On 26 Nov 2005, at 13:33, Joshua Slive wrote:
On 11/26/05, Ronald C. F. Antony <rcfa@xxxxxxxxxxxxx> wrote:What I need is a way to give users the ability to mount their regular home directories via SSL secured webDAV in such a way that a) their regular user names and passwords apply (no separate "web passwords") b) all files are accessed by the webDAV server with the privileges of the user logged in, i.e. regular Unix permissions apply and files arecreated with the proper ownerships and permissions if they are uploaded.a) and b) are important because the users may use the files sometimes directly on the Linux computer, and sometimes via the WebDAV mount. In other words, something that requires syncing of "regular files" and "files in a WebDAV repository" isn't called for, and we can't require special permissions on the files or risk that WebDAV writes files with permissions that prevents the user from fully manipulating the files when logged in on the Linux machine proper.The mod_dav docs: http://httpd.apache.org/docs/2.0/mod/mod_dav.html#security are pretty clear that this isn't supported. The dav repository is private to mod_dav and cannot be shared with non-dav access methods. (There is no provision for proper locking in this case, so you risk trashing your files.) In addition, apache does not support serving files under many different user ids, except through cgi and suexec. So I think you'll need to rethink your basic setup here. mod_dav is not designed to interact with non-dav access in the way you specify.
Thanks for the information. Bummer. I really don't care about file locking,
since trashing files could easily be done as well with other network file systems that only have optional/advisory locking. Also, users are either in the console, or they are in the field, so they would never access their home folder by means of both methods anyway, while outsideof their home folder they have read-only access, so they can't do harm there.
What would be what I was hoping for is that one could have a webDav realm, with SSL protected basic authentication based on the regular passwd file,
and then have worker thread spawned for each login, running under the user ID of the logged in person, i.e. a suexec-ed dav thread for each logged in user. Looks like Apache isn't up to that task. Is anyone aware of some other software that can export a file system over the dav protocol? I found http://search.cpan.org/src/LBROCARD/Net-DAV-Server-1.27/README but that's just about all the documentation on that, so it's not clear to me what this can do, and how it works... The lack of per-user threads seems to be a rather severe limitation of creative uses of apache......there's e.g. this great software phpXplorer ( http:// www.phpXplorer.org ), which would do a lot of what I'like to do, but since Apache can't spawn per user instances, it makes it pretty much impossible to use this as an interface
to user's real home directories.The only software that does something like that right now is Usermin's File Manager module, which works great as a web interface, but of course doesn't offer a
dav equivalent. Ronald
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|