1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>mod_userdir - Apache HTTP Server Version 2.4</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
<script src="../style/scripts/prettify.min.js" type="text/javascript">
</script>
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body>
<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.4</p>
<img alt="" src="../images/feather.png" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_userdir</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/mod/mod_userdir.html" title="English"> en </a> |
<a href="../fr/mod/mod_userdir.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/mod/mod_userdir.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../ko/mod/mod_userdir.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_userdir.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>User-specific directories</td></tr>
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>userdir_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_userdir.c</td></tr></table>
<h3>Summary</h3>
<div class="warning">By using this module you are allowing multiple users
to host content within the same origin. The same origin policy is a key
principle of Javascript and web security. By hosting web pages in the same
origin these pages can read and control each other and security issues in
one page may affect another. This is particularly dangerous in combination
with web pages involving dynamic content and authentication and when
your users don't necessarily trust each other.</div>
<p>This module allows user-specific directories to be accessed using the
<code>http://example.com/~user/</code> syntax.</p>
</div>
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#userdir">UserDir</a></li>
</ul>
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_userdir">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_userdir">Report a bug</a></li></ul><h3>See also</h3>
<ul class="seealso">
<li><a href="../urlmapping.html">Mapping URLs to the
Filesystem</a></li>
<li><a href="../howto/public_html.html">public_html
tutorial</a></li>
<li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="UserDir" id="UserDir">UserDir</a> <a name="userdir" id="userdir">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Location of the user-specific directories</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>UserDir <em>directory-filename</em> [<em>directory-filename</em>] ...
</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_userdir</td></tr>
</table>
<p>The <code class="directive">UserDir</code> directive sets the real
directory in a user's home directory to use when a request for a
document for a user is received. <em>Directory-filename</em> is
one of the following:</p>
<ul>
<li>The name of a directory or a pattern such as those shown
below.</li>
<li>The keyword <code>disabled</code>. This turns off
<em>all</em> username-to-directory translations except those
explicitly named with the <code>enabled</code> keyword (see
below).</li>
<li>The keyword <code>disabled</code> followed by a
space-delimited list of usernames. Usernames that appear in
such a list will <em>never</em> have directory translation
performed, even if they appear in an <code>enabled</code>
clause.</li>
<li>The keyword <code>enabled</code> followed by a
space-delimited list of usernames. These usernames will have
directory translation performed even if a global disable is
in effect, but not if they also appear in a
<code>disabled</code> clause.</li>
</ul>
<p>If neither the <code>enabled</code> nor the
<code>disabled</code> keywords appear in the
<code class="directive">Userdir</code> directive, the argument is treated as a
filename pattern, and is used to turn the name into a directory
specification. A request for
<code>http://www.example.com/~bob/one/two.html</code> will be
translated to:</p>
<table>
<tr><th>UserDir directive used</th>
<th>Translated path</th></tr>
<tr><td>UserDir public_html</td>
<td>~bob/public_html/one/two.html</td></tr>
<tr><td>UserDir /usr/web</td>
<td>/usr/web/bob/one/two.html</td></tr>
<tr><td>UserDir /home/*/www</td>
<td>/home/bob/www/one/two.html</td></tr>
</table>
<p>The following directives will send redirects to the client:</p>
<table>
<tr><th>UserDir directive used</th>
<th>Translated path</th></tr>
<tr><td>UserDir http://www.example.com/users</td>
<td>http://www.example.com/users/bob/one/two.html</td></tr>
<tr><td>UserDir http://www.example.com/*/usr</td>
<td>http://www.example.com/bob/usr/one/two.html</td></tr>
<tr><td>UserDir http://www.example.com/~*/</td>
<td>http://www.example.com/~bob/one/two.html</td></tr>
</table>
<div class="note">
<strong>Be careful when using this directive; for instance,
<code>"UserDir ./"</code> would map <code>"/~root"</code> to
<code>"/"</code> - which is probably undesirable. It is strongly
recommended that your configuration include a "<code>UserDir
disabled root</code>" declaration. See also the <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> directive and the <a href="../misc/security_tips.html">Security Tips</a> page for
more information.</strong>
</div>
<p>Additional examples:</p>
<p>To allow a few users to have <code>UserDir</code> directories, but
not anyone else, use the following:</p>
<pre class="prettyprint lang-config">UserDir disabled
UserDir enabled user1 user2 user3</pre>
<p>To allow most users to have <code>UserDir</code> directories, but
deny this to a few, use the following:</p>
<pre class="prettyprint lang-config">UserDir disabled user4 user5 user6</pre>
<p>It is also possible to specify alternative user directories.
If you use a command like:</p>
<pre class="prettyprint lang-config">UserDir "public_html" "/usr/web" "http://www.example.com/"</pre>
<p>With a request for
<code>http://www.example.com/~bob/one/two.html</code>, will try to
find the page at <code>~bob/public_html/one/two.html</code> first, then
<code>/usr/web/bob/one/two.html</code>, and finally it will send a
redirect to <code>http://www.example.com/bob/one/two.html</code>.</p>
<p>If you add a redirect, it must be the last alternative in the list.
Apache httpd cannot determine if the redirect succeeded or not, so if you have
the redirect earlier in the list, that will always be the alternative
that is used.</p>
<p>User directory substitution is not active by default in versions
2.1.4 and later. In earlier versions, <code>UserDir public_html</code>
was assumed if no <code class="directive">UserDir</code>
directive was present.</p>
<div class="note"><h3>Merging details</h3>
<p> Lists of specific enabled and disabled users are replaced, not merged,
from global to virtual host scope</p></div>
<h3>See also</h3>
<ul>
<li>
<a href="../howto/public_html.html">Per-user web directories tutorial</a>
</li>
</ul>
</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_userdir.html" title="English"> en </a> |
<a href="../fr/mod/mod_userdir.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/mod/mod_userdir.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../ko/mod/mod_userdir.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_userdir.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
<script type="text/javascript"><!--//--><![CDATA[//><!--
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_userdir.html';
(function(w, d) {
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
}
else {
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
}
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
}
//--><!]]></script>
</body></html>
|
