|
Hi, I’m trying to use Apache to essentially replicate the
functionality of our FTP server (we’ve found a lot of customers have corporate
policies/firewalls stopping them accessing FTP but not http/s). The idea is
that each customer has a Linux user created for them and can login with Apache
setup to use mod_auth_shadow. However I want each user to have a directory into
which they can upload files, as well as download. I can see a few possibilities: * Use mod_userdir so each user has a https://servername.com/~username site.
My problem with this is that I’d have to give the apache user rights to
write to user’s home directories to allow uploads, I’m not sure if
this is a good idea security-wise. However this server is single-purpose –
no one except administrators will be logging into it or interacting with it in
any way except through httpd. * Use some kind of module that allows apache to spawn a
sub-process running as the user who logged in through mod_auth_shadow. Does
such a module exist? * Give up on the idea of using user’s home dirs and
create a setup with virtual hosts and a directory owned by the apache user. Eg.
have all user’s files under /var/www/users/<username> and have a
virtual host for each /var/www/users/<username> dir. I’m not sure
how to do this in any automated fashion though – is there a way to coerce
mod_userdir into working like this? Any help/suggestions greatly appreciated. -- Tim Edwards |
|