Per-user directories with password protection (apache)
 

Basically, I've got a directory set up under my document-root called Users with directories inside it for different users. I have WebDAV enabled and set to give access to any user with a directory inside Users. The users are required to login before they access their shares, but any user on the system can access anyone elses share. How do I make it so that each user has to log in with his own username to access his share? Here is the relevant section of my httpd.conf:

UserDir /var/web/hosts/myserver/users/*

<Directory /var/web/hosts/myserver/users/*>
DAV On

Options Indexes

AllowOverride None
AuthUserFile /var/web/.htaccess/myserver/.htpasswd
AuthType basic
AuthName "Home Directory"

<Limit POST GET PUT MKCOL COPY>
Require valid-user
</Limit>
</Directory>

The Require valid-user clause allows any user with a valid login on the server to access a user's directory.

for example, if the user 'fred' tried to access http://ww.myserver.com/~jim, all he would have to do is login as fred and be able to access Jim's files, how do I get around this? Thanks.

Check out this page, its not full proof but its a way to redirect the user to their specific page or directory: http://www.ssi-developer.net/ssi/ssi-redirect.shtml

The only problem is if you have just a basic .htaccess file in the directory with all username and passwords, the only way around this is to create separate .htaccess for each users directory, with only their username and password in the .htpasswd file, etc.

Hope this helps any!

Cheers.