Any drawbacks to creating users for password protected directories?

Are there are drawbacks to creating users for password protected directories as per the instructions here? How to password protect a directory – Virtualmin

I have email disabled for the domain and so if I select ‘email only’ when creating the user will their only access be to view a password protected directory? Or is there some other ability or security issue I should be aware of?

Looking at this: create-user – Virtualmin it says:

Create a mail, FTP or database user.

So I guess if they’re created with ‘mail only’ (via web UI) and FTP is disabled and they aren’t specially given access to a DB, they’ll only be able to access the protected web directories specified for them? Just want to check this assumption is correct.

As far as Apache is concerned, you really don’t need a mail or FTP user for protected directories. It can all be done with .htaccess and .htpasswd. The specifics are slightly different depending on the OS, but it’s simple regardless.

I have no idea how this might mess with Virtualmin, however, since Virtualmin does provide that functionality.

In any case, I can’t come up with any realistic drawback to just doing it the way Virtualmin suggests. There’s something to be said for making things easy.


1 Like

Thanks Richard I totally forgot about htaccess!

For anyone wanting to do the same in future you just need to create a .htaccess file with:

AuthUserFile "/home/domain-or-path/public_html/.htpasswd"
AuthType Basic
AuthName "Please enter your username and password"
require valid-user
<Files .htpasswd>
    deny from all

and a .htpasswd file with the passwords. Both files in public_html.

To create passwords, simply:

htpasswd -b /home/domain-or-path/public_html/.htpasswd username password

Personally, I prefer putting .htpasswd in a directory a level above the public Web root. it can still be referenced by .htaccess anywhere in the user’s /home/ directory.


1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.