From the comments: Apache + UserDir + Chroot on OpenBSD

In the comments on the OpenBSD 4.6 OAMP article, azhax and I hashed out how to get UserDir functioning in a chroot. I don't usually need UserDir, but it's a common configuration for multi-user systems such as those found at universities and ISPs. It's definitely worth covering.

UserDir is the configuration directive in Apache that lets you use tilde shortcuts for users' web directories. ex. http://some.server.edu/~axon/

The first thing you need to do is realize that when Apache is running in a chroot in the default OpenBSD install, Apache can't access anything outside of /var/www. The default OpenBSD apache install comes with a directory created for this: /var/www/users

First, edit /var/www/conf/httpd.conf and uncomment the "UserDir /var/www/users" line, and delete or comment out the "UserDir disabled" line. Use whatever editor you're happy with, but you may need to chmod it first, or use :w! in vi, since the file is read-only.

Then, I created a directory for my user account, gave myself ownership of the directory and created a public_html symlink to my home-directory. Keep in mind some ftp servers do not like to follow symlinks in the name of security, but SCP or SFTP might do just fine with this.

$ sudo mkdir /var/www/users/axon
$ sudo chown axon /var/www/users/axon
$ sudo ln -s /var/www/users/axon ~axon/public_html

And finally, I restarted apache. "apachectl restart" doesn't always work properly, so start it manually after stopping it with apachectl.
$ sudo apachectl stop
$ sudo /usr/sbin/httpd

Thanks go to azhax for asking how this one is done. It's definitely more involved than your average Ubuntu Server install, where only a public_html directory is needed in users' home directories and little else. If you find that most of your users will need web directories, you may want to create a script to put in /usr/local/sbin that you can run with sudo after running adduser just to make it a little easier.
#syntax: addwebdir.sh [username]
mkdir /var/www/users/$1
chown $1 /var/www/users/$1
ln -s /var/www/users/$1 ~$1/public_html

blog comments powered by Disqus