httpd'conf

1
httpd.conf

• Divided into 3 sections
• Global environment (normally not touched), Main
  server configuration (read it carefully!),
  Virtual hosts (normally not touched)
• Main server configuration (Section 2)
• Who are we
• User wwwrun
• Group www
• Name on server and admin
• ServerAdmin geirs_at_iu.hio.no
• ServerName compaq.iu.hio.no
• Points at document root
• DocumentRoot "/usr/local/apache2/htdocs"

2
httpd.conf

• The configuration file is most likely in the
  directory /usr/local/apache2/conf/
• This is compiled in the daemon but cat be
  overridden at startup of the daemon
• The configuration is divided into sections which
  can be included in httpd.conf at your own wish.
  In my /usr/local/apache2/conf/extra/ I have the
  following files
• total 56
• -rw-r--r-- 1 root root 2845 2007-01-15 1334
  httpd-autoindex.conf
• -rw-r--r-- 1 root root 1690 2007-02-21 1426
  httpd-dav.conf
• -rw-r--r-- 1 root root 2344 2007-01-15 1334
  httpd-default.conf
• -rw-r--r-- 1 root root 1103 2007-01-15 1334
  httpd-info.conf
• -rw-r--r-- 1 root root 5040 2007-01-15 1334
  httpd-languages.conf
• -rw-r--r-- 1 root root 800 2007-01-15 1334
  httpd-manual.conf
• -rw-r--r-- 1 root root 3523 2007-01-15 1334
  httpd-mpm.conf
• -rw-r--r-- 1 root root 2186 2007-01-15 1334
  httpd-multilang-errordoc.conf
• -rw-r--r-- 1 root root 10253 2007-01-15 1334
  httpd-ssl.conf
• -rw-r--r-- 1 root root 815 2007-01-15 1334
  httpd-userdir.conf
• -rw-r--r-- 1 root root 1453 2007-01-15 1334
  httpd-vhosts.conf

3
httpd.conf

• The most important directives in this file are
• ServerRoot
• Listen
• LoadModule
• User
• Group
• ServerAdmin
• DocumentRoot
• Options
• AllowOverride
• Order, Deny, Allow
• DirectoryIndex
• AddType
• Include
• UserDir
• ScriptAlias

4
httpd.conf

• ServerRoot
• The ServerRoot directive sets the directory in
  which the server lives. Typically it will contain
  the subdirectories conf/ and logs/. Relative
  paths in other configuration directives (such as
  Include or LoadModule, for example) are taken as
  relative to this directory.
• Listen
• The Listen directive instructs Apache to listen
  to only specific IP addresses or ports by
  default it responds to requests on all IP
  interfaces. Listen is now a required directive.
  If it is not in the config file, the server will
  fail to start. This is a change from previous
  versions of Apache.
• LoadModule
• The LoadModule directive links in the object file
  or library filename and adds the module structure
  named module to the list of active modules.
  Module is the name of the external variable of
  type module in the file, and is listed as the
  Module Identifier in the module documentation.

5
httpd.conf

• User
• The User directive sets the user ID as which the
  server will answer requests. In order to use this
  directive, the server must be run initially as
  root. If you start the server as a non-root user,
  it will fail to change to the lesser privileged
  user, and will instead continue to run as that
  original user. If you do start the server as
  root, then it is normal for the parent process to
  remain running as root.
• Group
• The Group directive sets the group under which
  the server will answer requests. In order to use
  this directive, the server must be run initially
  as root. If you start the server as a non-root
  user, it will fail to change to the specified
  group, and will instead continue to run as the
  group of the original user.
• ServerAdmin
• The ServerAdmin sets the contact address that the
  server includes in any error messages it returns
  to the client. If the httpd doesn't recognize the
  supplied argument as an URL, it assumes, that
  it's an email-address and prepends it with
  mailto in hyperlink targets. However, it's
  recommended to actually use an email address,
  since there are a lot of CGI scripts that make
  that assumption. If you want to use an URL, it
  should point to another server under your
  control. Otherwise users may not be able to
  contact you in case of errors.

6
httpd.conf

• DocumentRoot
• This directive sets the directory from which
  httpd will serve files. Unless matched by a
  directive like Alias, the server appends the path
  from the requested URL to the document root to
  make the path to the document.
• Options
• The Options directive controls which server
  features are available in a particular directory.
• AllowOverride
• When the server finds an .htaccess file (as
  specified by AccessFileName) it needs to know
  which directives declared in that file can
  override earlier configuration directives.
• Order, Deny, Allow
• The Order directive controls the default access
  state and the order in which Allow and Deny
  directives are evaluated.

7
httpd.conf

• DirectoryIndex
• The DirectoryIndex directive sets the list of
  resources to look for, when the client requests
  an index of the directory by specifying a / at
  the end of the directory name. Local-url is the
  (-encoded) URL of a document on the server
  relative to the requested directory it is
  usually the name of a file in the directory.
  Several URLs may be given, in which case the
  server will return the first one that it finds.
  If none of the resources exist and the Indexes
  option is set, the server will generate its own
  listing of the directory.
• AddType
• The AddType directive maps the given filename
  extensions onto the specified content type.
  MIME-type is the MIME type to use for filenames
  containing extension. This mapping is added to
  any already in force, overriding any mappings
  that already exist for the same extension. This
  directive can be used to add mappings not listed
  in the MIME types file (see the TypesConfig
  directive).
• Include
• This directive allows inclusion of other
  configuration files from within the server
  configuration files.

8
httpd.conf

• UserDir
• The UserDir directive sets the real directory in
  a user's home directory to use when a request for
  a document for a user is received.
• ScriptAlias
• The ScriptAlias directive has the same behavior
  as the Alias directive, except that in addition
  it marks the target directory as containing CGI
  scripts that will be processed by mod_cgi's
  cgi-script handler. URLs with a case-sensitive
  (-decoded) path beginning with URL-path will be
  mapped to scripts beginning with the second
  argument, which is a full pathname in the local
  filesystem.

9
httpd.conf

• The directives can be invoked under certain
  conditions and some conditions are
• IfModule
• Directory
• FilesMatch

10
httpd.conf

• IfModule
• The ltIfModule testgt...lt/IfModulegt section is used
  to mark directives that are conditional on the
  presence of a specific module. The directives
  within an ltIfModulegt section are only processed
  if the test is true. If test is false, everything
  between the start and end markers is ignored.
• Directory
• ltDirectorygt and lt/Directorygt are used to enclose
  a group of directives that will apply only to the
  named directory and sub-directories of that
  directory. Any directive that is allowed in a
  directory context may be used. Directory-path is
  either the full path to a directory, or a
  wild-card string using Unix shell-style matching.
  In a wild-card string, ? matches any single
  character, and matches any sequences of
  characters. You may also use character ranges.
  None of the wildcards match a /' character, so
  ltDirectory //public_htmlgt will not match
  /home/user/public_html, but ltDirectory
  /home//public_htmlgt will match.
• FilesMatch
• The ltFilesMatchgt directive limits the scope of
  the enclosed directives by filename, just as the
  ltFilesgt directive does. However, it accepts a
  regular expression.

11
httpd.conf

• Main settings for /
• Restrictive settings
• ltDirectory /gt
• Options FollowSymLinks
• AllowOverride None
• lt/Directorygt
• Main settings for DocumentRoot
• Access control for any directory under
  "/usr/local/apache2/htdocs" (DocumentRoot)
• ltDirectory "/usr/local/apache2/htdocs"gt
• Give a directory listing if no .html file exists
  and follow links
• Options Indexes FollowSymLinks
• Does not look for any .htaccess files
• AllowOverride None
• Who can get information from this server
• Order allow, deny
• Allow from all
• lt/Directorygt

12
httpd.conf

• User directory
• Web directory appended to each use user (/user)
• UserDir public_html
• User directories
• ltDirectory /home//public_htmlgt
• AllowOverride FileInfo AuthConfig Limit
  Indexes
• Options MultiViews Indexes SymLinksIfOwnerMatc
  h IncludesNoExec
• ltLimit GET POST OPTIONS PROPFINDgt
• Order allow,deny
• Allow from all
• lt/Limitgt
• ltLimitExcept GET POST OPTIONS PROPFINDgt
• Order deny,allow
• Deny from all
• lt/LimitExceptgt
• lt/Directorygt

13
httpd.conf

• Documentation
• www.apache.org
• Go to (click on) HTTP Server (httpd.apache.org)
• Go to Documentation Apache 2.0 (httpd.apache.org/d
  ocs-2.0)
• Then look at the User's Guide (Configuration
  Sections)

14
http.conf

• Directory index
• Default file if a directory is requested
• DirectoryIndex index.html index.phtml
• Access file name
• AccessFileName to override the default settings
  for each directory
• AccessFileName .htaccess
• Script aliases
• Directories for serverscripts
• ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/
  "
• ScriptAlias /cgi-bin-geirs/ "/home/geirs/cgi-bin/"

15
User administration

• Introduction
• You shall write a Perl script to create a couple
  of hundred users
• The script shall read an input file (with users)
  and create two output files.
• This shall be done in one go (only one Enter
  touch)
• The two output files will be additions to
  /etc/passwd and /etc/shadow
• Keep a backup of the old /etc/passwd and
  /etc/shadow
• compaq cp /etc/passwd /etc/passwd.old
• Merge the additions manually like
• compaq cat /etc/passwd.add gtgt /etc/passwd
  (and for the shadow file)
• A good advice is to run perl with the -w switch
• !/usr/bin/perl -w
• Create all necessary user directories and files
  (see /etc/skel)
• Create a default web page
• Make necessary changes in httpd.conf so that each
  user has its own script directory
• The last point might be the third output file
  from the script
• Perl
• Resources www.perl.com or man perl

16
User administration

• Strategy
• Start with reading the existing /etc/passwd
• Use a hash array to keep track of existing uid's
  and users
• The first new uid may as an example be the
  highest one 1
• --------------------------------------------------
  -
• Start reading the file with new users
• Extract the students name
• Get rid of all spaces
• Change all norwegian letters (æøå) into eoa
• Change all capital letters to small letters
• Then create a user name from e.g. the first five
  letters of the first name and the first letter of
  the last name
• Check that the user name does not exist
• If it does, add a digit to the user name until it
  is unique
• Give the new user name an uid
• Add the user name and uid to the hash array

17
User administration

• Strategy
• Generate a password and encrypt it
• Generate a home directory and the necessary
  subdirectories
• Generate ScriptAlias to httpd.conf
• Create a standard home page
• Change the ownership to the whole home directory
• Read the next user and start over again
• -------------------------------------------------
• Generating passwords
• One strategy is to start with a string seq
  llLLddss where l stands for lower case letter,
  L stands for upper case letter, d stands for
  digit and s stands for special character
• Permute the characters in the string randomly to
  as an example perm LsddlLls
• Then read one character at a time from perm to
  generate a password

18
User administration

• Reading the password file for users

PASSWD"/etc/passwd" open(PASSWD,
"PASSWD") Les igjennom passordfilen
(registrerte brukere) maxuid 0 while (line
ltPASSWDgt) chop(line) (login,x,uid,x)
split("",line) userslogin uid
Ta vare på login uidsuid login
og uid if (uid gt maxuid and uid lt 60000)
maxuid uid Første "ledige" uid
close(PASSWD)
19
User administration

• Generating a random lower case string

geirs_at_compaq/bingt cat string.pl !/usr/bin/perl
-w sub generate_string _at_letters
("a".."z") nl _at_letters string ""
for (i0ilt8i) string .
letters(time rand(32767))nl return
string for (j0jlt10j) passwd
generate_string() print "passwd\n" geirs_at_co
mpaq/bingt string.pl dsarzgzr xylpvnej geghwhhc k
ikujokh nivlvhij iqaehhar sbmhmrqq airawpxq fsjrax
ci hnszpgah geirs_at_compaq/bingt
20
perl

• Scalars
• var 2.3
• var 10
• var a string
• Arrays
• _at_arr (a, b, c) Defining an array
• arr0 a An alternative
• arr1 b
• arr2 c
• (first, second, third) _at_arr Making scalars
  of an array
• (x, y) (y, x) Switching between two
  scalar values

21
perl

• Example

!/usr/bin/perl -w Array print "-"x80 .
"\nArray\n" . "-"x80 . "\n" _at_arr
("a","b","c") print 'Number of elements in _at_arr
("a","b","c") is ' . _at_arr . "\n" print "The
elements are _at_arr\n" (first, second, third)
_at_arr print 'Elements in (first, second,
third) _at_arr is ' . "first second
third\n" Switching variables print "-"x80
. "\n" . 'Switching variables x and y' . "\n" .
"-"x80 . "\n" x 2 y 3 print "x -
y\n" (x, y) (y, x) print "x - y\n"
22
perl

• Hash arrays (associative array)
• users (hansb, 1001, olah, 1002, benteh,
  1005) Creation
• users (hansb gt 1001, olah gt 1002,
  benteh gt 1005) Alternative
• usershansb 1001 Alternative
• usersbenteh 1005
• usersolah 1002
• Filehandles
• open(FILE, data) Reading an existing file
• open(FILE, ltdata) The same
• open(FILE, gtdata) Create and write to file
• open(FILE, gtgtdata) Add to existing file
• open(FILE, grep s) Output filter (must
  start with s)
• open(FILE, grep s data ) Input filter (only
  lines beginning with s in file data)
• line chop(input ltSTDINgt) Read from
  console and remove newline
• input ltSTDINgt The same
• line chop(input)

23
perl

• Example

!/usr/bin/perl -w Hash array print "-"x80
. "\nHash array\n" . "-"x80 . "\n" users
("hansb", 1001, "olah", 1002, "benteh",
1005) print users . "\n" users ("hansb" gt
1001, "olah" gt 1002, "benteh" gt 1005) print
users . "\n" users"hansb"
1001 users"benteh" 1005 users"olah"
1002 print "users\n" print 'users' . "\n"
24
perl

• Operators
• , -, , /, , (Standard operators)
• . (String addition or concatenation)
• a 123
• b 456
• c 3
• a b gives 579
• a . b gives 123456
• a c gives 369
• a x c gives 123123123

25
perl

• Example

!/usr/bin/perl -w Operators print "-"x80 .
"\nOperators\n" . "-"x80 . "\n" a 123 b
456 c 3 print 'a 123' . "\n" print 'b
456' . "\n" print 'c 3' . "\n" print 'a
b is ' . (a b) . "\n" print 'a . b is
' . a . b . "\n" print 'a b is ' . (a
c) . "\n" print 'a x b is ' . (a x c) .
"\n"
26
perl

• Logical operators
• , , !, and, or, not
• Comparison operators
• , !, lt, gt, lt, gt, ltgt, eq, ne, lt, gt, le,
  ge, cmp
• a ltgt b (gives -1, 0 or 1)
• File test operators
• -e file (exists)
• -r file (readable)
• -w file (writable)
• -d file (directory)
• -f file (regular file)
• -T file (text file)

27
perl

• True values
• Any string except and 0
• Any number except 0
• Any reference
• 0.00
• \a (even if a 0)
• False values
• 0
• 10 10
• 0.00
• 0
• undef()

28
perl

• Example

DIR"/root" Root catalog LOG_DIR"DIR/log/"
Log directory USERS"DIR/data/users" New
users file Open log file unless (-d
LOG_DIR) print "No log directory
exists!\n" exit 1 open(RUN_LOG,
"gtRUN_LOG") Read the users file unless
(-T USERS) print "No users file exists!\n"
exit 1 open(USERS, USERS)