Re: [users@httpd] webDav access to home directory as user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 26 Nov 2005, at 13:33, Joshua Slive wrote:

On 11/26/05, Ronald C. F. Antony <rcfa@xxxxxxxxxxxxx> wrote:

What I need is a way to give users the ability to mount their regular
home directories via SSL secured webDAV in such a way that
a) their regular user names and passwords apply (no separate "web
passwords")
b) all files are accessed by the webDAV server with the privileges of
the user logged in, i.e. regular Unix permissions apply and files are
created with the proper ownerships and permissions if they are uploaded.

a) and b) are important because the users may use the files sometimes
directly on the Linux computer, and sometimes via the WebDAV mount.
In other words, something that requires syncing of "regular files"
and "files in a WebDAV repository" isn't called for, and we can't
require special permissions on the files or risk that WebDAV writes
files with permissions that prevents the user from fully manipulating
the files when logged in on the Linux machine proper.

The mod_dav docs:
http://httpd.apache.org/docs/2.0/mod/mod_dav.html#security
are pretty clear that this isn't supported.  The dav repository is
private to mod_dav and cannot be shared with non-dav access methods.
(There is no provision for proper locking in this case, so you risk
trashing your files.)  In addition, apache does not support serving
files under many different user ids, except through cgi and suexec.

So I think you'll need to rethink your basic setup here.  mod_dav is
not designed to interact with non-dav access in the way you specify.

Thanks for the information. Bummer. I really don't care about file locking,
since trashing files could easily be done as well with other network
file systems that only have optional/advisory locking. Also, users are
either in the console, or they are in the field, so they would never
access their home folder by means of both methods anyway, while outside
of their home folder they have read-only access, so they can't do harm there.

What would be what I was hoping for is that one could have a webDav realm, with SSL protected basic authentication based on the regular passwd file,
and then have worker thread spawned for each login, running under the
user ID of the logged in person, i.e. a suexec-ed dav thread for each
logged in user.

Looks like Apache isn't up to that task. Is anyone aware of some other
software that can export a file system over the dav protocol?
I found http://search.cpan.org/src/LBROCARD/Net-DAV-Server-1.27/README
but that's just about all the documentation on that, so it's not clear
to me what this can do, and how it works...

The lack of per-user threads seems to be a rather severe limitation of
creative uses of apache...
...there's e.g. this great software phpXplorer ( http:// www.phpXplorer.org ), which would do a lot of what I'like to do, but since Apache can't spawn per user instances, it makes it pretty much impossible to use this as an interface
to user's real home directories.

The only software that does something like that right now is Usermin's File Manager module, which works great as a web interface, but of course doesn't offer a
dav equivalent.

Ronald

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux