httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ronald C.F. Antony" <r...@cubiculum.com>
Subject Re: [users@httpd] webDav access to home directory as user
Date Sun, 27 Nov 2005 05:42:30 GMT

On 26 Nov 2005, at 13:33, Joshua Slive wrote:

> On 11/26/05, Ronald C. F. Antony <rcfa@cubiculum.com> wrote:
>
>> What I need is a way to give users the ability to mount their regular
>> home directories via SSL secured webDAV in such a way that
>> a) their regular user names and passwords apply (no separate "web
>> passwords")
>> b) all files are accessed by the webDAV server with the privileges of
>> the user logged in, i.e. regular Unix permissions apply and files are
>> created with the proper ownerships and permissions if they are  
>> uploaded.
>>
>> a) and b) are important because the users may use the files sometimes
>> directly on the Linux computer, and sometimes via the WebDAV mount.
>> In other words, something that requires syncing of "regular files"
>> and "files in a WebDAV repository" isn't called for, and we can't
>> require special permissions on the files or risk that WebDAV writes
>> files with permissions that prevents the user from fully manipulating
>> the files when logged in on the Linux machine proper.
>
> The mod_dav docs:
> http://httpd.apache.org/docs/2.0/mod/mod_dav.html#security
> are pretty clear that this isn't supported.  The dav repository is
> private to mod_dav and cannot be shared with non-dav access methods.
> (There is no provision for proper locking in this case, so you risk
> trashing your files.)  In addition, apache does not support serving
> files under many different user ids, except through cgi and suexec.
>
> So I think you'll need to rethink your basic setup here.  mod_dav is
> not designed to interact with non-dav access in the way you specify.

Thanks for the information. Bummer. I really don't care about file  
locking,
since trashing files could easily be done as well with other network
file systems that only have optional/advisory locking. Also, users are
either in the console, or they are in the field, so they would never
access their home folder by means of both methods anyway, while outside
of their home folder they have read-only access, so they can't do  
harm there.

What would be what I was hoping for is that one could have a webDav  
realm,
with SSL protected basic authentication based on the regular passwd  
file,
and then have worker thread spawned for each login, running under the
user ID of the logged in person, i.e. a suexec-ed dav thread for each
logged in user.

Looks like Apache isn't up to that task. Is anyone aware of some other
software that can export a file system over the dav protocol?
I found http://search.cpan.org/src/LBROCARD/Net-DAV-Server-1.27/README
but that's just about all the documentation on that, so it's not clear
to me what this can do, and how it works...

The lack of per-user threads seems to be a rather severe limitation of
creative uses of apache...
...there's e.g. this great software phpXplorer ( http:// 
www.phpXplorer.org ),
which would do a lot of what I'like to do, but since Apache can't  
spawn per
user instances, it makes it pretty much impossible to use this as an  
interface
to user's real home directories.

The only software that does something like that right now is  
Usermin's File Manager
module, which works great as a web interface, but of course doesn't  
offer a
dav equivalent.

Ronald
Mime
View raw message