httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LuKreme <krem...@kreme.com>
Subject [users@httpd] Re: setting up webdav
Date Thu, 12 Nov 2009 01:17:29 GMT
On 11-Nov-2009, at 18:04, André Warnier wrote:
> LuKreme wrote:
>> any file named .ht* is never served by apache, and there's really nowhere else to
place the .htdavpass file.
> What do you mean there is nowhere else ?
> What about under /usr/local/www, and name it example.com.davpasswd for instance. At least
it would not be directly under your DocumentRoot, in an area potentially accessible by users.

It's SUPPOSED to be accessible to the users. It's THEIR web space. If they want to change
the webDAV passwords they are free to do so. However, I have to admit that currently there's
no method for them to do so (I keep meaning to get around to setting something up).

> Apache will never serve a file starting with a dot, maybe.
> But since you have the / locations open to DAV, have you checked if someone (authenticated)
can upload a file called .htdavpass ?
> Or download it through DAV ?

It doesn't show up at all via webDAV and the file is owned by root, so no, there is no way
for them to change it.

>      AuthUserFile /usr/local/www/example.net/.htdavpass
> 
> So it is not really surprising if user jeans cannot acces a site for which the password
file is not the same as the one user jeans' password was created in, is it ?

I simply forgot to obfuscate the domain in question on the htpass line. The paths are identical
(and copied and pasted). Also, I am not getting a password error, I am getting 

[error] [client 71.229.144.93] client denied by server configuration: /usr/local/www/example.net/


-- 
Humans are always slightly lost. It's a basic characteristic. It explains a lot about them.
--Lords and Ladies


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message