I have enabled protected directory on a folder on the document root, which appears to be added sucessfully, as when I log out / in again the protected directory is listed.
Problem is it is not protecting the folder and I am able to freely access it.
I have also tried restarting apache but it makes no difference.
Is this supposed to add a .htaccess file to the protected folder ??
If so it is not added - any ideas ??
Yes, if you go into Services -> Protected Directories, it should add a .htaccess file to the directory you specify.
However, no users are added to the password file by default – what you’d need to do is go into Edit Mail and FTP users, choose a username, click “Other user permissions”, and make sure the users you wish to grant access to your folders are listed in “Allow access to web directories”.
Thanks for the help.
Forgot to mention that I had already added an existing user, but it makes no difference.
Logically I would think that if you setup the protected directory and no users were granter access rights, then the folder would be inaccessible to everyone ??
There is no .htaccess file, and I suspect that this is a permissions issue, presently I have:
chown -R username:root xxxxx
chmod -R 755 xxxxx
where xxxx is the imported folders and username is the virtualmin username.
Is this correct & if not what is the correct ownersip & permissions to set on the public_folders ??
Just changed ownership to root:root, removed protected directory, re-added it, granted permission to the main user for that domain and still no .htaccess file added and full access to the folder by everyone.
Well, the Virtual Server owner has a username and primary group – often the same thing (and typically, neither is root).
Do you know what the users primary group is? The primary group is the first one listed if you type “id USERNAME”.
You’d generally want the document root to be owned by the Virtual Server owner’s username and group.
Thanks, but simply cannot get this working, I have tried removing / adding several times and no .htaccess file is ever created.
To be honest, I would have expected virtualmin to check that the .htaccess file was sucessfully created and if not alert the user to the fact, however no error is produced and no .htacess file is added.
Any other suggestions as I now have an admin folder which is accessible to the world ?!
I guess that I should also add that the main web folder is NOT in the public_html folder, but is in another folder with the domain name i.e.:
And the root folder has been updated for this in apache.
Ok, Solved It !!
virtualmin appears to hard code the web’s root folder to be /home/userid/public_html and protected directories are only created where public_html is the root folder for the domain / web site.
I deleted the public_html folder and created a symbolic link to the actual folder and it’s working as expected.