All, I'm having trouble getting <Limit> and Satisfy to work within a <Location>. I'm using Apache httpd 2.2.22 on Debian Wheezy. Now, "Satisfy" is not documented to work under <Location> elements, but also <Limit> is not documented to work under <Location>, and seems to work without a problem. I was wondering if it's just an accident that <Limit> works under <Location>, but that Satisfy can't, or the documentation is inaccurate, or if I simply can't do what I want to do. I am trying to protect a part of my filesystem that is accessible via WebDAV. I'm using mod_dav along with mod_auth_ldap and I'd like to be able to do this: <Directory /path/to/dav/some/subdir> <Limit HEAD GET OPTIONS PROPFIND> Satisfy Any Require ldap-group cn=some-read-only-group Require ldap-group cn=some-read-only-other-group </Limit> <LimitExcept HEAD GET OPTIONS PROPFIND> Satisfy Any Require ldap-group cn=some-read-write-group </LimitExcept> </Directory> The closest thing I'm able to get working is this: <Location "/dav/Clinical/grants"> <Limit HEAD GET OPTIONS PROPFIND> Require ldap-group cn=some-read-only-group </Limit> <LimitExcept HEAD GET OPTIONS PROPFIND> Require ldap-group cn=some-read-write-group </LimitExcept> </Location> It looks like I have to use <Location> instead of <Directory> because <Directory> does not protect directories being handled by mod_dav. Can someone confirm that? Whenever I use "Satisfy Any" anywhere, it appears to apply to a much-wider set of files than is specified in <Limit> or <Location>. Is there a way to do complicated permissions along with WebDAV? I'd appreciate any suggestions anyone might have. While I'm at it, I'd like to know whether path-ordering in httpd.conf will have any bearing on how the permissions are applied. Ideally, I'd like to be able to set permissions on a top-level directory, then override those permissions on a sub-directory -- not necessarily either widening or narrowing the permissions... I might want to do a little of both. -chris
Attachment:
signature.asc
Description: OpenPGP digital signature