views:

1400

answers:

2

I've set up DAV in apache2, which works great. The thing is, all read/write operations are done with the apache user's credentials. Instead I want to use the HTTP authenticated user's credentials. If I authenticate as "john", all read and write operations should use the system user john's credentials (from /etc/passwd). suEXEC seems like overkill since I am not executing anything, but I might be wrong...

Here's the current configuration:

<VirtualHost *:80>
        DocumentRoot /var/www/webdav
        ServerName webdav.mydomain.com
        ServerAdmin [email protected]

       <Location "/">
               DAV On
               AuthType Basic
               AuthName "WebDAV Restricted"
               AuthUserFile /etc/apache2/extra/webdav-passwords
               require valid-user

               Options +Indexes
       </Location>
        DAVLockDB /var/lib/dav/lockdb

        ErrorLog /var/log/apache2/webdav-error.log
        TransferLog /var/log/apache2/webdav-access.log
</VirtualHost>
+2  A: 

Shot answer, and as far as I know: you don't.

Long answer: it is possible to implement such a feature with an appropriate mpm, and there were various attempts to do so, but they don't seem to be very actively supported, and are at least not in the mainline Apache codebase.

peruser:

Q. Is peruser ready for production use?

A. In general, no.

perchild:

This module is not functional. Development of this module is not complete and is not currently active. Do not use perchild unless you are a programmer willing to help fix it.

That's too bad, really; most uses of WebDav I've seen store ownership information at the application layer, in the database, anyway. The consensus for doing file sharing is to use Samba instead; and that's not really a solution, I admit.

niXar
+1  A: 

We have been using davenport (http://davenport.sourceforge.net/) for years to provide access to Windows/samba shares over webdav. Samba/Windows gives a lot of control over this sort of thing, and the Davenport just makes it usable over the web over SSL without a VPN

Mark Porter