1、個人用戶主頁的作用是什么?
httpd服務程序提供個人用戶主頁功能。該功能可以讓系統內所有的用戶在自己的家目錄中管理個人的網站,而且訪問起來也非常容易。
2、在httpd服務程序中,默認沒有開啟個人用戶主頁功能,需要編輯配置文件進行修改。
在17行 加上#號,去掉24行前面的#號。(UserDir參數表示網站數據在用戶家目錄中保存目錄名稱,即public_html目錄)
[root@PC1linuxprobe /]# wc -l /etc/httpd/conf.d/userdir.conf 36 /etc/httpd/conf.d/userdir.conf [root@PC1linuxprobe /]# vim /etc/httpd/conf.d/userdir.conf 1 # 2 # UserDir: The name of the directory that is appended onto a user's home 3 # directory if a ~user request is received. 4 # 5 # The path to the end user account 'public_html' directory must be 6 # accessible to the webserver userid. This usually means that ~userid 7 # must have permissions of 711, ~userid/public_html must have permissions 8 # of 755, and documents contained therein must be world-readable. 9 # Otherwise, the client will only receive a "403 Forbidden" message. 10 # 11 <IfModule mod_userdir.c> 12 # 13 # UserDir is disabled by default since it can confirm the presence 14 # of a username on the system (depending on home directory 15 # permissions). 16 # 17 #UserDir disabled 18 19 # 20 # To enable requests to /~user/ to serve the user's public_html 21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html 25 </IfModule> 26 27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html"> 32 AllowOverride FileInfo AuthConfig Limit Indexes 33 Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 34 Require method GET POST OPTIONS 35 </Directory> 36
3、在用戶家目錄中建立用於保存網站數據的目錄及首頁面文件,修改權限
[root@PC1linuxprobe /]# su - linuxprobe ## 切換至普通用戶 Last login: Thu Nov 5 15:30:20 CST 2020 on :0 [linuxprobe@PC1linuxprobe ~]$ ls Desktop Documents Downloads Music Pictures Public Templates Videos [linuxprobe@PC1linuxprobe ~]$ mkdir public_html ## 創建網站數據目錄 [linuxprobe@PC1linuxprobe ~]$ ls Desktop Documents Downloads Music Pictures Public public_html Templates Videos [linuxprobe@PC1linuxprobe ~]$ echo xxyyzzaa > public_html/index.html ## 寫入首頁文件 [linuxprobe@PC1linuxprobe ~]$ chmod -Rf 755 /home/linuxprobe/ ## 修改權限,使其他用戶可以訪問
4、重啟httpd服務
[linuxprobe@PC1linuxprobe ~]$ su - root Password: Last login: Sun Nov 22 23:36:20 CST 2020 from 192.168.3.4 on pts/0 [root@PC1linuxprobe ~]# systemctl restart httpd
5、在瀏覽器地址中輸入網址,格式為“網址/~用戶名”,中間不要用空格,效果如下:
6、使用getsebool命令查詢並過濾出所有與HTTP協議相關的安全策略
[root@PC1linuxprobe ~]# getsebool -a | grep http | wc -l 42
1 httpd_anon_write --> off 2 httpd_builtin_scripting --> on 3 httpd_can_check_spam --> off 4 httpd_can_connect_ftp --> off 5 httpd_can_connect_ldap --> off 6 httpd_can_connect_mythtv --> off 7 httpd_can_connect_zabbix --> off 8 httpd_can_network_connect --> off 9 httpd_can_network_connect_cobbler --> off 10 httpd_can_network_connect_db --> off 11 httpd_can_network_memcache --> off 12 httpd_can_network_relay --> off 13 httpd_can_sendmail --> off 14 httpd_dbus_avahi --> off 15 httpd_dbus_sssd --> off 16 httpd_dontaudit_search_dirs --> off 17 httpd_enable_cgi --> on 18 httpd_enable_ftp_server --> off 19 httpd_enable_homedirs --> off 20 httpd_execmem --> off 21 httpd_graceful_shutdown --> on 22 httpd_manage_ipa --> off 23 httpd_mod_auth_ntlm_winbind --> off 24 httpd_mod_auth_pam --> off 25 httpd_read_user_content --> off 26 httpd_run_stickshift --> off 27 httpd_serve_cobbler_files --> off 28 httpd_setrlimit --> off 29 httpd_ssi_exec --> off 30 httpd_sys_script_anon_write --> off 31 httpd_tmp_exec --> off 32 httpd_tty_comm --> off 33 httpd_unified --> off 34 httpd_use_cifs --> off 35 httpd_use_fusefs --> off 36 httpd_use_gpg --> off 37 httpd_use_nfs --> off 38 httpd_use_openstack --> off 39 httpd_use_sasl --> off 40 httpd_verify_dns --> off 41 named_tcp_bind_http_port --> off 42 prosody_bind_http_port --> off
7、使用setsebool命令來修改SElinux策略中規則的布爾值
[root@PC1linuxprobe ~]# setsebool -P httpd_enable_homedirs=on ## -P的作用是立即生效並永久生效 [root@PC1linuxprobe ~]# getsebool -a | grep http | awk '{print NR,$0}'
1 httpd_anon_write --> off 2 httpd_builtin_scripting --> on 3 httpd_can_check_spam --> off 4 httpd_can_connect_ftp --> off 5 httpd_can_connect_ldap --> off 6 httpd_can_connect_mythtv --> off 7 httpd_can_connect_zabbix --> off 8 httpd_can_network_connect --> off 9 httpd_can_network_connect_cobbler --> off 10 httpd_can_network_connect_db --> off 11 httpd_can_network_memcache --> off 12 httpd_can_network_relay --> off 13 httpd_can_sendmail --> off 14 httpd_dbus_avahi --> off 15 httpd_dbus_sssd --> off 16 httpd_dontaudit_search_dirs --> off 17 httpd_enable_cgi --> on 18 httpd_enable_ftp_server --> off 19 httpd_enable_homedirs --> on 20 httpd_execmem --> off 21 httpd_graceful_shutdown --> on 22 httpd_manage_ipa --> off 23 httpd_mod_auth_ntlm_winbind --> off 24 httpd_mod_auth_pam --> off 25 httpd_read_user_content --> off 26 httpd_run_stickshift --> off 27 httpd_serve_cobbler_files --> off 28 httpd_setrlimit --> off 29 httpd_ssi_exec --> off 30 httpd_sys_script_anon_write --> off 31 httpd_tmp_exec --> off 32 httpd_tty_comm --> off 33 httpd_unified --> off 34 httpd_use_cifs --> off 35 httpd_use_fusefs --> off 36 httpd_use_gpg --> off 37 httpd_use_nfs --> off 38 httpd_use_openstack --> off 39 httpd_use_sasl --> off 40 httpd_verify_dns --> off 41 named_tcp_bind_http_port --> off 42 prosody_bind_http_port --> off
8、訪問個人網站首頁(已經可以訪問)
9、為個人網頁設置密碼
使用htpasswd命令生成密碼數據庫。
[root@PC1linuxprobe ~]# htpasswd -c /etc/httpd/passwd linuxprobe ## -c 表示第一次生成, /etc/httpd/passwd表示密碼數據庫的存放文件,linuxprobe為用戶 New password: Re-type new password: Adding password for user linuxprobe
10、編輯個人用戶主頁功能的配置文件
[root@PC1linuxprobe ~]# wc -l /etc/httpd/conf.d/userdir.conf 36 /etc/httpd/conf.d/userdir.conf [root@PC1linuxprobe ~]# vim /etc/httpd/conf.d/userdir.conf 1 # 2 # UserDir: The name of the directory that is appended onto a user's home
3 # directory if a ~user request is received. 4 # 5 # The path to the end user account 'public_html' directory must be 6 # accessible to the webserver userid. This usually means that ~userid 7 # must have permissions of 711, ~userid/public_html must have permissions 8 # of 755, and documents contained therein must be world-readable. 9 # Otherwise, the client will only receive a "403 Forbidden" message. 10 # 11 <IfModule mod_userdir.c>
12 # 13 # UserDir is disabled by default since it can confirm the presence 14 # of a username on the system (depending on home directory 15 # permissions). 16 # 17 #UserDir disabled 18
19 # 20 # To enable requests to /~user/ to serve the user's public_html
21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html 25 </IfModule>
26
27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html">
32 AllowOverride all 33 authuserfile "/etc/httpd/passwd" 34 authname "My provate website" 35 authtype basic 36 require user linuxprobe 37 </Directory>
11、重啟httpd服務
[root@PC1linuxprobe ~]# systemctl restart httpd
12、測試效果
13、輸入用戶及密碼(此處的密碼是htpasswd命令設置的密碼)
可以訪問。