In a previous post I wrote a tutorial for quickly setting up a LAMP server. One of the reasons you might want to do this is to create a web hosting server. If you follow the steps in the article, then right now only you can upload files to the server. This post will talk about setting up users, configuring Apache to allow user directories, giving users access to one MySQL database and setting up SFTP access. If you’ve used web hosting before, you’ll find this feature list pretty bare by comparison, but again, since this is just undergraduate research, I am only doing this for the purpose of learning.
Set Up User Directories in Apache
User directories in Apache is what allows you to have multiple users with their own web space on your web server. Visitors will be able to navigate to http://yourserver.com/~username to visit their site. This feature is disabled by default, however it is a simple edit of the config file to enable it. To do so, open the Apache config file in your favorite text editor. On CentOS, this file is located here (by default):
Open this file and around line 374 you should see something like:
<IfModule mod_userdir.c> ... UserDir disabled root ... UserDir public_html </IfModule>
It may be commented out with ‘#’, in which case all you would need to do is remove the ‘#’ in front of the above 4 lines. What the above code will do will enable user directories and if any of your users have a public_html folder, that will be the root of the web space. Once you have uncommented these lines, you will need to restart Apache for the changes to take effect. Do this by typing:
service httpd restart
To test if it worked, we will need to create an index.html file inside your public_html folder. Navigate to your home directory, usually located at /home/username. Then make a folder called ‘public_html’. To do this type (replace username with your own username):
cd /home/username mkdir pubilc_html cd public_html touch index.html
Now open up index.html in your favorite text editor. You can put anything in the HTML file if know HTML already, but in case you don’t, or need a quick refresher, here is a basic HTML page:
<!doctype html> <html> <head> <title>Welcome to my web site!</title> </head> <body> <h1>Welcome!</h1> <p>If you can see this, then I have successfully created user directories with Apache! Woohoo!</p> </body> </html>
Now you should be able to navigate to http://yourserver/~username and you will see the above web page that you created. The ‘~’ is required with the way we have set up Apache, however it is possible to set Apache up in a way so you don’t need it. That is out of the scope of this tutorial, as is HTML.
If you would like to test that PHP is working, you can create a .php file and write whatever test code you want in it. You could choose to echo something, or run the phpinfo(); function. In the real world, if you used phpinfo(); make sure to delete the script once you have finished tesing, as phpinfo(); reveals a lot of information about your server, which is useful to hackers 😉
403 Error Forbidden
If you get an error 403, it means there is a permissions problem. This is fairly easy to solve, it just means setting the user directory on Linux permissions to 755. To do this type:
chmod 755 /home/username
Replacing username with your own username. Later on I will show you how to automate this process with a bash script (since the whole point is to have multiple users).
Since you will have multiple users and not all of them will want to use Linux/SSH to manage their files, we will need to set up remote access through SFTP. SFTP stands for Secure File Transfer Protocol. It’s pretty much the same thing as FTP, except that it is more secure! This is the recommended way to transfer files, but if you’ve used web hosting before, especially shared hosting, you will find that a lot of them allow FTP as well.
To enable SFTP access you will need to modify the SSH config file, which on CentOS is usually located here:
Find the line that says:
Subsystem sftp /usr/libexec/openssh/sftp-server
and comment it out by adding a ‘#’ before it. Then add the following line underneath it:
Subsystem sftp internal-sftp
Next, save and close the config file and restart the SSH service by typing:
service sshd restart
The next thing we need to do is create a working directory for SFTP in the user’s home folder. To do this type:
cd /home/username mkdir sftp
The next thing we will need to do is test the connection. We can do this on another computer with an FTP client, or you can use an FTP client on the same machine. I recommend FileZilla as it has a great interface and works on Windows, Mac and Linux. Any FTP client should work as long as it supports SFTP. To connect to your server, use these details:
Host: <Your host IP address or Domain Name>
Port: 23 (by default)
Username: <Your CentOS username>
Password: <Your CentOS password>
When you connect, you should be able to view your home directory, including the public_html folder you created. You should also test that you can upload something into the public_html folder as well. If so, then you’re all set. If not, there may be a permissions problem. To make sure the permissions are set correctly, type these commands into a terminal:
chown username /home/username/sftp chmod 755 /home/username chown username /home/username/public_html
Replace username with your Linux username. With the current configuration, all your users can log in with SFTP and browse files on the entire server. This is really insecure and you should chroot and jail SFTP users. Unfortunately I was on a schedule and ran out of time before I could figure out how to get this working. It should be noted that even though users can view other files, they can only modify files they own, so for a test environment, it should be okay.
Add a MySQL Database
The next thing we will do is create a MySQL database for the user. On regular web hosting, especially paid hosting you get more than one database. For the purpose of learning, we will only be using one database and later on you can look into easier ways of allowing the user to create databases themselves. To create the database, we will first need to open up the MySQL console by typing:
mysql -u root -p
You will be asked for the root user password. This is different from the root Linux user, so make sure you remember what you used when you set up MySQL, as it is a pain to reset it! Next, we will type some SQL to create a database and a user and give that user permissions to do whatever they like with the database. In the SQL code, replace ‘username’ with the Linux username you wish to use, or you can create a new one. Typing a semicolon denotes the end of a statement in SQL, so when you press enter, it will execute that statement. If you will to execute all statements at once, you can type them on one line, instead of pressing enter. The SQL we will use is:
CREATE DATABASE IF NOT EXISTS username; GRANT USAGE ON *.* TO [email protected] IDENTIFIED BY 'username'; GRANT ALL PRIVILEGES ON username.* TO [email protected]; FLUSH PRIVILEGES
This will create a database with the same name as your username. If you wish to change the name of the database I have highlighted in green where the actual database name is. The password is also the same as the username, but if you wish to change that also, I have highlighted that in red.
This is a really long post and a lot to take in so I will end it here. In the next post, I will talk about installing phpMyAdmin to test and manage the database. I will also talk about writing bash scripts to automate adding and removing users.