Are there are drawbacks to creating users for password protected directories as per the instructions here? How to password protect a directory – Virtualmin
I have email disabled for the domain and so if I select ‘email only’ when creating the user will their only access be to view a password protected directory? Or is there some other ability or security issue I should be aware of?
Looking at this: create-user – Virtualmin it says:
Create a mail, FTP or database user.
So I guess if they’re created with ‘mail only’ (via web UI) and FTP is disabled and they aren’t specially given access to a DB, they’ll only be able to access the protected web directories specified for them? Just want to check this assumption is correct.
As far as Apache is concerned, you really don’t need a mail or FTP user for protected directories. It can all be done with
.htpasswd. The specifics are slightly different depending on the OS, but it’s simple regardless.
I have no idea how this might mess with Virtualmin, however, since Virtualmin does provide that functionality.
In any case, I can’t come up with any realistic drawback to just doing it the way Virtualmin suggests. There’s something to be said for making things easy.
Thanks Richard I totally forgot about htaccess!
For anyone wanting to do the same in future you just need to create a .htaccess file with:
AuthName "Please enter your username and password"
deny from all
and a .htpasswd file with the passwords. Both files in
To create passwords, simply:
htpasswd -b /home/domain-or-path/public_html/.htpasswd username password
Personally, I prefer putting
.htpasswd in a directory a level above the public Web root. it can still be referenced by
.htaccess anywhere in the user’s
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.