Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I searched a bit but didn't find exactly what I'd like to do.
I'd like to use Apache or other https server to serve up the files in the users /home/users dir when a new user is created. They would get a username and password prompt and jail them into their own /home/user dir. I'd also like to install fail2ban for these logins. Is there a guide someplace for that?
Thanks!
If this is over a lan then you should be using NFS. If this is over the internet then you should be piping NFS through a vpn. Http(s) is designed for serving information, not receiving as far I can tell. It's just not possible. Could you imagine the security implications if it could receive data?
One way to do that is with chrooted SFTP-only accounts combined with Apache2's per-user web directories. Per-User Web Directories are not the only way, you can work out some patterns with the Rewrite Engine.
About the chrooted SFTP, that can be done with a Match statement in /etc/ssh/sshd_config so as to apply only to a group of accounts. So when a new web account is created just make sure that it is in that group and it will get chrooted within SFTP. The one gotcha with those settings is that the chroot target must be owned by root and not writable by any other accounts. That means you'll have to have a special template for creating user accouts so that the permissions are handled correctly. As for handling the permissions correctly, there are several ways to do that.
That will work both on the LAN as well as across the Internet, securely.
If this is over a lan then you should be using NFS. If this is over the internet then you should be piping through a vpn. Http(s) is designed for serving information, not receiving as far I can tell. It's just not possible. Could you imagine the security implications if it could receive data?
Webdav can be useful, but I'd sure not trust it for this purpose. And aside from NFS, you could easily also use SSHFS, which would use a further encrypted tunnel. But my question here would be why??? What is your environment like, and what are you trying to accomplish?
You need to expand on what exactly you are trying to do. Not how you think it is done, but what the overall aim is - i.e. are you trying to provide website hosting, or facilitate file sharing, or something else?
You will find a lot of hosting providers have a /home/user/public_html directory and serve that via Apache, allowing the actual home directory to contain non-public config/logs/etc.
There is various hosting management software available that can either make it easier or more difficult (if you work against the grain of how they're designed), so you should clarify what it is you're trying to do.
Sure. I've been playing around with Webmin but I'm not sure it's going to do what I need. To answer some questions, I'd like to have a public server with SSH locked down but be able to point a web browser at "https://x.x.x.x/user1" where "user1" is a real user with "/home/user1". It would pop up username and password for "user1" and list the .csv files I want them to download. No write access is needed. They need to be jailed to their own home dir. It's not hosting a web site, just displaying a clickable link to download .csv files for multiple isolated users. I wanted to just use sFTP with filezilla client or something like that but these users need it as simple as possible.
I'll start looking into some of your suggestions. Thank you.
I'll just put in another word about SFTP: It's hard to get simpler than SFTP via the file manager. There are also more complex options like web-based file managers, but they are more work and less solid than SFTP.
As posted the mod_userdir does allow specific users to see files from their home directory and with the auth_basic module can be password protected. I'm not sure about a jailed environment.
Apache also has FTP with tls and certificate authentication
* User points their web browser at specific URL.
* Browser prompts for authentication details.
* On success, list the .csv files available for that user to download.
Since you are providing the files this is entirely a web server issue, no need to involve linux jails or home dirs or anything else.
This can be done either within an existing webapp or with pure Apache config - check Apache's documentation on the already mentioned mod_userdir and mod_auth* - and if that doesn't make sense there will be plenty of step-by-step tutorials for it. (Digital Ocean is often a good source for things like this.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.