Basic Authentication

Build a user called "tom" to experiment with. Use

adduser tom

You also need to have the apache service (httpd) running.

Make sure your httpd.conf file supports User public_html directories. Look through the /etc/httpd/conf.d/userdir.conf file for a line:

  UserDir disable

    #UserDir public_html

With the user "tom" you created, create a public_html directory in tom's home directory, and create a file p1.html in the public_html. The contents of this file should be:

<html>
<body>
<h1>TOM</h1>
<p>
Document body goes here.
</p>
</body>
</html>

Change the appropriate permissions on the /home/tom directories and files by the minimum amount possible to give apache permission to use the file.

Finally, SELinux is enabled in enforcing mode in Fedora 15 by default. This means you need even more security to overcome (configure). You need to make sure that the SELinux boolean httpd_read_user_content is enabled. By default SELinux is forbidden from reading any file in /home. Check with

getsebool  httpd_read_user_content

setsebool -P httpd_read_user_content 1

IN ALL CASES ENSURE tom owns ALL FILES AND DIRECTORIES in /home/tom AT ALL TIMES. Give yourself a break and do "su - tom" when you want to create stuff in /home/tom, then CTRL-D back to root for the admin stuff...

Create the following directories, each of which must be executable by others:

• /home/tom/public_html/richard
• /home/tom/public_html/harry

In each of these new directories create a file similar to p1.html, but called:

• /home/tom/public_html/richard/p2.html
• /home/tom/public_html/harry/p3.html

In "richard/p2.html" replace the word TOM with RICHARD. In "harry/p3.html" replace the word TOM with HARRY. Case is important.

Create a password file for basic authentication. Remember this has nothing to do with normal unix users, and even less to do with /etc/passwd!

The htpasswd command allows you to create the file, and to add users to the file. Use it to create a basic authentication password file called "/home/tom/webpasswd". Put into this file two users with the following passwords:

User: richard              Password: pass1
User: harry                Password: pass2

Secure the public_html/richard directory so only a user with the basic authentication details of richard, password pass1, can access the files.

Secure the public_html/harry directory so only a user with the basic authentication details of group "magic" can access the contents.

To answer this question, create a group file "/home/tom/webgroup" with the following contents:

magic: richard harry

Make sure in the .htaccess file in the harry directory you use only "Require group" and not some sort of "Require user" command. And make sure all files in /home/tom are owned by tom...

1. Add to your webpasswd file an extra user, "jim", with password "walton".
2. Create a directory in public_html for "jim", called "jim", and create a file "p4.html" which is a copy of "p1.html" except you need to replace the word "TOM" with "JIM".
3. Protect this directory with basic authentication (similar to harry), but this time configure it so that that access is only permitted by either user "jim" from 10.200.0.1, or user "harry" from 127.0.0.1. Do not use any implicit requires (i.e. say RequireAny or RequireAll rather than relying on the defaults).