httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: WebDAV and reading / writing files as system users
Date Thu, 29 Apr 2004 23:22:49 GMT
On Thu, Apr 29, 2004 at 02:50:19AM +0200, Graham Leggett wrote:
> Hi all,
> 
> I am busy researching the idea of an Apache + DAV server that would do 
> the job of what a typical Samba server does now - file sharing. An 
> Apache server would have the advantage of native SSL support, flexible 
> authentication configuration, etc.

Note that Apple's iDisk is simply Apache/mod_dav, so the idea certainly
isn't far-fetched :-)

> One thing I would like to be able to do is have the DAV server read and 
> write files as system users, along the lines of what suexec achieves for
> cgi programs. Obviously the DAV server would need to run as root (or 
> have some mechanism like suexec) in order to achieve this, and would 
> probably be set up as a private stripped down DAV-only server hiding 
> behind a reverse proxy of some kind in order to improve security.

Eesh. This has tended to come up w.r.t mod_dav for over five years now. My
point of view is best summarized in this email:

  http://mailman.lyra.org/pipermail/dav-dev/2000-November/001746.html

I really don't recommend it. Why do you need to have different owners for
the files? Are people going to be logging onto the box and need to
interact with the files locally? That has a number of other problems (such
as staying in sync with mod_dav w.r.t locking and properties and atomicity
of requests, etc).

My POV has been (for a LONG while now): the DAV repository is private to
the web server and the mod_dav module. Don't let local users near it.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message