How to map authenticated Apache users to their own directory?
I am trying to offer our users an Apache WebDav space where they can store their calendar (.ics) files. I've got Dav and LDAP authentication running already. But I fail to jail users to some sub-directories. After all I don't want them to access each other's calendar files.
Example: Let's say user johndoe logs in. Then I'd like to have his "/" path be mapped to /var/www/users/johndoe on disk. So that every user has their own directory.
What I have tried so far:
-
UserDir /var/www/users/*/
but it seems like this directory just sets the path for /~johndoe/ requests which is not what I want.
-
RewriteRule ^/ /users/%{REMOTE_USER} [R]
Fails. And it's probably just rewriting the path which isn't what I want.
-
AliasMatch ^/ /var/www/users/%{REMOTE_USER}/
This should map the path to a directory on disk but the %{REMOTE_USER} does not get expanded.
Is is possible to jail logged in users to some subdirectory? Thanks in advance.
Solution 1:
If you are willing to use a directory prefix instead of "/", you can use something like this:
# Let's setup WebDAV first
<Directory /var/lib/storage>
Dav On
Options Indexes
AllowOverride None
</Directory>
# Now we'll set up the user area mapping
RewriteCond %{REQUEST_URI} ^/storage/
RewriteRule ^/storage/(.*?)$ /var/lib/storage/user/%{LA-U:REMOTE_USER}/$1 [L]
Moreover, the same user directories can be accessed read-only using the /~user/ syntax
# Public area can be accessed as https://server/~user/
RewriteCond %{REQUEST_URI} ^/~
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$
RewriteRule ^/~([^/]+)/?(.*) /var/lib/storage/user/$1/$2 [L]
YMMV