0

I have an Apache2 setup with mod_userdir and mod_authnz_external+pwauth so that each user can access his home and can be authenticated by his local UNIX credentials.

Now I need some kind of authorization so that each user can, after being authenticated, only access his own home directory, but not those of other users.

The caveat: in my setup, a user is not necessarily the owner of his home directory, so mod_authz_owner won't work here.

Another problem: while Apache sets the %{REMOTE_USER} variable, this is not usable inside <If > directives (or other directives that might help here) because the authentication is done in a very late phase during request processing.

How can I still achieve my goal here with what Apache2 has to offer? Is there e.g. the possibility to extract the user home directory name from %{REQUEST_URI} and pass it to a Require user ... directive? I have not been able to find out how to do this, so any help would be much appreciated. Thanks in advance.

mstud
  • 101
  • FYI: I have resorted to using nginx instead of Apache now. With that, it is very easily done using something like `alias /home/$remote_user/;`. Still, would be interesting if this was possible with Apache as well. – mstud Aug 05 '21 at 12:14
  • i belive your question was already answered [Here](https://serverfault.com/questions/45278/authenticate-in-apache-via-system-account) – djdomi Aug 05 '21 at 14:54
  • djdomi: not exactly. It only shows how to use mod_authnz_external, which never was the issue here. It does not show how to make each logged in user see only his own home directory. – mstud Aug 09 '21 at 05:59

0 Answers0