Difference between revisions of "WebDAV"

From ArchWiki
Jump to: navigation, search
m (Server (Apache))
(Authentication)
Line 56: Line 56:
 
* others
 
* others
  
This is an example for using digest (make sure it is enabled in httpd.conf)
+
Two examples follow, in which {{ic|foo}} is the username:
 +
 
 +
Using digest:
 +
# basic form: htdigest -c /path/to/file AuthName username
 
  htdigest -c /etc/httpd/conf/passwd WebDAV foo
 
  htdigest -c /etc/httpd/conf/passwd WebDAV foo
  
Please make sure that the path is identical to the one you entered in your httpd.conf.  Also when using digest you have to enter the AuthName from httpd.conf.  For plain authentication you would not need this.
+
{{Note|Make sure digest authentication is enabled in {{ic|httpd.conf}} by the presence of this entry: {{ic|LoadModule auth_digest_module modules/mod_auth_digest.so}}}}
  
To require user *foo* for everything:
+
Using plain:
 +
# basic form: htpasswd -c /path/to/file username
 +
htpasswd -c /etc/httpd/conf/passwd foo
 +
 
 +
Next, {{ic|httpd.conf}} must be edited to enable authentication. One method would be to require the user {{ic|foo}} for everything:
 
{{bc|
 
{{bc|
 
<Directory "/home/httpd/html/dav">
 
<Directory "/home/httpd/html/dav">
Line 68: Line 75:
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
 
   Order allow,deny
 
   Order allow,deny
   AuthType Digest
+
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
Line 75: Line 82:
 
</Directory>
 
</Directory>
 
}}
 
}}
 +
 +
{{Note|{{ic|AuthName}} must match the name passed when using the {{ic|htdigest}} command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the {{ic|AuthUserFile}} path matches that used with the {{ic|htdigest}} or {{ic|htpasswd}} commands above}}
  
 
If you want to permit everybody to read, you could use this in your httpd.conf
 
If you want to permit everybody to read, you could use this in your httpd.conf
Line 83: Line 92:
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
 
   Order allow,deny
 
   Order allow,deny
   AuthType Digest
+
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
Line 94: Line 103:
  
 
Don't forget to restart apache after making changes!
 
Don't forget to restart apache after making changes!
 +
# systemctl restart httpd

Revision as of 22:11, 12 January 2013

WebDAV stands for Web Distributed Authoring and Versionin, see RFC 2518.

WebDAV is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using NFS, or SMB, WebDAV offers file transfers via HTTP.

The goal of this how to is to setup a simple WebDAV configuration using Apache.

See also File Sharing with Webdav and DNSSD.

Server (Apache)

Install Apache as explained in the LAMP article.

Now enable WebDAV. Add the following line to /etc/httpd/conf/httpd.conf.

DAVLockDB /home/httpd/DAV/DAVLock

Make sure you add it outside of any other directives, for instance right under the DocumentRoot definition.

Next, add the following (also outside of any directives):

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  Order allow,deny
  Allow from all
</Directory>

Create directories

# mkdir -p /home/httpd/DAV
# chown -R http:http /home/httpd/DAV # Otherwise you wouldn't be able to upload files
# mkdir -p /home/httpd/html/dav
# chown -R nobody.nobody /home/httpd/html/dav

Client (Cadaver)

cadaver is a command line WebDAV client.

# pacman -S cadaver

Test it

# cadaver http://localhost/dav
dav:/dav/> mkcol test
Creating `test': succeeded.
dav:/dav/> ls
Listing collection `/dav/': succeeded.
Coll: test
dav:/dav/> exit

If the above worked as shown, then you are good to go.

Authentication

Make sure you add permissions for viewing and dav access to the directory, and maybe even make that directory ssl access only.

There are numerous different protocols you can use:

  • plain
  • digest
  • others

Two examples follow, in which foo is the username:

Using digest:

# basic form: htdigest -c /path/to/file AuthName username
htdigest -c /etc/httpd/conf/passwd WebDAV foo
Note: Make sure digest authentication is enabled in httpd.conf by the presence of this entry: LoadModule auth_digest_module modules/mod_auth_digest.so

Using plain:

# basic form: htpasswd -c /path/to/file username
htpasswd -c /etc/httpd/conf/passwd foo

Next, httpd.conf must be edited to enable authentication. One method would be to require the user foo for everything:

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  Order allow,deny
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require user foo
  Allow from all
</Directory>
Note: AuthName must match the name passed when using the htdigest command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the AuthUserFile path matches that used with the htdigest or htpasswd commands above

If you want to permit everybody to read, you could use this in your httpd.conf

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  Order allow,deny
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Allow from all
  <LimitExcept GET HEAD OPTIONS PROPFIND>
    require user foo
  </LimitExcept>
</Directory>

Don't forget to restart apache after making changes!

# systemctl restart httpd