dotlinux blog

Enabling UserDir and Password Protect Web Directories on Zentyal Webserver

Zentyal is a unified network server that integrates services like web hosting, mail, file sharing, and more into a single platform. Enabling UserDir (Apache’s mod_userdir) allows users to host web content from their home directories (e.g., http://server/~username), while password protection adds security for sensitive content. This guide covers configuring both features on Zentyal’s Apache-based web server.

2026-05

Table of Contents#

  1. Prerequisites
  2. Understanding UserDir
  3. Enabling UserDir in Zentyal
  4. Configuring User Public Directories
  5. Password Protecting Web Directories
  6. Testing the Configuration
  7. Troubleshooting Common Issues
  8. Conclusion
  9. References

1. Prerequisites#

  • A Zentyal server with the Web Server module enabled (verify via Zentyal GUI: Modules → Web Server).
  • Administrative access (GUI or SSH) to the Zentyal server.
  • User accounts created (e.g., john) for whom you want to enable UserDir.
  • Basic knowledge of Linux permissions, Apache configuration, and (optional) SELinux.

2. Understanding UserDir#

The mod_userdir Apache module lets users publish web content from a public_html directory in their home folder (e.g., /home/john/public_html). Accessible via http://server/~username, this is ideal for personal sites, file sharing, or development. Password protection (via mod_auth_basic) restricts access to sensitive subdirectories.

3. Enabling UserDir in Zentyal#

Zentyal’s web server is Apache-based. Enable mod_userdir and configure UserDir via the GUI or command line.

3.1 Via Zentyal GUI#

  1. Log in to Zentyal (https://server:8443).
  2. Navigate to Modules → Web Server → Extra Configuration.
  3. Add the following Apache directives: 
    <IfModule mod_userdir.c>
    UserDir public_html       # Use public_html in home directories
    UserDir disabled root     # Disable for root (security)
    <Directory /home/*/public_html>
        AllowOverride All     # Enable .htaccess for password protection
        Require all granted   # Allow access to the directory
    </Directory>
</IfModule>
  4. Save changes and restart the web server (Zentyal prompts for restarts).

3.2 Via Command Line (Advanced)#

If the GUI method is insufficient, use Apache’s command-line tools:

  1. Enable mod_userdir:

    sudo a2enmod userdir

  2. Create a custom Apache config (e.g., /etc/apache2/conf-available/userdir.conf):

    sudo nano /etc/apache2/conf-available/userdir.conf

    Add:

    <IfModule mod_userdir.c>
    UserDir public_html
    UserDir disabled root
    <Directory /home/*/public_html>
        AllowOverride All
        Require all granted
    </Directory>
</IfModule>

  3. Enable the config and restart Apache:

    sudo a2enconf userdir
sudo systemctl restart apache2

4. Configuring User Public Directories#

For each user (e.g., john), create a public_html directory and set permissions.

4.1 Directory Creation & Permissions#

  1. Create public_html:
    As the user (or root):

    sudo su - john           # Switch to user john
mkdir public_html        # Create public_html
exit                     # Return to root

  2. Set Permissions:

    • Home directory (/home/john): Must be executable by Apache (user www-data). Set to 755: 
      sudo chmod 755 /home/john
    • public_html directory: Also 755 (web server can traverse/read): 
      sudo chmod 755 /home/john/public_html
    • Files (e.g., index.html): Set to 644 (web server can read): 
      sudo nano /home/john/public_html/index.html  # Add content (e.g., "Hello!")
sudo chmod 644 /home/john/public_html/index.html
sudo chown john:john /home/john/public_html/index.html

4.2 SELinux Considerations (if enabled)#

If SELinux is enforcing, allow Apache to read user home directories:

sudo setsebool -P httpd_enable_homedirs on       # Persist across reboots
sudo chcon -R -t httpd_user_content_t /home/*/public_html  # Label content

4. Configuring User Public Directories#

(Repeat for each user, e.g., john.)

5. Password Protecting Web Directories#

To restrict access to a subdirectory (e.g., ~/public_html/private), use mod_auth_basic and a .htaccess file.

5.1 Enable .htaccess Support#

Ensure AllowOverride All is set in the Apache config for public_html (done in Step 3).

5.2 Create a Password-Protected Directory#

As the user, create a subdirectory to protect:

sudo su - john
mkdir public_html/private
exit

5.3 Create a .htaccess File#

In the protected directory, create a .htaccess file:

sudo nano /home/john/public_html/private/.htaccess

Add:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/john/.htpasswd  # Password file (outside web root)
Require valid-user                 # Require a valid user from the file

5.4 Generate User Credentials with htpasswd#

Create a password file (e.g., /home/john/.htpasswd) and add a user:

sudo htpasswd -c /home/john/.htpasswd john  # -c creates a new file; omit for existing
  • Enter a password for john. Omit -c to add/modify users later.

5.5 Set Permissions on .htpasswd#

Ensure Apache can read the file, but others cannot:

sudo chmod 640 /home/john/.htpasswd        # Web server (www-data) can read
sudo chown www-data:john /home/john/.htpasswd  # Adjust user/group as needed

6. Testing the Configuration#

  1. Access User Directory:
    Navigate to http://server/~john in a browser. You should see the index.html content.

  2. Verify Password Protection:
    Access http://server/~john/private. You should be prompted for a username/password. Enter john and the password set in htpasswd—you should see the (empty) private directory (or a file inside).

7. Troubleshooting Common Issues#

  • Permission Errors: Ensure /home/john (755), public_html (755), and files (644) have correct permissions.
  • SELinux Blocking: Run sudo getenforce—if Enforcing, use audit2allow to fix denials.
  • .htaccess Not Working: Verify AllowOverride All in the Apache config for public_html.
  • UserDir Not Loading: Check mod_userdir is enabled (sudo a2enmod userdir) and UserDir is configured.

8. Conclusion#

Enabling UserDir and password protection on Zentyal’s web server empowers users to host personal content securely. For production, use HTTPS to protect credentials. Regularly audit permissions and configurations to maintain security.

9. References#

This blog is licensed under CC BY 4.0. Adapted from official Apache and Zentyal documentation.