Hack 62. Share Files and Directories over the Web
WebDAV is a powerful, platform-independent mechanism for sharing files over the Web without resorting to standard networked filesystems. WebDAV (Web-based Distributed Authoring and Versioning) lets you edit and manage files stored on remote web servers. Many applications support direct access to WebDAV servers, including web-based editors, file-transfer clients, and more. WebDAV enables you to edit files where they live on your web server, without making you go through a standard but tedious download, edit, and upload cycle. Because it relies on the HTTP protocol rather than a specific networked filesystem protocol, WebDAV provides yet another way to leverage the inherent platform-independence of the Web. Though many Linux applications can access WebDAV servers directly, Linux also provides a convenient mechanism for accessing WebDAV directories from the command line through the davfs filesystem driver. This hack will show you how to setup WebDAV support on the Apache web server, which is the most common mechanism for accessing WebDAV files and directories. 6.8.1. Installing and Configuring Apache's WebDAV SupportWebDAV support in Apache is made possible by the mod_dav module. Servers running Apache 2.x will already have mod_dav included in the package apache2-common, so you should only need to make a simple change to your Apache configuration in order to run mod_dav. If you compiled your own version of Apache, make sure that you compiled it with theenable-dav option to enable and integrate WebDAV support.
If WebDAV support wasn't statically linked into your version of Apache2, you'll need to load the modules that provide WebDAV support. To load the Apache2 modules for WebDAV, do the following: # cd /etc/apache2/mods-enabled/ # ln -s /etc/apache2/mods-available/dav.load dav.load # ln -s /etc/apache2/mods-available/dav_fs.load dav_fs.load # ln -s /etc/apache2/mods-available/dav_fs.conf dav_fs.conf Next, add these two commands to your httpd.conf file to set variables used by Apache's WebDAV support: DAVLockDB /tmp/DAVLock DAVMinTimeout 600! These can be added anywhere in the top level of your httpd.conf filein other words, anywhere that is not specific to the definition of a single directory or server. The DAVLockDB statement identifies the directory where locks should be stored. This directory must exist and should be owned by the Apache service account's user and group. The DAVMinTimeout variable specifies the period of time after which a lock will automatically be released. Next, you'll need to create a WebDAV root directory. Users will have their own subdirectories beneath this one, so it's a bit like an alternative /home directory. This directory must be readable and writable by the Apache service account. On most distributions, this user will probably be called apache or www-data. You can check this by searching for the Apache process in ps using one of the following commands: # ps -ef | grep apache2 # ps -ef | grep httpd A good location for the WebDAV root is at the same level as your Apache document root. Apache's document root is usually at /var/www/apache2-default (or, on some systems, /var/www/html). I tend to use /var/www/webdav as a standard WebDAV root on my systems. Create this directory and give read and write access to the Apache service account (apache, www-data, or whatever other name is used on your systems): # mkdir /var/www/webdav # chown root:www-data /var/www/webdav # chmod 750 /var/www/webdav Now that you've created your directory, you'll need to enable it for WebDAV in Apache. This is done with a simple Dav On directive, which can be located inside a directory definition anywhere in your Apache configuration file (httpd.conf): <Directory /var/www/webdav> Dav On </Directory> 6.8.2. Creating WebDAV Users and DirectoriesIf you simply activate WebDAV on a directory, any user can access and modify the files in that directory through a web browser. While a complete absence of security is convenient, it is not "the right thing" in any modern computing environment. You will therefore want to apply the standard Apache techniques for specifying the authentication requirements for a given directory in order to properly protect files stored in WebDAV. As an example, to set up simple password authentication you can use the htpasswd command to create a password file and set up an initial user, whom we'll call joe: # mkdir /etc/apache2/passwd # htpasswd -c /etc/apache2/passwd/htpass.dav joe
The htpasswd command will prompt you once for joe's new WebDAV password, and then again for confirmation. Once you've specified the password, you should set the permissions on your new password file so that it can't be read by standard users but is readable by any member of the Apache service account group: # chown root:www-data /etc/apache2/passwd/htpass.dav # chmod 640 /etc/apache2/passwd/htpass.dav Next, the sample user joe will need a WebDAV directory of his own, with the right permissions set: # mkdir /var/www/webdav/joe # chown www-data:www-data /var/www/webdav/joe # chmod 750 /var/www/webdav/joe The sample user will also need to use the password file that you just created with htpasswd to authenticate access to his directory, so you'll have to update httpd.conf with another directive for that directory: <Directory /var/www/webdav/joe/> require user joe </Directory>
Now just restart your Apache server, and you're done with the Apache side of things: # /usr/sbin/apache2ctl restart At this point, you should be able to connect to your web server and access files in /var/www/webdav/joe as the user joe from any WebDAV-enabled application. 6.8.3. See Also
|