Hello,
I searched a bit but didn't find exactly what I'd like to do.
I'd like to use Apache or other https server to serve up the files in the users /home/users dir when a new user is created. They would get a username and password prompt and jail them into their own /home/user dir. I'd also like to install fail2ban for these logins. Is there a guide someplace for that?
Thanks!

If this is over a lan then you should be using NFS. If this is over the internet then you should be piping NFS through a vpn. Http(s) is designed for serving information, not receiving as far I can tell. It's just not possible. Could you imagine the security implications if it could receive data?

I read something here - https://unix.stackexchange.com/quest...as-file-system - about webdav but I don't know enough about it.

One way to do that is with chrooted SFTP-only accounts combined with Apache2's per-user web directories. Per-User Web Directories are not the only way, you can work out some patterns with the Rewrite Engine.

About the chrooted SFTP, that can be done with a Match statement in /etc/ssh/sshd_config so as to apply only to a group of accounts. So when a new web account is created just make sure that it is in that group and it will get chrooted within SFTP. The one gotcha with those settings is that the chroot target must be owned by root and not writable by any other accounts. That means you'll have to have a special template for creating user accouts so that the permissions are handled correctly. As for handling the permissions correctly, there are several ways to do that.

That will work both on the LAN as well as across the Internet, securely.

1 members found this post helpful.

Webdav can be useful, but I'd sure not trust it for this purpose. And aside from NFS, you could easily also use SSHFS, which would use a further encrypted tunnel. But my question here would be why??? What is your environment like, and what are you trying to accomplish?

'Jailing' a user to their own home directory is easily done, and there are many tutorials:
https://linuxconfig.org/jail-ssh-use...ctory-on-linux

But a lot of things depend on your goals.

You need to expand on what exactly you are trying to do. Not how you think it is done, but what the overall aim is - i.e. are you trying to provide website hosting, or facilitate file sharing, or something else?

You will find a lot of hosting providers have a /home/user/public_html directory and serve that via Apache, allowing the actual home directory to contain non-public config/logs/etc.

There is various hosting management software available that can either make it easier or more difficult (if you work against the grain of how they're designed), so you should clarify what it is you're trying to do.

Sure. I've been playing around with Webmin but I'm not sure it's going to do what I need. To answer some questions, I'd like to have a public server with SSH locked down but be able to point a web browser at "https://x.x.x.x/user1" where "user1" is a real user with "/home/user1". It would pop up username and password for "user1" and list the .csv files I want them to download. No write access is needed. They need to be jailed to their own home dir. It's not hosting a web site, just displaying a clickable link to download .csv files for multiple isolated users. I wanted to just use sFTP with filezilla client or something like that but these users need it as simple as possible.

I'll start looking into some of your suggestions. Thank you.

I'll just put in another word about SFTP: It's hard to get simpler than SFTP via the file manager. There are also more complex options like web-based file managers, but they are more work and less solid than SFTP.

1 members found this post helpful.

As posted the mod_userdir does allow specific users to see files from their home directory and with the auth_basic module can be password protected. I'm not sure about a jailed environment.

Apache also has FTP with tls and certificate authentication

Ok, so the crux of your requirement is this:

* User points their web browser at specific URL.
* Browser prompts for authentication details.
* On success, list the .csv files available for that user to download.

Since you are providing the files this is entirely a web server issue, no need to involve linux jails or home dirs or anything else.

This can be done either within an existing webapp or with pure Apache config - check Apache's documentation on the already mentioned mod_userdir and mod_auth* - and if that doesn't make sense there will be plenty of step-by-step tutorials for it. (Digital Ocean is often a good source for things like this.)

2 members found this post helpful.

Looks like systemd's homed might provide what you're looking for...
(ondoho ducks and runs).

I was able to get "mod_userdir" working from this: https://www.tecmint.com/enable-apach...centos-fedora/
Also password protected from this: https://www.lcn.com/support/articles...with-htaccess/
The .htaccess method works OK but I was hoping to use system authentication. The auth_basic module sounds good but I'm still working on it.