[CentOS] How can I prevent apache from mounting all home directories?

Mon Nov 19 20:22:01 UTC 2012
Mike Burger <mburger at bubbanfriends.org>

> On Nov 19, 2012, at 11:20, Nux! wrote:
>
>> Instead of omitting LoadModule you could try to leave it enabled, but
>> specify a different userdir, i.e. not under /home.
>
> There is no reference to /home anywhere that I can find.  I assume that
> apache just expands ~ to list all home directories and then it mounts
> them.

Unless you've removed it from each and every Linux system (desktop
included), /etc/httpd/conf/httpd.conf contains the following:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #UserDir disable

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disable" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html

</IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

The <Directory> directive pointing at /home/*/public_html is likely your
issue.

-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1