Jun 292009
 

Sponsored Link

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to edit and manage files collaboratively on remote World Wide Web servers.

Installing WebDAV in debian

First install apache using the following command

#aptitude install apache2

Enable the WebDAV modules using the following commands

#a2enmod dav_fs

#a2enmod dav

Restart Apache server

#/etc/init.d/apache2 restart

Creating A Virtual Host in Apache

Now create a default Apache vhost in the directory /var/www/webdav. We will modify the default Apache vhost configuration in /etc/apache2/sites-available/default. If you already have a vhost for which you'd like to enable WebDAV, you must adjust this tutorial to your situation.

First, we create the directory /var/www/webdav and make the Apache user (www-data) the owner of that directory

#mkdir -p /var/www/webdav

#chown www-data /var/www/webdav

Then we back up the default Apache vhost configuration (/etc/apache2/sites-available/default) and create our own one

#mv /etc/apache2/sites-available/default /etc/apache2/sites-available/default.original

#vi /etc/apache2/sites-available/default

NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webdav
<Directory /var/www/webdav>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

Restart Apache server

#/etc/init.d/apache2 reload

Configure The Virtual Host For WebDAV

Now we create the WebDAV password file /var/www/webdav/passwd.dav with the user test

#htpasswd -c /var/www/webdav/passwd.dav testnew

You will be asked to type in a password for the user testnew

Now we change the permissions of the /var/www/webdav/passwd.dav file so that only root and the members of the www-data group can access it

#chown root:www-data /var/www/webdav/passwd.dav

#chmod 640 /var/www/webdav/passwd.dav

Now we modify our vhost in /etc/apache2/sites-available/default and add the following lines to it

#vi /etc/apache2/sites-available/default

Alias /webdav /var/www/webdav

<Location /webdav>
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /var/www/webdav/passwd.dav
Require valid-user
</Location>

The Alias directive makes (together with <Location>) that when you call /webdav, WebDAV is invoked, but you can still access the whole document root of the vhost.

Reload Apache server

#/etc/init.d/apache2 reload

Testing your WebDAV

We will now install cadaver,cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations.

#apt-get install cadaver

To test if WebDAV works use the following command

#cadaver http://localhost/webdav/

You should be prompted for a user name. Type in test and then the password for the user testnew. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell.

Sponsored Link

 Posted by at 12:15 am
  • core

    Never, **never**, put password files under a web accesible directory.
    In this example, any user can take passwd.dav file via http request.
    Passwords for all users are not directly readable (there are “crypted”),
    but it’s easy to crack it using brute force and/or dictionary attack
    (and there are a lot of tools to do that out there).

    Safe place for that file could be /var/www/passwd.dav or even better (i
    think) /etc/apache2/passwd.dav

  • Fabrizio

    I agree with Core: *DON’T PUT passwd.dav UNDER BROWSABLE DIRECTORY*: use /etc/apache2/passwd.dav instead of.

  • http://www.bennyn.de/ Benny Neugebauer

    Wahoo! Very nice tutorial. Thank you! It worked for me. But I put the passwd.dav file to “/etc/apache2/” as Fabrizio has recommended. ;-)