Share a space on your web server for remote file sharing and collaboration. WebDAV (Web-based Distributed Authoring and Versioning, also called DAV) is a set of extensions to HTTP/1.1 (Hypertext Transfer Protocol, the protocol spoken by web browsers and servers) allowing you to edit documents on a remote web server. DAV provides support for:
WebDAV is platform-independent, both in terms of client and server. This means that Macintosh, Unix, and Windows users can collaborate on web content without all the usual conversion problems. Furthermore, it doesn't matter whether your documents are hosted on an Apache or Microsoft IIS server. WebDAV is software agnostic. As long as your web-authoring tools are DAV-compliant, it makes little difference which particular product you're using. WebDAV is (at least should be) seamless. Because DAV is simply a set of extensions to HTTP, it's easy for companies to build support into any product that already understands the Web. And, since DAV rides on top of HTTP, firewalls tend not to get in the way of accessing your web content remotely. WebDAV makes use of the standard authorization and authentication methods built right into every web server. In the same manner as one restricts access to a portion (whether a file, folder, or entire site) of one's web site to a particular set of users or machines, so too can one finely tune WebDAV access to resources. 95.1 Mac OS X and WebDAVWhile Mac OS X doesn't provide Apache support for providing WebDAV shares right out of the box, WebDAV functionality is available as a small downloadable module, easy to build and configure. 95.2 Install the Apache mod_dav ModuleDownload [Hack #61] the latest mod_dav module (http://www.webdav.org/mod_dav/) and extract it using Terminal [Hack #49]; I chose to use tar: % curl -O http://www.webdav.org/mod_dav/mod_dav-1.0.3-1.3.6.tar.gz % tar -xvzf mod_dav-1.0.3-1.3.6.tar.gz mod_dav-1.0.3-1.3.6 mod_dav-1.0.3-1.3.6/sdbm ... mod_dav-1.0.3-1.3.6/mod_dav.mak mod_dav-1.0.3-1.3.6/autogen.sh With the archive unpacked, it's time to build the module. It goes a little something like this: % cd mod_dav-1.0.3-1.3.6 % ./configure % ./make % ./sudo make install Between each command, the screen will fill with line after line of incomprehensible jibberish. I've left these out for brevity's sake; the only thing to watch out for is the process suddenly stopping with an error. The module should now safely be installed in the right location (along with the other Apache modules) and DAV minimally enabled in the Apache server configuration. But there's more to do than simply making Apache aware of its new WebDAV functionality. 95.3 Configure WebDAV in ApacheOpen [Hack #51] the Apache server's main configuration file [Hack #89], /etc/httpd/httpd.conf , for editing. You'll need to authenticate yourself as an administrator using sudo [Hack #50] to do so: % sudo pico /etc/httpd/httpd.conf Zoom down to the end of the file and add the following text: DAVLockDB /etc/httpd/dav/DAVLock DAVMinTimeout 600 <Location /dav/> DAV On AuthType Basic AuthName "WebDAV Restricted" AuthUserFile /etc/httpd/dav/.passwd <LimitExcept GET HEAD OPTIONS> Require valid-user </LimitExcept> </Location> The first line sets up a database file that WebDAV uses to track who's editing which file. It will lock a file to prevent something dangerous from happening, such as two people trying to update it at once. The second line tells the web server not to wait forever if the remote computer loses connection with it. The <Location> tags set the context of the WebDAV settings to be for the directory /dav, which we will set up under the document root. The security we're using is AuthTypeBasic, which requires a username and password to make modifications. The password will be stored in a file called /Library/WebServer/.passwd, and the username required is webdav.
The <LimitExcept> directive gives us some protection from malicious intent. First, it locks down all the actions that can be performed on WebDAV files except those that are read-only. Second, it limits the write privileges to one user, named webdav. This user will not have any other abilities on the system but to write files in this directory. 95.4 Setting Up DirectoriesFirst, you need to set up the realm of WebDAV documents. Based on what we put in the configuration file, this will be in a subdirectory of the document root called /dav (that's /Library/WebServer/Documents/dav). You'll need to create that directory yourself, as well as changing the permissions and ownership so that the web server can write to it. % sudo mkdir /Library/WebServer/Documents/dav % sudo chgrp www /Library/WebServer/Documents/dav % sudo chmod 775 /Library/WebServer/Documents/dav Next, you need to find a place for the WebDAV lock database file. For lack of a better place, I created a directory alongside the httpd.conf configuration file, /etc/httpd/dav. Again, set the permissions so that the server can write files here: % sudo mkdir /etc/httpd/dav % sudo chgrp www /etc/httpd/dav % sudo chmod 775 /etc/httpd/dav 95.5 Creating UsersWhile our configuration specifies that only valid users [Hack #97] are allowed to alter the contents of the dav directory via WebDAV, we've not yet created said users. We'll do so now. Don't use an existing user's name and password. A malicious hacker sniffing your communications can grab that username and use it to sneak inside your system. The username we will create will be limited to WebDAV files only, which will be useless to a would-be intruder. First, create a password file using the htpasswd utility. (Again, to keep everything related to DAV together, I used /etc/httpd/dav/.) You'll simultaneously create a user account and password for webdav. You'll be prompted for a password. Invent something secure and save it someplace safe. Make the password unique (don't use one that you use elsewhere), because of the basic authentication risk I mentioned earlier. % htpasswd -c /etc/httpd/dav/.passwd webdav New password: Re-type new password: Adding password for user webdav 95.6 Restart the ServerAn apache control script, apachectl, does away with the need to kill and restart the Apache server by hand. Simply issue a start, stop, or restart and apachectl will comply. In this case, you want to restart the server, so type: % sudo apachectl restart /usr/sbin/apachectl restart: httpd restarted If Apache isn't already running, apachectl is smart enough to go ahead and start it up for you: % sudo apachectl restart /usr/sbin/apachectl restart: httpd not running, trying to start Processing config directory: /private/etc/httpd/users Processing config file: /private/etc/httpd/users/rael.conf /usr/sbin/apachectl restart: httpd started Your WebDAV server is now ready for use by anyone (with the proper authentication, that is) who can reach your Web server. Mac OS X has built-in support for mounting WebDAV shares[Hack #74] and treating them like just about any other hard drive.
95.7 See Also
Erik T. Ray and Rael Dornfest |