I’m trying to use Apache to essentially replicate the functionality of our FTP server (we’ve found a lot of customers have corporate policies/firewalls stopping them accessing FTP but not http/s). The idea is that each customer has a Linux user created for them and can login with Apache setup to use mod_auth_shadow. However I want each user to have a directory into which they can upload files, as well as download. I can see a few possibilities:

* Use mod_userdir so each user has a https://servername.com/~username site. My problem with this is that I’d have to give the apache user rights to write to user’s home directories to allow uploads, I’m not sure if this is a good idea security-wise. However this server is single-purpose – no one except administrators will be logging into it or interacting with it in any way except through httpd.


* Use some kind of module that allows apache to spawn a sub-process running as the user who logged in through mod_auth_shadow. Does such a module exist?


* Give up on the idea of using user’s home dirs and create a setup with virtual hosts and a directory owned by the apache user. Eg. have all user’s files under /var/www/users/<username> and have a virtual host for each /var/www/users/<username> dir. I’m not sure how to do this in any automated fashion though – is there a way to coerce mod_userdir into working like this?


Any help/suggestions greatly appreciated.



Tim Edwards