Uppsala Multidisciplinary Center for Advanced Computational Science

Webexport guide

Summary

You can enable webexport by creating a publicly readable (at least x for other) folder called webexport in your project directory (/proj/[project id]. The contents of that folder will be accessible through https://export.uppmax.uu.se/[project id].

Read further for information on the www-tools scripts used to configure access to the public www folder, unless you are familiar with apache-configuration.

Webexport guide - basic

Innehåll:

Some information about the web server:

  • All scripting languages (PHP etc) are disabled for security reasons.
  • The web server has read-only access to the files in your webexport folder, and only to your webexport folder.
  • There is no way for the web server to communicate with the Uppmax clusters, what so ever.

The purpose of this web server is mainly to make data accessible for users outside of Uppmax. What you do with this feature is completely up to you.

How do I get it?

To enable the public www folder of your project, create a folder webexport in your project directory and make it world executable (chmod a+x)

Everything in this folder will be available online at https://export.uppmax.uu.se/[project id] (Eg. https://export.uppmax.uu.se/b2011999).

If you are familiar with web servers since before, you will be able to customize the behavior of the files and folders within the webexport folder, using .htaccess/.htpasswd files.

For those that are not familiar with web servers since before, a couple of tools have been created to help with the process. More about these later on.

Where can i find my files?

If you put a file called test.txt in your webexport folder, ex. /proj/b2010074/webexport/test.txt, it will be accessible through http://export.uppmax.uu.se/b2010074/test.txt

If you create a folder called "files" and then put a file called test.txt in the there, e.g. /proj/b2010074/webexport/files/test.txt, it will be accessible through http://export.uppmax.uu.se/b2010074/files/test.txt

Tools, and how to use them

Common for all tools is that you first have to load the www-tools module

$ module load www-tools

Creating a new folder, or changing the behavior of an existing one

1. Run the www-add-dir script

$ www-add-dir [path to the directory you want to create/change]

( Ex. $ www-add-dir webexport/moreFiles )

If you wish to modify the behavior of an existing directory, you will have to use the -f flag to force a change.

( Ex. $ www-add-dir -f /proj/b2010999/webexport/files )


2. You will now be asked 3 questions:

- Would you like to enable listing of files in the directory IN THE WEB BROWSER? (y/n) [N]:

Activating the listing of files will enable users to browse the folder in their browser. All files in the folder will appear in a list and the user can choose which file he/she wants to download.

Deactivating listing of files will require the user to know the name of the file he/she wants to download. No list of files will appear, and the user will not be able to download anything without the file name.

- Would you like to have your new directory password protected IN THE WEB BROWSER? (y/n) [Y]:

Activating the password protection will, as the name suggests,require a valid user name and password from the user before any downloading can be done.

Deactivating it will leave the directory open for downloading by anyone.

- Would you like users outside your group being able to view the files IN THE DIRECTORY AT UPPMAX USING THE TERMINAL? (y/n) [N]:

This option controls if users who are logged into UPPMAX using SSH and a terminal will be able to enter your webexport directory and view the files.
WARNING: The names of files will be hidden from other users at UPPMAX, but they will not be read protected. This means that if someone knows the exact path to your file, they will be able to read the file. This is because the web server is, for security reasons, not being run with administrator permissions. That means that the web server is subject to the same type of file permissions as someone who is not a member of your project. This also means thay since other users can not see the names of the files in your protected directory, neither will the web server. Hence, the option for listing files on the web server is NOT available when protecting your files from other users on UPPMAX.

Please note that users have to be added to password protected folders. Follow the guide below for instructions on how to do that.
 

Adding a user to a password protected directory

IMPORTANT: If the directory you add the user to has not been setup to be password protected, the user will be added to the directory, but since the password check is still disabled, it will not ask for a password. Follow the instructions above to change these settings of a directory.

1. Enter the directory you want to add a user to

$ cd [password protected folder]


( Ex. $ cd /proj/b2010999/private )


2. Run the www-add-user script

$ www-add-user [user name]

( Ex. $ www-add-user martin)


3. Done! The script will generate a password for you for security purposes. Send the user name and password to the person(s) you want to be able to access the data in the password protected folder.
 

Removing a user from a password protected directory

1. Enter the directory you want to remove a user from

$ cd [password protected folder]

( Ex. $ cd /proj/b2010999/private )


2. Run the www-rem-user script

$ www-rem-user [user name]

( Ex. $ www-rem-user martin )


3. Done! If you wish to see a list of all users in the password protected folder you are currently standing in, type
 

$ cat .htpasswd

and you will se a list of the users

Ex.
martin:uBbBQTqv1Kx9M
martin2:A9gf7e0nmHLNA
martin3:dUs/DhBOhod4Q
martin4:34nPPePzHLfxU

Where martin, martin2, martin3, martin4 are the user names.

How to remove password protection of a directory

If you want to remove the password protection of a folder, you can remove two files called .htpasswd and .htaccess

These filenames start with a dot (.), so they are hidden files, so you have to use

ls -a

to see them in the directory.

To remove them, simply type

rm .htpasswd .htaccess

in the directory that is password protected.

Troubleshooting

Not finding files

Files you place in the webexport folder has to be readable for everyone. The web server does not have any special rights to read everyone elses files, so it it nessecary to make your files world readable.

If you have the problem that the web server tells you that your file does not exist when you try to access it, you will have to change the file permissions.

The following command will make all files in your webexport folder (and it's subfolders) readable for everyone. That means they if you have a folder in your webexport that you don't want other users at UPPMAX should be able to see, this will undo that. Make sure to replace proj-id with the id of your project:

$ chmod -R a+r /proj/[proj-id]/webexport/

Advanced usage

Nested password protection

If you password protect a directory, all its files and sub directories will be password protected with the same users and passwords. This is call inheritance, when a sub directory inherits the settings of its parent directroy.

If you want the sub directory to have different users and passwords than the parent directory, you can create nested security zones. That means that you creates a new password protected directory as a sub directory to the first password protected directory.

This new directory will not inherit any of the settings or users from the parent directory. You will have to add users to this new directory the same way you have added them to the parent directory. Even if you create a new user with the same user name as in the parent directory, they will have different passwords. All the files and sub directories of this newly created directory will inherit the new settings and users specified in the newly created directory.

There is no limit on how many times you can nest security zones. You can even create a sub directory with the password protection turned off, and you will have a password free sub directory (NOT the same as just creating a new directory).

Writing your own .htaccess files

It is not a problem to write your own .htaccess files if you are familiar with the Apache web server. The only thing you have to keep in mind is that the webserver is limited to access files within your webexport folder.

You can avoid this problem quite easily by using either relative paths when refering to files, or use the www-tools described above.