Protected Directories Not Working ## SOLVED ##

6 posts / 0 new
Last post
#1 Thu, 06/11/2009 - 08:00
crankshaft

Protected Directories Not Working ## SOLVED ##

Hi;

I have enabled protected directory on a folder on the document root, which appears to be added sucessfully, as when I log out / in again the protected directory is listed.

Problem is it is not protecting the folder and I am able to freely access it.

I have also tried restarting apache but it makes no difference.

Is this supposed to add a .htaccess file to the protected folder ??

If so it is not added - any ideas ??

Thanks

P

Thu, 06/11/2009 - 10:01
andreychek

Yes, if you go into Services -> Protected Directories, it should add a .htaccess file to the directory you specify.

However, no users are added to the password file by default -- what you'd need to do is go into Edit Mail and FTP users, choose a username, click "Other user permissions", and make sure the users you wish to grant access to your folders are listed in "Allow access to web directories". -Eric

Thu, 06/11/2009 - 19:41 (Reply to #2)
crankshaft

Hi;

Thanks for the help.

Forgot to mention that I had already added an existing user, but it makes no difference.

Logically I would think that if you setup the protected directory and no users were granter access rights, then the folder would be inaccessible to everyone ??

There is no .htaccess file, and I suspect that this is a permissions issue, presently I have:

chown -R username:root xxxxx chmod -R 755 xxxxx

where xxxx is the imported folders and username is the virtualmin username.

Is this correct & if not what is the correct ownersip & permissions to set on the public_folders ??

Cheers

P

EDIT

Just changed ownership to root:root, removed protected directory, re-added it, granted permission to the main user for that domain and still no .htaccess file added and full access to the folder by everyone.

Sat, 06/13/2009 - 00:47 (Reply to #3)
andreychek

Well, the Virtual Server owner has a username and primary group -- often the same thing (and typically, neither is root).

Do you know what the users primary group is? The primary group is the first one listed if you type "id USERNAME".

You'd generally want the document root to be owned by the Virtual Server owner's username and group. -Eric

Sun, 06/14/2009 - 20:28
crankshaft

Hi;

Thanks, but simply cannot get this working, I have tried removing / adding several times and no .htaccess file is ever created.

To be honest, I would have expected virtualmin to check that the .htaccess file was sucessfully created and if not alert the user to the fact, however no error is produced and no .htacess file is added.

Any other suggestions as I now have an admin folder which is accessible to the world ?!

Thanks

P

EDIT

I guess that I should also add that the main web folder is NOT in the public_html folder, but is in another folder with the domain name i.e.:

/home/username/mydomain.com/admin

And the root folder has been updated for this in apache.

Sun, 06/14/2009 - 20:38
crankshaft

Ok, Solved It !!

virtualmin appears to hard code the web's root folder to be /home/userid/public_html and protected directories are only created where public_html is the root folder for the domain / web site.

I deleted the public_html folder and created a symbolic link to the actual folder and it's working as expected.

Thanks

P

Topic locked