Web Publishing on Pantheon
If you have a webpage, you can easily publish it using your Pantheon space. It will then be accessible at the address http://pantheon.yale.edu/~YourNetID. If you wish to publish a webpage, follow these basic instructions.
1. Enable web publishing on your account using the Pantheon Account Tool. Doing this creates a folder called public_html in your home directory, sets its permissions appropriately, and creates a default index.html in that directory.
You can also do this manually instead of using the Pantheon Account Tool. Connect to the terminal and run the following commands:
mkdir ~/public_html
chmod 755 ~/public_html
The first command creates the public_html folder, and the second sets the appropriate permissions.
2. Now, HTML files that you upload into the public_html folder will be accessible on the web. To learn how to upload files, see Pantheon File Transfer. Note that only files in the public_html folder are accessible; thus, you can create other folders for backing up files.
3. The permissions set on a file may prevent you from being able to view it on the Internet. Everybody should have read access to the files you are publishing, and read and execute privileges for folders that contain files you wish to be accessible. See the File Permissions section below for more details, including how to change permissions with SSH, Fugu, or the Pantheon prompt.
In publishing your webpage, you may wish to consult a Yale Student Tech, a set of student employees at Yale who provide general technology assistance help.
You can password protect to web pages on the Pantheon with the creation of two files. One, the .htaccess file, specifies usernames to be allowed access. The other, the .htpasswd file, pairs the usernames with encrypted passwords.
1. the .htaccess file
The .htaccess file should be placed in the directory to which you want to restrict access. You can create and edit this file either using a text editor on your computer (such as Notepad [Windows] or TextEdit [Mac]), or by connecting to the pantheon via terminal and using a command-line editor such as 'vi' or 'nano'. Its content should look something like this:
AuthType Basic
AuthUserFile /home02/a2/abc234/.htpasswd
AuthName "wwwpeople"
require user NameOfUser
(For more details, see the bottom of this page.)
Note that you'll need to fide out the full path to your home directory ("/home02/a2/abc234/" in the above example) using one of the following methods:
- If you are connected to the Pantheon from a terminal, simply type 'cd ~' and press enter, followed by 'pwd'. The first command takes you to your home folder, the second shows you the full path to your current (home) folder.
- If you are connected to the Pantheon by SFTP, clicking Operation --> Go to Folder... will probably give you your current folder's full address.
- If you are connected to the Pantheon by Fugu, you can find your full address by seeing the parent directories of your Pantheon folder.
2. the .htpasswd file
This file holds the data of allowed usernames and passwords for the .htaccess file. You can generate this file using the Pantheon's terminal (to connect to the terminal, see the "Using the Terminal" instructions).
On the Pantheon, creating an htpasswd file is a two-step process. First, you'll use the program makepasswd to generate the stored-form of your passwords. Second, you'll create the htpasswd file, using the stored-form of your passwords.
Generating stored form of passwords
Note: If you entered more than one user in your .htaccess file above, you will need to run this command once for each user, with their respective passwords.
From a terminal, type the following command (make sure to use a strong password):
makepasswd -e shmd5 -p my_secret_password
When you hit enter, you should see a response that looks like:
my_secret_password 4d$rDyas19cvCauIRmg2mm.OsXdW1
For each password you create, you need to copy and temporarily store the second portion after the password (in this case '4d$rDyas19cvCauIRmg2mm.OsXdW1'). This is the stored form of the password.
Creating the .htpasswd file
Once you have all the stored forms of your passwords, create a .htpasswd file in your home directory folder, using your text editor of choice (we'll use nano here):
nano ~/.htpassed
The file should have one line per each user. Each line consists of the user name, followed by a colon, followed by the stored form of the password. There should be no spaces in between each section.
Example
NameOfUser1:4d$rDyas19cvCauIRmg2mm.OsXdW1
NameOfUser2:Qe3iBM$2kKwyrhKOBkAN3xI8xY720
When you are done, save the file. Make sure the file is located in your home directory, not in your public_html folder.
Once you have set up these files correctly, anyone trying to access the restricted directory will see a window like the following:
Keep the following in mind when creating the .htaccess file:
- The AuthType Basic directive tells the server to use simple password authentication before allowing someone to access the pages in the directory.
- The AuthUserFile contains the accounts and passwords used to protect the directory. The accounts in this file do not need to be NetIDs and should not be protected with NetID passwords.
- The AuthName give is the title that will appear in the password box. It is specified in the above diagram as wwwpeople.
If you had .htaccess files prior to October 14, 2001, you may experience problems due to the Pantheon's upgrade to Apache. Please contact STC if you are having this problem.
Instead of protecting your web pages with a password you may choose to restrict access based on authorization by the Central Authentication Service (CAS). If you choose to restrict access based on CAS, anyone that you give access to your web pages to must have a valid Yale NetID.
A .htaccess file should be placed in the directory to which you want to restrict access. You can create it in Notepad or some other text editor. Its content should look something like this:
AuthType CAS
require user NetID1 NetID2 NetID3 etc
You may decide that you would like to restrict access to anyone with a valid NetID. To do so, your .htaccess file would look like this:
AuthType CAS
require valid-user
Since Unix is a multi-user operating system, it is possible to make your files accessible or inaccessible to others through file permissions.
File permissions are specific properties of each file in your Pantheon directory that allow or disallow users access to your files. There are three types of access that can be given:
r: Read access
Files: Ability to see the contents of the files /> Directories: Ability to see the contents of the directory
w: Write access
Files: Ability to make changes to a file (including deleting it)
Directories: Ability to make changes to the contents of the directory
x: Execute access
Files: Ability to run a file (if it is a program or script)
Directories: Ability to enter the directory
These accesses can further be given to three sets of users: owner, group, and others (the world).
It is probably easiest to deal with file permissions in an FTP program such as SSH File Transfer Client or Fugu, but you can also accomplish this in the terminal. Instructions for both are given below.
From a File Transfer Program
Windows: SSH Secure File Transfer Client
To see and change file permissions, right-click the file(s) in question and choose Properties. A window with the properties of the file will pop up.
To change the permissions, you can check or uncheck the appropriate boxes. For example, if you do not want Group and Other to be able to execute the file, you can uncheck those boxes. Alternately, if you know the specific number of the Permission Mask, you can type it into the Permission Mask box.
Mac OSX: Fugu
To see and change file permissions, highlight the file(s) in question. Then click the File menu and choose Get Info (or press Command-I). A window with the properties of the file will pop up.
To change the permissions, check or uncheck the appropriate boxes in the same way as in the Windows instructions, above. (Note that the Permission Mask box is named the "Octal Mode Representation" instead, but the numbers still indicate the same permissions.)
From the Terminal
Unix provides a mechanism to allow or disallow other users from accessing your files and directories. This mechanism is through the command chmod.
To check the permissions on your files, run ls with the -l flag:
minerva% ls -l
drwx------ 3 tang 512 Aug 17 00:29 Mail/
drwxr-xr-x 6 tang 512 Aug 12 12:04 News/
-rw-r--r-- 1 tang 1032 Aug 09 11:59 dead.article
-rw-r--r-- 2 tang 2113 Nov 26 1992 to-john
The first column (i.e. drwx------) is the one of interest. The first letter is a d for directories or a - for files. The next nine characters can break down into three groups of three. r, w, or x denote read, write, or execute access, as described above. They are grouped into three sets of permissions, for owner, group, and others.
For each group, any of the above types of access can be on (indicated by r, w, or x in ls -l) or off (indicated by the dash). So, "drwx------" indicates a directory that is read, write, and executable by the owner, but gives no access to group or others.
To change a file or directory's permissions, use the chmod command. The syntax is:
chmod permissions-to-change file(s)
where permissions-to-change is of the following format:
- whose permissions to change (u, g, and/or o)
- a + (add permissions) or - (take away permissions)
- what permissions to give or take away (r, w, and/or x)
Example:
minerva% chmod go-w to-john
means take away write access from group and others for the file to-john,
minerva% chmod o+rx News Mail
means give read and execute access to others for the directories News and Mail.
