Monthly Archives: February 2011

Standard

Posted by

Posted on

2011/02/25

Posted under

howto, WebDAV

Comments

47 Comments

Configure a WebDAV enabled webserver for multiple user folders and one shared folder

I recently was requested to set up an apache webserver to provide WebDAV folders for multiple users with individual folders. Additionally, all users should be able to use a shared WebDAV folder. After some extensive research I was unable to find any good hints on how to actually do this.

My first approach was to set up the WebDAV folders within the DocumentRoot and hence only one <Directory> configuration item was needed with multiple <Location> configuration items. At first sight, this seemed to provide what was requested.

After some testing it showed this approach had a major security issue: If the user just accessed http://webdav.example.com and authenticated successfully, the user was able to see and write to all available folders. This is obviously an undesirable behaviour.

So I decided to move the WebDAV folders out of the DocumentRoot and providing an Alias, <Directory> and <Location> configuration item for each folder and setting up access to that folder in the <Location> configuration item. Additionaly, this frees up the http://webdav.example.com which can provide further information on how to use the service.

And voilĂ , every user has his own WebDAV folder and can not see or access the folders of other users.

In the following example, three WebDAV folders are configured, one for each user and a shared folder for all users.

DAVLockDB /serv/webdav.example.org/auth/DAVLock
DAVMinTimeout 180 

NameVirtualHost 10.1.1.1
<VirtualHost webdav.example.org>

    ServerName  webdav.example.org
    ServerAdmin webmaster@example.org

    DocumentRoot /serv/webdav.example.org/htdocs/

    LogLevel warn 

    ErrorLog /serv/webdav.example.org/logs/error.log
    CustomLog /serv/webdav.example.org/logs/access.log combined

    # user1
    Alias /user1 /serv/webdav.example.org/webdav/user1

    <Directory /serv/webdav.example.org/webdav/user1>
        DAV             On
        AuthType        Basic 
        AuthName        "My WebDav Directory"
        AuthUserFile    /serv/webdav.example.org/auth/webdav.user
        Require         valid-user 
    </Directory>

    <Location /user1/>
        Require     user user1
    </Location>

    # user2
    Alias /user2 /serv/webdav.example.org/webdav/user2

    <Directory /serv/webdav.example.org/webdav/user2>
        DAV             On
        AuthType        Basic 
        AuthName        "My WebDav Directory"
        AuthUserFile    /serv/webdav.example.org/auth/webdav.user
        Require         valid-user 
    </Directory>

    <Location /user2/>
        Require     user user2 
    </Location>

    # transfer 
    Alias /transfer /serv/webdav.example.org/webdav/transfer

    <Directory /serv/webdav.example.org/webdav/transfer>
        DAV             On
        AuthType        Basic 
        AuthName        "My WebDav Directory"
        AuthUserFile    /serv/webdav.example.org/auth/webdav.user
        Require         valid-user 
    </Directory>

    <Location /transfer/>
        Require    valid-user 
    </Location>

</VirtualHost>

If you want to allow the user to access his WebDAV directory using an Internet browser you can add the following lines to the corresponding <Location> configuration item.

 Options +Indexes
 IndexIgnore ..
 IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst 
 IndexOrderDefault Ascending Name
Advertisement