I recently was requested to set up an apache webserver to provide WebDAV folders for multiple users with individual folders. Additionally, all users should be able to use a shared WebDAV folder. After some extensive research I was unable to find any good hints on how to actually do this.
My first approach was to set up the WebDAV folders within the DocumentRoot and hence only one <Directory> configuration item was needed with multiple <Location> configuration items. At first sight, this seemed to provide what was requested.
After some testing it showed this approach had a major security issue: If the user just accessed http://webdav.example.com and authenticated successfully, the user was able to see and write to all available folders. This is obviously an undesirable behaviour.
So I decided to move the WebDAV folders out of the DocumentRoot and providing an Alias, <Directory> and <Location> configuration item for each folder and setting up access to that folder in the <Location> configuration item. Additionaly, this frees up the http://webdav.example.com which can provide further information on how to use the service.
And voilà, every user has his own WebDAV folder and can not see or access the folders of other users.
In the following example, three WebDAV folders are configured, one for each user and a shared folder for all users.
DAVLockDB /serv/webdav.example.org/auth/DAVLock DAVMinTimeout 180 NameVirtualHost 10.1.1.1 <VirtualHost webdav.example.org> ServerName webdav.example.org ServerAdmin firstname.lastname@example.org DocumentRoot /serv/webdav.example.org/htdocs/ LogLevel warn ErrorLog /serv/webdav.example.org/logs/error.log CustomLog /serv/webdav.example.org/logs/access.log combined # user1 Alias /user1 /serv/webdav.example.org/webdav/user1 <Directory /serv/webdav.example.org/webdav/user1> DAV On AuthType Basic AuthName "My WebDav Directory" AuthUserFile /serv/webdav.example.org/auth/webdav.user Require valid-user </Directory> <Location /user1/> Require user user1 </Location> # user2 Alias /user2 /serv/webdav.example.org/webdav/user2 <Directory /serv/webdav.example.org/webdav/user2> DAV On AuthType Basic AuthName "My WebDav Directory" AuthUserFile /serv/webdav.example.org/auth/webdav.user Require valid-user </Directory> <Location /user2/> Require user user2 </Location> # transfer Alias /transfer /serv/webdav.example.org/webdav/transfer <Directory /serv/webdav.example.org/webdav/transfer> DAV On AuthType Basic AuthName "My WebDav Directory" AuthUserFile /serv/webdav.example.org/auth/webdav.user Require valid-user </Directory> <Location /transfer/> Require valid-user </Location> </VirtualHost>
If you want to allow the user to access his WebDAV directory using an Internet browser you can add the following lines to the corresponding <Location> configuration item.
Options +Indexes IndexIgnore .. IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst IndexOrderDefault Ascending Name