Ciao a tutti,
Sto facendo molta fatica ad abilitare le quote per WEBDAV.Adesso credo di aver trovato un buon link (da un sito giapponese !)
la documentazione che ho trovato è la seguente:
Purtroppo già al secondo comando "setcap" mi blocco ...
mod_dav_fs_diskquota for Apache 2.2
by Akira YOSHIYAMA <yosshy@debian.or.jp>, April 18, 2008
ABOUT
-----
mod_dav_fs_diskquota is a derived work of mod_dav_fs in Apache 2.2.8.
When it creates files/directories, it changes their owner for OS user
account that has same name of the web-authorized user, so OS disk
quota works fine for WebDAV contents.
BASIC IDEA
----------
mod_dav_fs_diskquota makes new files/directories:
owner: OS user account (= same name of Web authorized account)
group: Apache group account
mode: user=readable/writable, group=readable/writable
The owner of them is an user account, so amount of them is limited by
OS disk quota. Apache can treat them with group permission. To change
files/directories owner, we need to:
1.Give CAP_NET_BIND_SERVICE and CAP_CHOWN capability to Apache.
2.Run Apache as non-root account from beginning. (otherwise, Apache
process changes its UID as apache user and it drops above
capabilities.)
LICENSE
-------
mod_dav_fs_diskquota has Apache license. See each file for details.
INSTALL and RUN
---------------
1.Give CAP_NET_BIND_SERVICE and CAP_CHOWN capability to the Apache.
I tested this with file POSIX capability on Linux 2.6.25 (Fedora 8/9).
# chown apache.apache /usr/sbin/httpd
# setcap cap_net_bind_service,cap_chown=ep /usr/sbin/httpd
2.Modify these parameters in Makefile for your software environment.
top_srcdir=/usr/share/apache2
top_builddir=/usr/share/apache2
include /usr/share/apache2/build/special.mk
APXS=apxs2
APACHECTL=apache2ctl
3.Type below:
make
su
make install
4.Stop httpd.
Debian: /etc/init.d/apache2 stop
Fedora: /etc/init.d/httpd stop
5.Change owner of some directories/files as the Apache account.
(Debian)
chown -R www-data.www-data /var/lib/apache2/
chown -R www-data.www-data /var/log/apache2/
chown -R www-data.www-data /var/run/apache2/
mkdir /var/www/dav
chown www-data.www-data /var/www/dav
chmod 770 /var/www/dav
(Fedora)
chown -R apache.apache /var/log/httpd/
mkdir /var/run/httpd
chown -R apache.apache /var/run/httpd/
mkdir /var/www/dav
chown apache.apache /var/www/dav
chmod 770 /var/www/dav
echo "PIDFILE=/var/run/httpd/httpd.pid" >> /etc/sysconfig/httpd
6.Modify apache configuration file.
(Debian)
before: PidFile /var/run/apache2.pid
after: PidFile /var/run/apache2/apache2.pid
(Fedora)
before: PidFile run/httpd.pid
after: PidFile run/httpd/httpd.pid
(Debian: /etc/apache2/mods-enabled/dav_fs.load)
before: LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so
after: LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs_diskquota.so
(Fedora)
before: LoadModule dav_fs_module modules/mod_dav_fs.so
after: LoadModule dav_fs_module modules/mod_dav_fs_diskquota.so
and add dav configuration like below:
---
Alias /dav/ "/var/www/dav/"
<Directory "/var/www/dav/">
DAV on
AuthType Basic
AuthUserFile /etc/apache2/htpasswd
AuthName "WebDAV folder"
satisfy any
require valid-user
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
---
7.If you want to create /etc/apache2/htpasswd file, type below:
Debian: htpasswd2 -c /etc/passwd2/htpasswd <account>
Fedora: htpasswd -c /etc/passwd2/htpasswd <account>
<accout> must be same name of OS account.
8.Modify rc file for Apache.
(Debian: /etc/init.d/apache2)
before: $APACHE2CTL startssl
after: su www-data -c "$APACHE2CTL startssl"
(Fedora: /etc/init.d/httpd)
before: daemon $httpd $OPTIONS
after: daemon --user=apache $httpd $OPTIONS
9.Just run Apache.
Debian: /etc/init.d/apache2 start
Fedora: /etc/init.d/httpd start
10.Test it.
11.Enjoy it :-).
12.Consider security.
This approach has a security hole with chown.
Make apache do chown only under WebDAV directory with SELinux or so.
CHANGLOG
--------
Apr 18, 2008 updated for Apache 2.2.
Mar 15, 2006 initial release.
Rispondi quotando