httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke Scharf <lsch...@ee.vt.edu>
Subject WebDAV home directory security
Date Thu, 21 Feb 2002 18:33:54 GMT
I now have WebDAV and mod_auth_pam installed, but not working together
the way I want.  I'm trying to give my users the ability to edit their
$HOME/public_html directories with WebDAV and the whole world to see
their pages.

The catch is that I'd like to impose the following requirements:
1. Authentication is required only for webdav
2. Regular browser traffic does not require authentication.
2. Users can only edit their own files.  Right now, all files need to
owned by the apache user.

I've tried turning  DAV on in the user's .htaccess file.  This is not
allowed, although we could customize the .htaccess with a "require user"
field which would do the trick.

So, I have three questions:
1. Can <Directory /home/*/public_html> be set with something like
"require user $USER"?
2. Can apache su to $USER?
3. What is the Right Way to do this - assuming that I accept the
security risk of a brute-force password-guessing attack.

Any suggestions would be greatly appreciated!

Thanks,
-Luke

-- 
Luke Scharf, Jack of Several Trades
http://www.ccm.ece.vt.edu/~lscharf


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message