WebDAV support

Good ideas? Share with us!
Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: WebDAV support

Post by Ubi » 13 Feb 2011, 06:48

giving apache access to your shadow file sounds like a bad idea.
The only proper solution I can think of is PAM, but that's not very easy.

gb119
Posts: 18
Joined: 30 Sep 2008, 16:45

Re: WebDAV support

Post by gb119 » 13 Feb 2011, 10:12

Even with PAM you still need the webserver process to be abce to read /etc /shadow if you are using local files based authentication. You could configure PAM to use LDAP and oo alc authentication that wayic

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: WebDAV support

Post by amishorn » 22 Oct 2012, 14:08

Hi @ all

I have as well an issue with webdav access...
Previously I did all as mentioned above and it actually also woks fine, however, if I call my B3 and log in with e.g. User1, then I am not able to see the folder of FolderUser1 even if User1 itself is the owner of this folder. The corresponding folder FolderUser1 has the following configuration:

drwxr-x--- 6 User1 users 4096 Date FolderUser1

Can anybody tell me what the problem might be?

Thanks a lot for all hints...

Regards
Aimless

nobody
Posts: 226
Joined: 10 Mar 2012, 14:46

Re: WebDAV support

Post by nobody » 22 Oct 2012, 15:28

If you cannot see the folde, the prolem is not with the permission of that folder, but with the permissions of the parent folder!

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: WebDAV support

Post by amishorn » 24 Oct 2012, 16:39

Thank you very much for your quick reply.
I checked your hint and had to realize that the parent folder is the "home" folder. That means that the path of the FolderUser1 is like following:

/home/FolderUser1/

And here is already my next question:
Since the group to which the home folder belongs is the root group I have actually to add the user User1 to the root group in order to give access rights to the user User1. Is it then legitimate that each user is a member of root group only to have access to the home folder? Or belongs the home folder usually not to the root group?

Thanks again for your reply.

Regards
amishorn

nobody
Posts: 226
Joined: 10 Mar 2012, 14:46

Re: WebDAV support

Post by nobody » 25 Oct 2012, 15:02

Do not add regular users to the root group. That is a really bad idea!
Instead, change the group for /home into the users group or a special, new group, and then add the user1 to that group.

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: WebDAV support

Post by amishorn » 30 Oct 2012, 15:35

Hi,

thanks again for your reply. I configured my B3 as you adviced.
However, on my work we use Win7, which wanna be super secure and does not accept the AuthType Basic, why I am not able to connect to the B3 with a webfolder/netdrive. Do you know how to configure the B3 for the AuthType Digest? May you probably make an example as gb119 did for the basic type on the first page?
I already checked the apache page as well as the iNet, but I don't understand the instructions especially as it is always mentioned that the httpd.conf has to be changed instead of the file /etc/apache2/sites-enabled/bubba ...

I would also be apreciate about a hint where I can find further documentation about webdav.

Regards,
Amishorn

nobody
Posts: 226
Joined: 10 Mar 2012, 14:46

Re: WebDAV support

Post by nobody » 31 Oct 2012, 14:32

I think you can change teh registry to make it work with authtype basic

http://www.anyspeak.org/?p=137

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: WebDAV support

Post by amishorn » 03 Dec 2015, 06:59

Hi,

again I'm struggling with access rights and I'm just not familiar enough with the apache configuration, i.e. the documentation and examples on the net makes me more confusing than it helps. Hence, I hope one more for help from this forum...

I have several users registered on my bubba and a few are members of the group exmpGroup. A subdomain points to a public folder "/home/web/public/" that should be accessible for all users of the group exmpGroup. Further, I use WebDAV that the folder is accessible through the common http protocol. My current configurations are as follow:

Code: Select all

<Directory />
    DAV on
    AuthPAM_Enabled on
    AuthType Basic
    AuthBasicAuthoritative Off
    AuthName "PAM"
    require valid-user
    require group exmpGroup
    AuthGroupFile /etc/group
    AuthUserFile /etc/passwd
</Directory>
With this configuration, indeed, the caller is requested to enter credentials, however, no user have access. No matter if it is a member of exmpGroup or not. Can anybody explain me what I missed or how I have to change the configuration, so that the access is restricted only to members of the group exmpGroup?

Thanks very much in advance.

/amishorn

Gordon
Posts: 1339
Joined: 10 Aug 2011, 03:18

Re: WebDAV support

Post by Gordon » 03 Dec 2015, 11:24

You probably still need lines like these:

For apache 2.2:

Code: Select all

Order allow,deny
allow from all
For apache 2.4+

Code: Select all

Require all granted

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: WebDAV support

Post by amishorn » 04 Dec 2015, 07:12

Well, although I appended this lines within the same <Directory /> block, it didn't lead me to the desired log-in behaviour. It is still the same as before. Nobody, independent of the belonging group, is able to log in.

Any additional input? Does the order of all this apache configurations have any impact? Does it depend on the owner and the group of the folder .../public, i.e. must the owner be www-data?

/amishorn

Post Reply