How do I read/write as the authenticated user with Apache/WebDAV?
-
02-07-2019 - |
Question
I've set up DAV in apache2, which works great. The thing is, all read/write operations are done with the apache user's credentials. Instead I want to use the HTTP authenticated user's credentials. If I authenticate as "john", all read and write operations should use the system user john's credentials (from /etc/passwd). suEXEC seems like overkill since I am not executing anything, but I might be wrong...
Here's the current configuration:
<VirtualHost *:80>
DocumentRoot /var/www/webdav
ServerName webdav.mydomain.com
ServerAdmin webmaster@mydomain.com
<Location "/">
DAV On
AuthType Basic
AuthName "WebDAV Restricted"
AuthUserFile /etc/apache2/extra/webdav-passwords
require valid-user
Options +Indexes
</Location>
DAVLockDB /var/lib/dav/lockdb
ErrorLog /var/log/apache2/webdav-error.log
TransferLog /var/log/apache2/webdav-access.log
</VirtualHost>
Solution
We have been using davenport (http://davenport.sourceforge.net/) for years to provide access to Windows/samba shares over webdav. Samba/Windows gives a lot of control over this sort of thing, and the Davenport just makes it usable over the web over SSL without a VPN
OTHER TIPS
Shot answer, and as far as I know: you don't.
Long answer: it is possible to implement such a feature with an appropriate mpm, and there were various attempts to do so, but they don't seem to be very actively supported, and are at least not in the mainline Apache codebase.
peruser:
Q. Is peruser ready for production use?
A. In general, no.
perchild:
This module is not functional. Development of this module is not complete and is not currently active. Do not use perchild unless you are a programmer willing to help fix it.
That's too bad, really; most uses of WebDav I've seen store ownership information at the application layer, in the database, anyway. The consensus for doing file sharing is to use Samba instead; and that's not really a solution, I admit.