apache add virtual directory webpages permissions

[TOC]

Install Apache2 and PHP

IF you've already installed apache (and it requires the user auth modules)

apt-get download apache2.2-common
apt-get install apache2

and install php: http://www.debianadmin.com/apache2-web-server-with-php-support-in-ubuntu.html

apt-get install php5
apt-cache search mod-php
apt-get install libapache2-mod-php5

Configure Apache2 Virtual Directory

add custom pages to our apache/trac

Alias /webpages/ "/trac-root/webpages/"

because /trac-root/webpages is not in the /var/www

  <Directory /trac-root/webpages/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all
                AuthName "THIS IS A PROTECTED FOLDER"
                AuthType Basic
                AuthUserFile /trac-root/userlist.password
                Require valid-user
  </Directory>

The above allows Directory Browsing, follow sym links allows symbolic links, multiviews allows the server to "understand" that if /dirname doesn't exist to look for dirname.htm/html/php

Permissions

proper permissions for files in the /webpages/ directory should be chown root webpages

or owner nobody for security

chgrp www-data webpages

allows apache to use the dir

more specifically

chmod 450 webpages

( = chmod g+r webpages AND chmod g+x webpages but reducing "owner" & "other" to minimum)

(WE NEED THE EXECUTE PERMISSIONS on the directory)

A more secure production example

nano /etc/apache2/sites-available/default

Alias /webpages/ "/trac-root/webpages/"

because /trac-root/webpages is not in the /var/www

  <Directory /trac-root/webpages/>
                Options None
                AllowOverride None
                Order allow,deny
                Allow from all
                AuthName "THIS IS A PROTECTED FOLDER"
                AuthType Basic
                AuthUserFile /trac-root/userlist.password
                Require valid-user
  </Directory>

Validating the configuration

/etc/init.d/apache2reload       (maybe unnecessary as it reload modules?)
/etc/init.d/apache2 restart     (or apache2ctl graceful)

And then browse to http://domain/webpages (or http://127.0.0.1/webpages even!)

Optimization and Security references

• http://drupal.org/node/104847
• http://phplens.com/lens/php-book/optimizing-debugging-php.php
• PHP CODE WRITING SECURITY http://www.peachpit.com/articles/article.aspx?p=712187
• apache security continued http://www.petefreitag.com/item/505.cfm