You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Allen <jo...@klam.ca> on 2016/06/16 03:30:26 UTC
[users@httpd] Macros + Require constructs
I am trying to setup up a webdav serve. Each user is allocated a
directory (%location) and an id (%user). In order to try and make this
some what easier to administer I wrote the following macro
<Macro WebDavUser %location %user>
# %location
Alias /%location /srv/webdav/data/%location
<Directory /srv/webdav/data/%location>
DAV On
Options +Indexes +MultiViews +FollowSymLinks
IndexOptions -IconsAreLinks +NameWidth=* +FancyIndexing
+FoldersFirst +HTMLTable
IndexOrderDefault Ascending Name
DirectoryIndex disabled
AllowOverride None
DavDepthInfinity on
DavMinTimeout 600
AuthType Digest
AuthName "webdav"
AuthDigestProvider socache file
AuthUserFile /srv/webdav/auth.d/digest_pw
AuthnCacheProvideFor file
AuthnCacheTimeout 600
AuthnCacheContext webdav
Require user %user
</Directory>
</Macro>
Users are added to a simple file which is included in the webdav config
file.
Use WebDavUser ProjectA john
Use WebDavUser ProjectB kathleen
Use WebDavUser ProjectC jack
This works quite nicely. However I am trying to work out how I can make
this work when there is no specific user. For example if I were to
provide a common area ("Common")
Use WebDavUser Common ?
Would the following be secure enough, is there another "better" way of
doing this?
<RequireAny>
Require valid-user
Require user %user
</RequireAny>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: CLOSED - Re: [users@httpd] Macros + Require
constructs
Posted by Marat Khalili <mk...@rqc.ru>.
On 18/06/16 22:03, John Allen wrote:
> Interestingly, without the RequireAll around the "Require user %user"
> it does not work.
Sounds like a bug?
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: CLOSED - Re: [users@httpd] Macros + Require
constructs
Posted by John Allen <jo...@klam.ca>.
On 2016-06-18 12:04 PM, @lbutlr wrote:
> On Jun 16, 2016, at 8:56 PM, John Allen <jo...@klam.ca> wrote:
>> On 2016-06-15 11:52 PM, John Allen wrote:
>>> I just did some testing and it doesn't work as I had hoped. the Require valid-user is applied in all cases not just in the case of the Common space!
>>>
>>> I had tried
>>>
>>> <RequireAny>
>>> <RequireAll>
>>> Require expr %Location =~ "Common"
>>> Require valid-user
>>> </RequireAll>
>>> Require user %user
>>> </RequirwAny>
>>>
>>> But it did not work. What Am I missing?
>> I found a solution to the problem, not quite how I wanted to do things but it works.
> Is it a secret solution?
>
No. I just did not think it was important enough to publish, sorry. So
my macro now looks like this:
<Macro WebDav_User %location %user>
# %location
Alias /%location /srv/webdav/data/%location
<Directory /srv/webdav/data/%location>
DAV On
Options +Indexes +MultiViews +FollowSymLinks
IndexOptions -IconsAreLinks +NameWidth=* +FancyIndexing +FoldersFirst +HTMLTable
IndexOrderDefault Ascending Name
DirectoryIndex disabled
AllowOverride None
DavDepthInfinity on
DavMinTimeout 600
AuthType Digest
AuthName "webdav"
AuthDigestProvider socache file
AuthUserFile /srv/webdav/auth.d/digest_pw
AuthnCacheProvideFor file
AuthnCacheTimeout 600
AuthnCacheContext webdav
<RequireAny>
<RequireAll>
Require expr %{REQUEST_URI} =~ m#^/Common#
Require valid-user
</RequireAll>
<RequireAll>
Require user %user
</RequireAll>
</RequireAny>
</Directory>
</Macro>
Interestingly, without the RequireAll around the "Require user %user" it does not work.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CLOSED - Re: [users@httpd] Macros + Require constructs
Posted by "@lbutlr" <kr...@kreme.com>.
On Jun 16, 2016, at 8:56 PM, John Allen <jo...@klam.ca> wrote:
> On 2016-06-15 11:52 PM, John Allen wrote:
>> I just did some testing and it doesn't work as I had hoped. the Require valid-user is applied in all cases not just in the case of the Common space!
>>
>> I had tried
>>
>> <RequireAny>
>> <RequireAll>
>> Require expr %Location =~ "Common"
>> Require valid-user
>> </RequireAll>
>> Require user %user
>> </RequirwAny>
>>
>> But it did not work. What Am I missing?
> I found a solution to the problem, not quite how I wanted to do things but it works.
Is it a secret solution?
--
No matter how fast light travels it finds the darkness has always got
there first, and is waiting for it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] CLOSED - Re: [users@httpd] Macros + Require constructs
Posted by John Allen <jo...@klam.ca>.
On 2016-06-15 11:52 PM, John Allen wrote:
>
> I just did some testing and it doesn't work as I had hoped. the
> Require valid-user is applied in all cases not just in the case of the
> Common space!
>
> I had tried
>
> /<RequireAny>
> <RequireAll>
> Require expr %Location =~ "Common"
> Require valid-user
> </RequireAll>
> Require user %user
> </RequirwAny>/
>
> But it did not work. What Am I missing?
>
I found a solution to the problem, not quite how I wanted to do things
but it works.
Re: [users@httpd] Macros + Require constructs
Posted by John Allen <jo...@klam.ca>.
I just did some testing and it doesn't work as I had hoped. the Require
valid-user is applied in all cases not just in the case of the Common space!
I had tried
/<RequireAny>
<RequireAll>
Require expr %Location =~ "Common"
Require valid-user
</RequireAll>
Require user %user
</RequirwAny>/
But it did not work. What Am I missing?
-----------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>