Score:0

Apache2 mod_userdir+mod_authnz_external, how to limit access to own home

de flag

I have an Apache2 setup with mod_userdir and mod_authnz_external+pwauth so that each user can access his home and can be authenticated by his local UNIX credentials.

Now I need some kind of authorization so that each user can, after being authenticated, only access his own home directory, but not those of other users.

The caveat: in my setup, a user is not necessarily the owner of his home directory, so mod_authz_owner won't work here.

Another problem: while Apache sets the %{REMOTE_USER} variable, this is not usable inside <If > directives (or other directives that might help here) because the authentication is done in a very late phase during request processing.

How can I still achieve my goal here with what Apache2 has to offer? Is there e.g. the possibility to extract the user home directory name from %{REQUEST_URI} and pass it to a Require user ... directive? I have not been able to find out how to do this, so any help would be much appreciated. Thanks in advance.

de flag
FYI: I have resorted to using nginx instead of Apache now. With that, it is very easily done using something like `alias /home/$remote_user/;`. Still, would be interesting if this was possible with Apache as well.
djdomi avatar
za flag
i belive your question was already answered [Here](https://serverfault.com/questions/45278/authenticate-in-apache-via-system-account)
de flag
djdomi: not exactly. It only shows how to use mod_authnz_external, which never was the issue here. It does not show how to make each logged in user see only his own home directory.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.