You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bjoern Voigt <bj...@cs.tu-berlin.de> on 2008/09/20 21:38:44 UTC

[users@httpd] Detailed access control for WebDAV ?

Hello,

I wondered about the fact, that detailed access control rights for 
WebDAV shares are relatively difficult to configure in Apache 2.2. To 
show this, I give an relatively simple example. But you also can skip 
this example.

> A small group of users "group1" should have full access to a directory 
> "/dir1".
>
> Another group "group2" which should only have full access to some 
> subdirectories of "/dir1", e.g. "/dir1/dir11". But "group2" users 
> should be capable to browse to their subfolders using an WebDAV client 
> (e.g. MS explorer). That means, that they need a "browse right" (for 
> MS explorer this is PROPFIND and OPTIONS).
>
> Technically spoken I want to have such rights:
>
> "group1" on "/dir1": everything
> "group2" on "/dir1": PROPFIND, OPTIONS
> "group2" in "/dir1/dir11": everything
>
> Here is my configuration:
>
>         <Location /dir1>
>                 <Limit PROPFIND OPTIONS>
>                         require group group1 group2
>                 </Limit>
>
>                 <LimitExcept PROPFIND OPTIONS>
>                         require group group1
>                 </LimitExcept>
>         </Location>
>
>         <Location /dir1/dir11>
>                 require group group1 group2
>         </Location>
>
> This configuration works as expected. 

Is there no better solutions for configuring access rights?

Currently the access control features of Linux (standard UNIX rights or 
ACLs) are not really used, because Apache uses only 1 user for all 
client connections.. I think about running an Apache server instance for 
each WebDAV user so that the Linux rights could be used. But this causes 
other problems, e.g.

   1. How to configure the Apache proxy, so that all users have a common
      start directory?
   2. How could the users configure the access rights with their client?
   3. Are there other WebDAV servers, which could better deal with
      detailed access rights for WebDAV?

Do you have any ideas or example configurations?

Greetings,
Björn

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org