Re: [cobalt-users] [RaQ 4] Some (easy?) questions from a newbie

["Carrie Bartkowiak" <ravencarrie@xxxxxxxx>]

>first let me say, that i'm new to Linux and Cobalt Servers,
>so if you've got an answer to my questions (specially the
>php question), could you please describe the solution
>"a little more detailed" than normal.

That's my specialty. ;)

> 1. How do i make a directory password protected?
>     For example, i have a directory on www.mysite.tld/directory
>     and i want this directory to be protected. This means, that
>     the directory is online only reachable, when you first type
>     in the siteadmin name and password.

To password protect a directory you must put a file in that directory
named .htaccess, which points to a password file elsewhere on the
server.
This isn't as simple as it sounds, the password in the password file
must be encrypted. You can't just write the password and get away with
it. ;)
This is a *bit* different if you want the site to accept the
siteadmin's username and password *that he uses in his control panel
for the Cobalt*.

Okay, here we go:
If you want the username and password to be authenticated against what
your *server* has in its records (in the /etc/shadow - file), then
this is what your .htaccess file will look like:
#Access file
order allow,deny
allow from all
require valid-user
Authname Put_Some_Descriptive_Name_Here_No_Spaces
Authtype Basic

You do not need a separate password file, as the server will check
it's own password file to see if the username/password combo matches.
This is good for making a directory that only valid users (who have
accounts) on the machine can access.

If, however, you want to make up some username/password combo (say,
username: bozo password: clown to protect the directory /web/jester)
and then be able to give that to people without compromising any true
accounts on the machine, that's a little different. You need two
files: an .htaccess file in the directory you want password protected,
and a password file that is *out of the web directory*. Normally this
is named .htpasswd, you can call it whatever you want as long as it
starts with .ht. Giving them different names is a good way of knowing
which file goes to which directory - like for the example above, you
could name it .htjester.

First, make a file named .htaccess and put this in it:
order allow,deny
allow from all
require valid-user
authname Jester_Directory
authtype basic
authuserfile /home/sites/siteX/somefolder/.htjester

For the 'authname', you can put whatever you want - as long as there's
no spaces. This is what will show up in the password challenge box
(you'll see it when you give it a try).
For the 'authuserfile', you want to put a full server path to the file
that you'll be using for your password file. Again, you can call it
whatever you want as long as it starts with '.ht'.  (If you wanna get
real down and dirty you don't have to do this but it's more secure
since the server is configured to look for files starting with .ht and
not show them to anyone.)  Make sure this path and file is *not* in
the /web directory.
So you can go to your site's root, where you see the folders "logs",
"users", and "web". Make a folder here named "pass". Put your password
file in that folder. If this was site10 on your machine, then the
authuserfile line would look like:
authuserfile /home/sites/site10/pass/.htjester

Still with me so far?
Now we've got to make the password file. It's one line per user - you
can have multiple users logging into the same directory with different
name and password combinations. (You can do a lot more too, like
restrict the domain they're coming from, but we'll stick to the
basics.)
The quick and dirty way to do this is to do it straight from the
command line when you are in the /home/sites/site10/pass folder:
#htpasswd [-c] .htpasswd {username}
That's the explanation of it. The -c is to *create* a file. For the
example we're using it would be:
#htpasswd -c .htjester bozo
The server will then prompt you for the password (clown). You won't
see it as you're typing it on the screen but the machine will make it
for you and encrypt the password.
You can see the file if you do the command:
#ls -la
and if you want to read it, just:
#pico .htjester  (or whatever you've decided to call it).
You'll see that in the file it will have something like:
bozo:FJaeht3732827skfh.akjdhf
The password will be different, of course.

Notes:
**If you want to add additonal users to the file, do *not* use the -c
flag. Just take that part out of the command.
#htpasswd .htjester AnotherUer
**If you don't want to have to cd all over the machine, you can use a
full path to where the file should be created in the command, like so:
#htpasswd -c /home/sites/site10/pass/.htjester bozo
**Remember that usernames and passwords are CaSe SeNsItIvE.
**These files, .htaccess and .htjester (or .htpasswd) will not show up
in an FTP listing unless you specially configure your FTP program to
show them.
**Some people can't get their .htaccess file to work unless they've
got the line
AuthPAM_Enabled off
added in their file, like so:
# Access file
order allow,deny
allow from all
require valid-user
Authname Jester_Directory
AuthPAM_Enabled off
Authtype Basic
AuthUserFile /home/sites/site10/pass/.htjester

That being said, I have NEVER had to add this line into my .htaccess
files, and as a matter of fact, when I *do* add this line in, I get an
internal server error.

If you find that it is not working, here's some checks to make:
1. Check that you haven't made a typo and called it .htacess or
.htacces or something like that.
2. Check that the path to the password file is correct
3. Check that the password file exists
4. Check that the password file has the username/password combo in it
that you're trying
5. Check that you are typing in the username and password EXACTLY as
you made them (case sensitive).
6. Try a brand new browser window, as IE tends to cache errors and
won't let you in once you've entered the username/password incorrectly
(not all the time, but sometimes it does this)
7. Check /etc/httpd/conf/access.conf to see if that site (in our
example, site10) is allowed to do this; it should have something like:
<Directory /home/sites/site10>
AllowOverride All
Options All
</Directory>
at the bottom of access.conf. This is only if you don't have
AllowOverride All set for the entire /home/sites directory.


There are also username/password combo generators online all over the
place. You can use one of these to input your username and password,
and it will give you a line (that looks just like the
bozo:dlkjgit884hkjg above - but with different letters for the
password) that you can then copy and paste into a file and upload it
via FTP. Doing it from the command line is faster, though.

Next!

> 2. How can i change the logrotation for a virtual site?
Since you're using Webalizer, you don't have to change the log
rotation. You just need to change Webalizer itself so that it keeps
its own logs rather than using the big file the site puts out.
In your webalizer.conf, look for the line:
#Incremental no
Change this to yes and uncomment it:
Incremental yes
There's also a line directly below that one that allows you to specify
what the name of the spiffy history file will be, just uncomment it.
You don't have to restart the server.
You can, however, run Webalizer right from the command line so that
you can check that it's working immediately:
#cd /etc/cron.daily
# ./webalizer.pl

Next!

> 3. How do i update/recompile php?

I actually don't have the answer for this one, but I do have some
questions to make you think.
Many people have great success recompiling PHP on the Cobalts - then
again, they know what they're doing.
Many other people try to recompile PHP and end up breaking things.
It's a risky venture.
WHY do you need ftp enabled? As an alternative, why not just use a
file upload snippet of php coding? You *can* do file uploading through
PHP without having PHP be ftp-enabled... I hope you knew that. If not,
now you do.
Also, what's wrong with just regular ftp?

I would really REALLY consider all of my other options on how to let
the users get their file onto the server before I went about
recompiling PHP.

> 4. Do you know any good books/websites, so that i could learn more
about
>     Linux/Cobalt quickly without posting such a bunch of questions
here?

Oh lord there are a bunch of them. For cobalt-specific stuff, check a
cobalt webring that Thom set up:
http://www.baltimoremd.com/cobaltfacts/sitelist.html
Also, you don't have to post all of your questions. Learn to use the
search feature at the archives that are kept for this list - usually
many people have asked the same question before (many times):
http://list.cobalt.com/mailman/listinfo/cobalt-users
One tip on this is to spell something as man different ways as you
can, word it differently, and when asking about a specific error
message, paste the exact error message (or portions of it) into the
search box.

For general Linux stuff, nothing beats Google:
http://www.google.com
Just ask the question as you normally would, for example:
how do I edit a .htpasswd file
or
edit .htpasswd file
And you'll get back tons of stuff.

Hope this helps. :)
CarrieB