[users@httpd] Detailed access control for WebDAV ?

Sat, 20 Sep 2008 12:40:04 -0700 

Hello,
I wondered about the fact, that detailed access control rights for WebDAV shares are relatively difficult to configure in Apache 2.2. To show this, I give an relatively simple example. But you also can skip this example. 


A small group of users "group1" should have full access to a directory 
"/dir1".



Another group "group2" which should only have full access to some 
subdirectories of "/dir1", e.g. "/dir1/dir11". But "group2" users 
should be capable to browse to their subfolders using an WebDAV client 
(e.g. MS explorer). That means, that they need a "browse right" (for 
MS explorer this is PROPFIND and OPTIONS).


Technically spoken I want to have such rights:

"group1" on "/dir1": everything
"group2" on "/dir1": PROPFIND, OPTIONS
"group2" in "/dir1/dir11": everything

Here is my configuration:

        <Location /dir1>
                <Limit PROPFIND OPTIONS>
                        require group group1 group2
                </Limit>

                <LimitExcept PROPFIND OPTIONS>
                        require group group1
                </LimitExcept>
        </Location>

        <Location /dir1/dir11>
                require group group1 group2
        </Location>


This configuration works as expected. 


Is there no better solutions for configuring access rights?


Currently the access control features of Linux (standard UNIX rights or 
ACLs) are not really used, because Apache uses only 1 user for all 
client connections.. I think about running an Apache server instance for 
each WebDAV user so that the Linux rights could be used. But this causes 
other problems, e.g.


  1. How to configure the Apache proxy, so that all users have a common
     start directory?
  2. How could the users configure the access rights with their client?
  3. Are there other WebDAV servers, which could better deal with
     detailed access rights for WebDAV?

Do you have any ideas or example configurations?

Greetings,
Björn

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to