webdav

Using WebDAV with Apache 2.x

This example will get a WebDAV directory up and running under Apache 2.x in a few minutes.

If you're running Debian, you will need to enable the WebDAV modules. For RedHat, it should be already enabled.

Create a VirtualHost in your Apache config file, and put into it something like this:

<VirtualHost *:80>
        DocumentRoot /var/www
        ServerName you.server.name
        DavLockDB /var/lock/apache2/DavLock
        <Directory "/var/www/dav">
        Options Indexes FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
        AuthName "WebDAV"
        AuthType Basic
        AuthUserFile /home/htpasswd
        AuthGroupFile /dev/null
        DAV On
        require valid-user
        </Directory>
</VirtualHost>

You could also put it into an SSL VirtualHost if you want it encrypted. Then setup the htpasswd:

htpasswd -c /home/htpasswd <your username>

If you'll be sharing the same folder for Windows-based users, use digest authentication instead of basic authentication, as Windows has some interesting limitations to a proper WebDAV implementation (unless you decide to install Microsoft Office Outlook - as for why this is so, well...)

<VirtualHost *:80>
        DocumentRoot /var/www
        ServerName you.server.name
        DavLockDB /var/lock/apache2/DavLock
        <Directory "/var/www/dav">
        Options Indexes FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
        AuthName "WebDAV"
        AuthType Digest
        AuthDigestProvider file
        AuthUserFile /home/htdigest
        AuthGroupFile /dev/null
        DAV On
        require valid-user
        </Directory>
</VirtualHost>

For populating the digest password database, use htdigest

htdigest -c /home/htdigest "WebDAV" <username>

Whether you choose to use basic or digest authentication, lose the -c parameter once the password database has been initially created, or the file would be truncated.

Create your WebDAV directory, and make sure it is owned by the Apache user. For Debian this is 'www-data' and for RedHat it is 'apache'.

mkdir -p /var/www/dav
chown -R apache:apache /var/www/dav

Restart Apache and try to connect to your WebDAV directory at your.server.name/dav.

If you're having problems, check to see that your HTTP authentication is working by going to http://your.server.name/dav.

Also try Litmus, a WebDAV tester: http://www.webdav.org/neon/litmus/

These examples are based on the WebDAV + LDAP HOWTO: http://www.tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/

WebDAV clients

If you're using a Unix-based system such as Linux, the BSD's or Mac OSX, chances are the WebDAV clients provided natively by the distributions are sufficient and often would implement the standard properly.

OTOH, if you're using Microsoft Windows XP and above, chances are the native WebDAV mini-director would give you lots of headaches as its implementation is currently broken. We recommend using alternative WebDAV clients: a free one is Novell's NetDrive which can be downloaded from http://support.novell.com/servlet/filedownload/uns/pub/ndrv41862.exe/

Securing your WebDAV folders using ACLs

POSIX ACLs are quite useful especially if users would have access to WebDAV folders both via WebDAV and the shell. Instead of changing the general ownership of the file, use setfacl to allow the Apache user, as well as specific users, to access the WebDAV folder.