LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page How to allow read access to all users and writes to some specific with apache/webdav?
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-11-2009, 12:06 PM   #1
polik
LQ Newbie
 
Registered: Sep 2004
Location: Italy
Distribution: RHEL
Posts: 10

Rep: Reputation: 0
How to allow read access to all users and writes to some specific with apache/webdav?

Hi everybody,

I have a server containing information that should be readable by all users, while only admin users should be allowed to write.
One of my attempts was to use two <Directory> directives referring to the same path, the first to grant read only access, the second to grant write access to authenticated and specific users only.
The first part sounds easy, when you talk about it, but I did not find a solution yet.

Any ideas?
Thanks.
 
Old 03-11-2009, 12:13 PM   #2
kashifazizawan
Member
 
Registered: Aug 2008
Location: Dubai, UAE
Distribution: CentOS
Posts: 40
Blog Entries: 13

Rep: Reputation: 15
Smile
look at this may this...

[folder]

comment = share folder
path = /home/folder
browseable = yes
valid users = user1,user2,user3,user4
invalid user =
read list = user1,user2
write list = user3,user4
writable = yes
create mask = 0744
guest ok = no
 
Old 03-11-2009, 01:23 PM   #3
chitambira
Member
 
Registered: Oct 2008
Location: Online
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
Quote:
look at this may this...

[folder]

comment = share folder
path = /home/folder
browseable = yes
valid users = user1,user2,user3,user4
invalid user =
read list = user1,user2
write list = user3,user4
writable = yes
create mask = 0744
guest ok = no
This stuff if for samba kashifazizawan!

You can use limit, here is a snippet:
Quote:
<ifmodule mod_dav.c>
<directory /path/to/webdav/>
allow from 127.0.0.1 ::1
allow from 192.0.2.1
# other allowed clients
Dav on
AuthType Basic
AuthName "MySystemName WebDAV Storage"
AuthUserFile /path/to/web/etc/passwd.dav
Require valid-user
# These are the HTTP methods used in DAV, beyond the usual GET/HEAD/OPTIONS
# <limit put post delete propfind proppatch mkcol copy move lock unlock>
# Require user administrator
# </limit>
</directory>

or something like,

Quote:
<directory /path/to/webdav/sensitive/>
<limitexcept get options propfind>
Require user administrator
</limitexcept>
</directory>
just explore more oh how you want to limit some other users.
 
Old 03-12-2009, 05:02 AM   #4
polik
LQ Newbie
 
Registered: Sep 2004
Location: Italy
Distribution: RHEL
Posts: 10

Original Poster
Rep: Reputation: 0
Let's make is simpler and try to grant read access only to everyone, without authentication.
My current configuration is the following:

Alias /deliveries "/export/deliveries"

<Directory /export/deliveries>
Dav On

Order Allow,Deny
Allow from all

AuthType Basic
Options Indexes FollowSymLinks
IndexOptions FancyIndexing NameWidth=*
</Directory>

How does it work? Everyone can read and write, but none can delete.
It is not what I need, yet.

The client is a windows XP sp3, mapping the network place as http://my_server:80/deliveries
 
Old 03-12-2009, 05:32 AM   #5
polik
LQ Newbie
 
Registered: Sep 2004
Location: Italy
Distribution: RHEL
Posts: 10

Original Poster
Rep: Reputation: 0
Sorry, I have to correct myself: the above configuration allows or not deleting depending on the object you are managing. In particular it is not possible to delete or rename directories, while it is possible to delete files.
 
Old 03-12-2009, 06:30 AM   #6
chitambira
Member
 
Registered: Oct 2008
Location: Online
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
In that case, the second snippet I gave you satisfies what you need.

Quote:
<directory /export/deliveries>
Dav On

Order Allow,Deny
Allow from all

AuthType Basic
Options Indexes FollowSymLinks
IndexOptions FancyIndexing NameWidth=*
<limitexcept get options propfind>
Require user administrator
</limitexcept>
</directory>
This means that everyone else is allowed readonly except administrator, who can write to the directory
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
XP can't access Apache WebDAV share blue.spark General 7 08-27-2006 03:50 PM
Providing WebDAV access to users directories? GameDNA Linux - Networking 1 12-04-2004 10:32 PM
fstab: giving a user acct read-only access to specific partition doorbits Linux - General 4 05-18-2004 02:11 PM
Giving Specific users access to the reboot command shassouneh Linux - Security 15 03-24-2004 05:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:01 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration