1、个人用户主页的作用是什么?
httpd服务程序提供个人用户主页功能。该功能可以让系统内所有的用户在自己的家目录中管理个人的网站,而且访问起来也非常容易。
2、在httpd服务程序中,默认没有开启个人用户主页功能,需要编辑配置文件进行修改。
在17行 加上#号,去掉24行前面的#号。(UserDir参数表示网站数据在用户家目录中保存目录名称,即public_html目录)
[root@PC1linuxprobe /]# wc -l /etc/httpd/conf.d/userdir.conf 36 /etc/httpd/conf.d/userdir.conf [root@PC1linuxprobe /]# vim /etc/httpd/conf.d/userdir.conf 1 # 2 # UserDir: The name of the directory that is appended onto a user's home 3 # directory if a ~user request is received. 4 # 5 # The path to the end user account 'public_html' directory must be 6 # accessible to the webserver userid. This usually means that ~userid 7 # must have permissions of 711, ~userid/public_html must have permissions 8 # of 755, and documents contained therein must be world-readable. 9 # Otherwise, the client will only receive a "403 Forbidden" message. 10 # 11 <IfModule mod_userdir.c> 12 # 13 # UserDir is disabled by default since it can confirm the presence 14 # of a username on the system (depending on home directory 15 # permissions). 16 # 17 #UserDir disabled 18 19 # 20 # To enable requests to /~user/ to serve the user's public_html 21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html 25 </IfModule> 26 27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html"> 32 AllowOverride FileInfo AuthConfig Limit Indexes 33 Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 34 Require method GET POST OPTIONS 35 </Directory> 36
3、在用户家目录中建立用于保存网站数据的目录及首页面文件,修改权限
[root@PC1linuxprobe /]# su - linuxprobe ## 切换至普通用户 Last login: Thu Nov 5 15:30:20 CST 2020 on :0 [linuxprobe@PC1linuxprobe ~]$ ls Desktop Documents Downloads Music Pictures Public Templates Videos [linuxprobe@PC1linuxprobe ~]$ mkdir public_html ## 创建网站数据目录 [linuxprobe@PC1linuxprobe ~]$ ls Desktop Documents Downloads Music Pictures Public public_html Templates Videos [linuxprobe@PC1linuxprobe ~]$ echo xxyyzzaa > public_html/index.html ## 写入首页文件 [linuxprobe@PC1linuxprobe ~]$ chmod -Rf 755 /home/linuxprobe/ ## 修改权限,使其他用户可以访问
4、重启httpd服务
[linuxprobe@PC1linuxprobe ~]$ su - root Password: Last login: Sun Nov 22 23:36:20 CST 2020 from 192.168.3.4 on pts/0 [root@PC1linuxprobe ~]# systemctl restart httpd
5、在浏览器地址中输入网址,格式为“网址/~用户名”,中间不要用空格,效果如下:
6、使用getsebool命令查询并过滤出所有与HTTP协议相关的安全策略
[root@PC1linuxprobe ~]# getsebool -a | grep http | wc -l 42
1 httpd_anon_write --> off 2 httpd_builtin_scripting --> on 3 httpd_can_check_spam --> off 4 httpd_can_connect_ftp --> off 5 httpd_can_connect_ldap --> off 6 httpd_can_connect_mythtv --> off 7 httpd_can_connect_zabbix --> off 8 httpd_can_network_connect --> off 9 httpd_can_network_connect_cobbler --> off 10 httpd_can_network_connect_db --> off 11 httpd_can_network_memcache --> off 12 httpd_can_network_relay --> off 13 httpd_can_sendmail --> off 14 httpd_dbus_avahi --> off 15 httpd_dbus_sssd --> off 16 httpd_dontaudit_search_dirs --> off 17 httpd_enable_cgi --> on 18 httpd_enable_ftp_server --> off 19 httpd_enable_homedirs --> off 20 httpd_execmem --> off 21 httpd_graceful_shutdown --> on 22 httpd_manage_ipa --> off 23 httpd_mod_auth_ntlm_winbind --> off 24 httpd_mod_auth_pam --> off 25 httpd_read_user_content --> off 26 httpd_run_stickshift --> off 27 httpd_serve_cobbler_files --> off 28 httpd_setrlimit --> off 29 httpd_ssi_exec --> off 30 httpd_sys_script_anon_write --> off 31 httpd_tmp_exec --> off 32 httpd_tty_comm --> off 33 httpd_unified --> off 34 httpd_use_cifs --> off 35 httpd_use_fusefs --> off 36 httpd_use_gpg --> off 37 httpd_use_nfs --> off 38 httpd_use_openstack --> off 39 httpd_use_sasl --> off 40 httpd_verify_dns --> off 41 named_tcp_bind_http_port --> off 42 prosody_bind_http_port --> off
7、使用setsebool命令来修改SElinux策略中规则的布尔值
[root@PC1linuxprobe ~]# setsebool -P httpd_enable_homedirs=on ## -P的作用是立即生效并永久生效 [root@PC1linuxprobe ~]# getsebool -a | grep http | awk '{print NR,$0}'
1 httpd_anon_write --> off 2 httpd_builtin_scripting --> on 3 httpd_can_check_spam --> off 4 httpd_can_connect_ftp --> off 5 httpd_can_connect_ldap --> off 6 httpd_can_connect_mythtv --> off 7 httpd_can_connect_zabbix --> off 8 httpd_can_network_connect --> off 9 httpd_can_network_connect_cobbler --> off 10 httpd_can_network_connect_db --> off 11 httpd_can_network_memcache --> off 12 httpd_can_network_relay --> off 13 httpd_can_sendmail --> off 14 httpd_dbus_avahi --> off 15 httpd_dbus_sssd --> off 16 httpd_dontaudit_search_dirs --> off 17 httpd_enable_cgi --> on 18 httpd_enable_ftp_server --> off 19 httpd_enable_homedirs --> on 20 httpd_execmem --> off 21 httpd_graceful_shutdown --> on 22 httpd_manage_ipa --> off 23 httpd_mod_auth_ntlm_winbind --> off 24 httpd_mod_auth_pam --> off 25 httpd_read_user_content --> off 26 httpd_run_stickshift --> off 27 httpd_serve_cobbler_files --> off 28 httpd_setrlimit --> off 29 httpd_ssi_exec --> off 30 httpd_sys_script_anon_write --> off 31 httpd_tmp_exec --> off 32 httpd_tty_comm --> off 33 httpd_unified --> off 34 httpd_use_cifs --> off 35 httpd_use_fusefs --> off 36 httpd_use_gpg --> off 37 httpd_use_nfs --> off 38 httpd_use_openstack --> off 39 httpd_use_sasl --> off 40 httpd_verify_dns --> off 41 named_tcp_bind_http_port --> off 42 prosody_bind_http_port --> off
8、访问个人网站首页(已经可以访问)
9、为个人网页设置密码
使用htpasswd命令生成密码数据库。
[root@PC1linuxprobe ~]# htpasswd -c /etc/httpd/passwd linuxprobe ## -c 表示第一次生成, /etc/httpd/passwd表示密码数据库的存放文件,linuxprobe为用户 New password: Re-type new password: Adding password for user linuxprobe
10、编辑个人用户主页功能的配置文件
[root@PC1linuxprobe ~]# wc -l /etc/httpd/conf.d/userdir.conf 36 /etc/httpd/conf.d/userdir.conf [root@PC1linuxprobe ~]# vim /etc/httpd/conf.d/userdir.conf 1 # 2 # UserDir: The name of the directory that is appended onto a user's home
3 # directory if a ~user request is received. 4 # 5 # The path to the end user account 'public_html' directory must be 6 # accessible to the webserver userid. This usually means that ~userid 7 # must have permissions of 711, ~userid/public_html must have permissions 8 # of 755, and documents contained therein must be world-readable. 9 # Otherwise, the client will only receive a "403 Forbidden" message. 10 # 11 <IfModule mod_userdir.c>
12 # 13 # UserDir is disabled by default since it can confirm the presence 14 # of a username on the system (depending on home directory 15 # permissions). 16 # 17 #UserDir disabled 18
19 # 20 # To enable requests to /~user/ to serve the user's public_html
21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html 25 </IfModule>
26
27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html">
32 AllowOverride all 33 authuserfile "/etc/httpd/passwd" 34 authname "My provate website" 35 authtype basic 36 require user linuxprobe 37 </Directory>
11、重启httpd服务
[root@PC1linuxprobe ~]# systemctl restart httpd
12、测试效果
13、输入用户及密码(此处的密码是htpasswd命令设置的密码)
可以访问。