Score:1

Securing Apache With Systemd

tr flag

I am trying to secure Apache in a webhosting environment on ubuntu 20.04 server using systemd. My question is: How do i set a variable in path for usernames:

For a single user this works:

ProtectSystem=strict
ReadWritePaths=/var/log/apache2/
ReadWritePaths=/var/run
ReadWritePaths=/home/testuser/public_html
ProtectHome=tmpfs
BindPaths=/home/testuser/public_html

How do I get something like the following to work:

ProtectSystem=strict
ReadWritePaths=/var/log/apache2/
ReadWritePaths=/var/run
ReadWritePaths=/home/$USER/public_html
ProtectHome=tmpfs
BindPaths=/home/$USER/public_html

thanks

ru flag
You won't be able to pull `$USER` into Apache in these cases, because that's not an env variable that's accepted even if you include an environment file. AppArmor is better designed for these types of configurations, rather than using SystemD to lock it down you might want to look into building an apparmor profile for your deployment that allows the proper access to other directories and rejects others.
nightwatch avatar
tr flag
drats... foiled again! :-) thanks for the feedback.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.