Securing Apache With Systemd

nightwatch

7/1/23, 2:39 PM

I am trying to secure Apache in a webhosting environment on ubuntu 20.04 server using systemd. My question is: How do i set a variable in path for usernames:

For a single user this works:

ProtectSystem=strict
ReadWritePaths=/var/log/apache2/
ReadWritePaths=/var/run
ReadWritePaths=/home/testuser/public_html
ProtectHome=tmpfs
BindPaths=/home/testuser/public_html

How do I get something like the following to work:

ProtectSystem=strict
ReadWritePaths=/var/log/apache2/
ReadWritePaths=/var/run
ReadWritePaths=/home/$USER/public_html
ProtectHome=tmpfs
BindPaths=/home/$USER/public_html

thanks

0 + 0

apache2

systemd

Thomas Ward

7/1/23, 3:23 PM

You won't be able to pull `$USER` into Apache in these cases, because that's not an env variable that's accepted even if you include an environment file. AppArmor is better designed for these types of configurations, rather than using SystemD to lock it down you might want to look into building an apparmor profile for your deployment that allows the proper access to other directories and rejects others.

nightwatch

7/2/23, 3:01 AM

drats... foiled again! :-) thanks for the feedback.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Securing Apache With Systemd

TH: การรักษาความปลอดภัย Apache ด้วย Systemd

RO: Securizarea Apache cu Systemd

RU: Защита Apache с помощью Systemd

VI: Bảo mật Apache với Systemd

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.