linux 系统中个人用户主页功能

1、个人用户主页的作用是什么？

httpd服务程序提供个人用户主页功能。该功能可以让系统内所有的用户在自己的家目录中管理个人的网站，而且访问起来也非常容易。

2、在httpd服务程序中，默认没有开启个人用户主页功能，需要编辑配置文件进行修改。

在17行 加上#号，去掉24行前面的#号。（UserDir参数表示网站数据在用户家目录中保存目录名称，即public_html目录）

[root@PC1linuxprobe /]# wc -l /etc/httpd/conf.d/userdir.conf
36 /etc/httpd/conf.d/userdir.conf
[root@PC1linuxprobe /]# vim /etc/httpd/conf.d/userdir.conf
  1 #
  2 # UserDir: The name of the directory that is appended onto a user's home
  3 # directory if a ~user request is received.
  4 #
  5 # The path to the end user account 'public_html' directory must be
  6 # accessible to the webserver userid.  This usually means that ~userid
  7 # must have permissions of 711, ~userid/public_html must have permissions
  8 # of 755, and documents contained therein must be world-readable.
  9 # Otherwise, the client will only receive a "403 Forbidden" message.
 10 #
 11 <IfModule mod_userdir.c>
 12     #
 13     # UserDir is disabled by default since it can confirm the presence
 14     # of a username on the system (depending on home directory
 15     # permissions).
 16     #
 17     #UserDir disabled
 18
 19     #
 20     # To enable requests to /~user/ to serve the user's public_html
 21     # directory, remove the "UserDir disabled" line above, and uncomment
 22     # the following line instead:
 23     #
 24     UserDir public_html
 25 </IfModule>
 26
 27 #
 28 # Control access to UserDir directories.  The following is an example
 29 # for a site where these directories are restricted to read-only.
 30 #
 31 <Directory "/home/*/public_html">
 32     AllowOverride FileInfo AuthConfig Limit Indexes
 33     Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
 34     Require method GET POST OPTIONS
 35 </Directory>
 36

3、在用户家目录中建立用于保存网站数据的目录及首页面文件，修改权限

[root@PC1linuxprobe /]# su - linuxprobe   ## 切换至普通用户
Last login: Thu Nov  5 15:30:20 CST 2020 on :0
[linuxprobe@PC1linuxprobe ~]$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
[linuxprobe@PC1linuxprobe ~]$ mkdir public_html  ## 创建网站数据目录
[linuxprobe@PC1linuxprobe ~]$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  public_html  Templates  Videos
[linuxprobe@PC1linuxprobe ~]$ echo xxyyzzaa > public_html/index.html  ## 写入首页文件
[linuxprobe@PC1linuxprobe ~]$ chmod -Rf 755 /home/linuxprobe/  ## 修改权限，使其他用户可以访问

4、重启httpd服务

[linuxprobe@PC1linuxprobe ~]$ su - root
Password:
Last login: Sun Nov 22 23:36:20 CST 2020 from 192.168.3.4 on pts/0
[root@PC1linuxprobe ~]# systemctl restart httpd

5、在浏览器地址中输入网址，格式为“网址/~用户名”，中间不要用空格，效果如下：

6、使用getsebool命令查询并过滤出所有与HTTP协议相关的安全策略

[root@PC1linuxprobe ~]# getsebool -a | grep http | wc -l
42
1 httpd_anon_write --> off
2 httpd_builtin_scripting --> on
3 httpd_can_check_spam --> off
4 httpd_can_connect_ftp --> off
5 httpd_can_connect_ldap --> off
6 httpd_can_connect_mythtv --> off
7 httpd_can_connect_zabbix --> off
8 httpd_can_network_connect --> off
9 httpd_can_network_connect_cobbler --> off
10 httpd_can_network_connect_db --> off
11 httpd_can_network_memcache --> off
12 httpd_can_network_relay --> off
13 httpd_can_sendmail --> off
14 httpd_dbus_avahi --> off
15 httpd_dbus_sssd --> off
16 httpd_dontaudit_search_dirs --> off
17 httpd_enable_cgi --> on
18 httpd_enable_ftp_server --> off
19 httpd_enable_homedirs --> off
20 httpd_execmem --> off
21 httpd_graceful_shutdown --> on
22 httpd_manage_ipa --> off
23 httpd_mod_auth_ntlm_winbind --> off
24 httpd_mod_auth_pam --> off
25 httpd_read_user_content --> off
26 httpd_run_stickshift --> off
27 httpd_serve_cobbler_files --> off
28 httpd_setrlimit --> off
29 httpd_ssi_exec --> off
30 httpd_sys_script_anon_write --> off
31 httpd_tmp_exec --> off
32 httpd_tty_comm --> off
33 httpd_unified --> off
34 httpd_use_cifs --> off
35 httpd_use_fusefs --> off
36 httpd_use_gpg --> off
37 httpd_use_nfs --> off
38 httpd_use_openstack --> off
39 httpd_use_sasl --> off
40 httpd_verify_dns --> off
41 named_tcp_bind_http_port --> off
42 prosody_bind_http_port --> off

7、使用setsebool命令来修改SElinux策略中规则的布尔值

[root@PC1linuxprobe ~]# setsebool -P httpd_enable_homedirs=on   ## -P的作用是立即生效并永久生效
[root@PC1linuxprobe ~]# getsebool -a | grep http  | awk '{print NR,$0}'
1 httpd_anon_write --> off
2 httpd_builtin_scripting --> on
3 httpd_can_check_spam --> off
4 httpd_can_connect_ftp --> off
5 httpd_can_connect_ldap --> off
6 httpd_can_connect_mythtv --> off
7 httpd_can_connect_zabbix --> off
8 httpd_can_network_connect --> off
9 httpd_can_network_connect_cobbler --> off
10 httpd_can_network_connect_db --> off
11 httpd_can_network_memcache --> off
12 httpd_can_network_relay --> off
13 httpd_can_sendmail --> off
14 httpd_dbus_avahi --> off
15 httpd_dbus_sssd --> off
16 httpd_dontaudit_search_dirs --> off
17 httpd_enable_cgi --> on
18 httpd_enable_ftp_server --> off
19 httpd_enable_homedirs --> on
20 httpd_execmem --> off
21 httpd_graceful_shutdown --> on
22 httpd_manage_ipa --> off
23 httpd_mod_auth_ntlm_winbind --> off
24 httpd_mod_auth_pam --> off
25 httpd_read_user_content --> off
26 httpd_run_stickshift --> off
27 httpd_serve_cobbler_files --> off
28 httpd_setrlimit --> off
29 httpd_ssi_exec --> off
30 httpd_sys_script_anon_write --> off
31 httpd_tmp_exec --> off
32 httpd_tty_comm --> off
33 httpd_unified --> off
34 httpd_use_cifs --> off
35 httpd_use_fusefs --> off
36 httpd_use_gpg --> off
37 httpd_use_nfs --> off
38 httpd_use_openstack --> off
39 httpd_use_sasl --> off
40 httpd_verify_dns --> off
41 named_tcp_bind_http_port --> off
42 prosody_bind_http_port --> off

8、访问个人网站首页(已经可以访问）

9、为个人网页设置密码

使用htpasswd命令生成密码数据库。

[root@PC1linuxprobe ~]# htpasswd -c /etc/httpd/passwd linuxprobe  ## -c 表示第一次生成， /etc/httpd/passwd表示密码数据库的存放文件，linuxprobe为用户
New password:
Re-type new password:
Adding password for user linuxprobe

10、编辑个人用户主页功能的配置文件

[root@PC1linuxprobe ~]# wc -l /etc/httpd/conf.d/userdir.conf
36 /etc/httpd/conf.d/userdir.conf
[root@PC1linuxprobe ~]# vim /etc/httpd/conf.d/userdir.conf
  1 #
  2 # UserDir: The name of the directory that is appended onto a user's home
  3 # directory if a ~user request is received.
  4 #
  5 # The path to the end user account 'public_html' directory must be
  6 # accessible to the webserver userid.  This usually means that ~userid
  7 # must have permissions of 711, ~userid/public_html must have permissions
  8 # of 755, and documents contained therein must be world-readable.
  9 # Otherwise, the client will only receive a "403 Forbidden" message.
 10 #
 11 <IfModule mod_userdir.c>
 12     #
 13     # UserDir is disabled by default since it can confirm the presence
 14     # of a username on the system (depending on home directory
 15     # permissions).
 16     #
 17     #UserDir disabled
 18
 19     #
 20     # To enable requests to /~user/ to serve the user's public_html
 21     # directory, remove the "UserDir disabled" line above, and uncomment
 22     # the following line instead:
 23     #
 24     UserDir public_html
 25 </IfModule>
 26
 27 #
 28 # Control access to UserDir directories.  The following is an example
 29 # for a site where these directories are restricted to read-only.
 30 #
 31 <Directory "/home/*/public_html">
 32 AllowOverride all
 33 authuserfile "/etc/httpd/passwd"
 34 authname "My provate website"
 35 authtype basic
 36 require user linuxprobe
 37 </Directory>

11、重启httpd服务

[root@PC1linuxprobe ~]# systemctl restart httpd

12、测试效果

13、输入用户及密码（此处的密码是htpasswd命令设置的密码）

 

 可以访问。