user hello

When she’s ready, Jane can simply:

rsync -avh /home/jane/private /var/www/html/jane/
sending incremental file list

sent 225 bytes  received 54 bytes  558.00 bytes/sec
total size is 40  speedup is 0.14

Now she can go to http://mysite/jane and verify the private directory is not listed in the Directory listing.  She’ll have to manually enter http://mysite/jane/private into the browser, enter the username and password to gain access, and now when she goes back to http://mysite/jane it will appear.

At any point, Jane can create a new password by simply

htpasswd -c /home/jane/private/.htpasswd hello

And then rsync to her Apache directory to change the password.

Leave a Reply