sábado, 12 de noviembre de 2022

PHP linux Debian Habilitar a los usuarios en las carpetas public_html

PHP linux Debian Habilitar a los usuarios en las carpetas public_html

Se configura un archivo para permitir que los usuarios user1 y user2 puedan ejecutar códigos php desde la carpeta public_html


- Editar el archivo php7.3.conf o su equivalente php**.conf

$sudo nano /etc/apache2/mods-enabled/php7.3.conf

Se deben Comentar las líneas 21 a 25

<IfModule mod_userdir.c>
    <Directory /home/*/public_html>
        php_admin_flag engine Off
    </Directory>
</IfModule>

- El archivo sin editar es:

  1. <FilesMatch ".+\.ph(ar|p|tml)$">
  2.     SetHandler application/x-httpd-php
  3. </FilesMatch>
  4. <FilesMatch ".+\.phps$">
  5.     SetHandler application/x-httpd-php-source
  6.     # Deny access to raw php sources by default
  7.     # To re-enable it's recommended to enable access to the files
  8.     # only in specific virtual host or directory
  9.     Require all denied
  10. </FilesMatch>
  11. # Deny access to files without filename (e.g. '.php')
  12. <FilesMatch "^\.ph(ar|p|ps|tml)$">
  13.     Require all denied
  14. </FilesMatch>
  15.  
  16. # Running PHP scripts in user directories is disabled by default
  17. #
  18. # To re-enable PHP in user directories comment the following lines
  19. # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
  20. # prevents .htaccess files from disabling it.
  21. <IfModule mod_userdir.c>
  22.     <Directory /home/*/public_html>
  23.         php_admin_flag engine Off
  24.     </Directory>
  25. </IfModule>
  26.  

- Archivo Editado para que los usuarios user1 y user2 ejecuten codigos en php desde su carpeta public_html

Se adicionó el codigo de las líneas 27 a 34

  1. <FilesMatch ".+\.ph(ar|p|tml)$">
  2.     SetHandler application/x-httpd-php
  3. </FilesMatch>
  4. <FilesMatch ".+\.phps$">
  5.     SetHandler application/x-httpd-php-source
  6.     # Deny access to raw php sources by default
  7.     # To re-enable it's recommended to enable access to the files
  8.     # only in specific virtual host or directory
  9.     Require all denied
  10. </FilesMatch>
  11. # Deny access to files without filename (e.g. '.php')
  12. <FilesMatch "^\.ph(ar|p|ps|tml)$">
  13.     Require all denied
  14. </FilesMatch>
  15.  
  16. # Running PHP scripts in user directories is disabled by default
  17. #
  18. # To re-enable PHP in user directories comment the following lines
  19. # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
  20. # prevents .htaccess files from disabling it.
  21. #<IfModule mod_userdir.c>
  22. #    <Directory /home/*/public_html>
  23. #        php_admin_flag engine Off
  24. #    </Directory>
  25. #</IfModule>
  26.  
  27. <IfModule mod_userdir.c>
  28.     <Directory /home/user1/public_html>
  29.         php_admin_flag engine On
  30.     </Directory>
  31.     <Directory /home/user2/public_html>
  32.         php_admin_flag engine On
  33.     </Directory>
  34. </IfModule>
<FilesMatch ".+\.ph(ar|p|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
    Require all denied
</FilesMatch>

# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
#<IfModule mod_userdir.c>
#    <Directory /home/*/public_html>
#        php_admin_flag engine Off
#    </Directory>
#</IfModule>

<IfModule mod_userdir.c>
    <Directory /home/prog1/public_html>
        php_admin_flag engine On
    </Directory>
    <Directory /home/prog2/public_html>
        php_admin_flag engine On
    </Directory>
</IfModule>



- Se reinicia apache2

$sudo systemctl restart apache2


- Se deben crear test.php en las carpetas public_html de cada usuario

test.php para el user1

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
<?php
    print "PHP Test Page User 1";
?>
</div>
</body>
</html>


test.php para el user2

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
<?php
    print "PHP Test Page User 2";
?>
</div>
</body>
</html>


- Por último se abre un navegador y se ve si los test funcionan para cada usuario

localhost o dominio

localhost/~user1/test.php

localhost/~user2/test.php




Para referencia del UserDirectory se puede ver:

https://wiki.ubuntu.com/UserDirectoryPHP

Security note: Running PHP scripts in users' home directories was not disabled for a frivolous reason -- PHP is a full programming language, and as such, can be used by attackers in nefarious ways. Ideally, the PHP engine should only be enabled for users you (the system administrator) trust, and even then sparingly. To do this, instead of removing the above lines, create a file (as root) called /etc/apache2/conf.d/php-in-homedirs.conf with the following contents:

    <IfModule mod_userdir.c>
        <Directory /home/$USERNAME/public_html>
            php_admin_value engine On
        </Directory>
    </IfModule>

Simply replace the $USERNAME with the user name of the user you wish to allow PHP access to. Also note that the <Directory> section may be repeated as many times as is necessary. Save the file, and restart Apache with a sudo /etc/init.d/apache2 restart and PHP should only be enabled for the users listed in this file. See the Apache documentation on the Directory tag for more information.




Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)