Objectives:Create a webdav share on a SME 6.0.1 box
Control access to the webdav share using the SME user accounts database
Allow normal browser access (after authentication) for file download
Procedure:1. Install and configure mod_dav using How to install mod_dav written by Laurent Dinclaux.2. Check the version of Apache on your system and upgrade if necessary[
root@sme root]# httpd -v
Server version: Apache/1.3.35 ( [NORLUG Edition] Red Hat Linux )
Server built: May 8 2006 08:16:16
If your Apache version is 1.3.31 you should update (In the example above the version is 1.3.35).
You can update by running the entire smeplus.sh script from
SME6.0.1Contribs (except that 6.0.1 doesn't see much development any more, so this script may be out of date!) or you can update Apache using the commands listed below (note that this is simply the Apache update section of smeplus.sh modified to use the current versions of the Apache RPMS...)
mkdir -p /root/plus/apache
cd /root/plus/apache
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/db4-4.0.14-4.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/python2.3-2.3.5-1.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/mod_ssl-2.8.26-1.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/apache-1.3.35-1.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/apache-devel-1.3.35-1.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://mirror.datapipe.net/norlug/redhat-7.3/RPMS/apache-manual-1.3.35-1.norlug.i386.rpm' -a /root/plus/plus.log
wget -nc -nd -S 'http://download.fedoralegacy.org/redhat/7.3/os/i386/compat-glibc-6.2-2.1.3.2.i386.rpm' -a /root/plus/plus.log
echo -n "."
cd /root/plus/apache
rpm -Uvh *.rpm3. Create a custom template to control webdav directory access rights
pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/96AddSecureIbayFolder
Note: In the following example, I have used Laurent Dinclaux's procedure, and have created a webdav Ibay named "webshare". Replace "webshare" below the the name you have chosen for your webdav ibay.Add the following content to 96AddSecureIbayFolder:
<Directory /home/e-smith/files/ibays/Primary/html>
AuthName "anything-you-like"
Require valid-user
</Directory>
<Directory /home/e-smith/files/ibays/webshare/html/ >
Options +Indexes
IndexOptions FancyIndexing IconsAreLinks
AuthType Basic
AuthExternal pwauth
AuthName "Webshare"
AllowOverride None
order allow,deny
allow from all
Require valid-user
</Directory>In my case I have also added the section below to the same file, in order to restrict access the the "Admin" folder within my webdav ibay to the two users listed:
<Directory /home/e-smith/files/ibays/webshare/html/Admin >
Options +Indexes
IndexOptions FancyIndexing IconsAreLinks
AuthType Basic
AuthExternal pwauth
AuthName "Admin"
order allow,deny
allow from all
AllowOverride None
Require user mmccarn smoore
</Directory>4. Expand the template and restart the httpd server:[root@sme root]# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
[root@sme root]# /etc/e-smith/events/actions/restart-httpd-fullNotes & Explanations96AddSecureIbayFolder: This template is named "96AddSecureIbayFolder" in order to force the template expansion process to put these directives at the end of /etc/httpd/conf/httpd.conf. Thus, these settings will override all other settings for these directories.
Primary Ibay: The first <Directory> section is included solely to override the default "Authname" and "Require" values for the Primary I-Bay. I found on my system that until I did this I was prompted to login to "Primary I-bay" whenever I entered a new directory within my webdav share. That is, I was able to access "webshare" using Microsoft's Web Folders, I could *create* a new directory, but when I tried to browse the new directory I would be prompted to login to "Primary I-bay". I could press <Cancel> at this login prompt and proceed with no problems, but thought that would be confusing to my end users!
<Directory ....>: Each <Directory...> section indicates the absolute path to the directory you wish to control
Options +Indexes: instructs Apache to build dynamic directories of any folder that doesn't already contain "index.html" (or another of the default index files for your server).
IndexOptions FancyIndexing IconsAreLinks: Allow users to sort the autoindex file listing by file size or access date, and allow them to open (download) files by clicking on the icons to the left of each filename
AuthType Basic: Use Apache's "Basic Authentication" method
AuthExternal pwauth: Use the external "pwauth" process for authenticating users. "pwauth" is defined by default on SME 6.0.1 to refer authentication requests to the SME user database
AuthName "Webshare": causes the login prompt to ask for a username and password for "Webshare"
order allow, deny: I don't know how this applies to us
allow from all: I don't know how this applies to us
AllowOverride None: This tells Apache to ignore .htaccess files (if there are any)
Require user username-a username-b: Tells Apache to require that one of the listed users successfully authenticates before allowing access to this <Directory>
Require valid-user: Tells Apache to allow access for any user that can successfully authenticate.[/list]