[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] OT: need help configuring web server on Ubuntu Server to allow file uploads



In a similar situation I use WebDAV with LDAP authentication. I use WebDAV 
*only* under https to encrypt passwords (while not affecting regular port 80 
web access). I set up each user with a "public" and a "private" folder. The 
public folder is read-only for the immediate planet (a regular web site), the 
private folder is accessible only by the authenticated owner.

I have been meaning to write this up as a "How To" but I haven't done it yet, 
so here are the pieces: excerpt from my "ssl.conf" file 
(in /etc/httpd/conf.d), a further webdav configuration file (dav-folders.conf 
in the same directory), and the ".htaccess" file that goes in each directory 
(there are scripts to create the directory and add the .htaccess file). Sorry 
for the length.

========================================================================
File: dav-folders.conf


#
# Public read-only access to WebDAV folders
#
# Users have read/write access to their own WebDAV
# folders within the SSL virtual server (see ssl.conf).
#
# Private folders are inaccessible from ordinary http browsing.
# They are only visible using https, and only by the owner with
# authentication (via LDAP).
#
# The ".htaccess" files used with the SSL virtual server are ignored here.
# To assure that this will always be so, we (re-)declare
# "AllowOverride None"
#
# -jrl Jan 2006
#

#
# Only add the Public folders to the main web folder tree -jrl
#
Alias /Public /usr/local/WebDAV/Public
Alias /Calendars /usr/local/WebDAV/Calendars
Alias /FreeBusy /usr/local/WebDAV/FreeBusy

<Directory /usr/local/WebDAV/Public>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>

<Directory /usr/local/WebDAV/Public/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>

<Directory /usr/local/WebDAV/Calendars>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>

<Directory /usr/local/WebDAV/Calendars/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>

<Directory /usr/local/WebDAV/FreeBusy>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>

<Directory /usr/local/WebDAV/FreeBusy/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
========================================================================

Excerpt from "ssl.conf":

#
# Private read/write access to WebDAV folders
#
# Users have read/write access to their own WebDAV
# folders within the SSL virtual server.
#
# Private folders are inaccessible from ordinary http browsing.
# They are only visible using https, and only by the owner with
# authentication (via LDAP).
#
# The directives below perform the following:
#       - bring the WebDAV folders into web tree
#       - allow browsing (with indexing)
#       - includes individual user directory info (with auth)
#
# To provide a scalable authentication strategy, set:
# "AllowOverride AuthConfig" to use the local ".htaccess" file to control
# who can log in. This file belongs to "root" and is read-only for normal
# users. This strategy allows the configuration to be a trivial addition to
# folder creation without separate maintenence.
#
# -jrl Jan 2006
#

# Graft folders into web folder tree -jrl
#
Alias /Private /usr/local/WebDAV/Private
Alias /Public /usr/local/WebDAV/Public

# Allow WebDAV access to user folders, but not parent folders -jrl
#
<Directory /usr/local/WebDAV/Private>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>

<Directory /usr/local/WebDAV/Calendars>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>

<Directory /usr/local/WebDAV/FreeBusy>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>

<Directory /usr/local/WebDAV/Private/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>

# Access to Public folder itself is controlled in main httpd.conf file -jrl
#
<Directory /usr/local/WebDAV/Public/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>



<Directory /usr/local/WebDAV/Calendars/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>


<Directory /usr/local/WebDAV/FreeBusy/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>
=======================================================================

File: ".htaccess" 

require user jlucas

=======================================================================

The ".htaccess" file is world readable, but owned by root so in the Apache 
context it is read-only. A simple bash script created the directory and
makes the ".htaccess" and sets ownership and permissions with only the user ID
as an argument.



-- 
        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas gmail com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]