style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You know, the more I think about =
this, the
more I think you could try to get closer to implement what you =
want.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>The example below uses LimitExcept, =
I
think you could further restrict it by the WebDAV properties…yes, =
it
looks like you can as described by the HTTP methods listed for LIMIT:
href=3D"http://httpd.apache.org/docs/2.2/mod/core.html#limit ">http://http=
d.apache.org/docs/2.2/mod/core.html#limit
>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>So you could try to add something =
like
this to allow Group Y to COPY…
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> <LimitExcept PUT DELETE =
size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'>MKCOL
ont
size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'>
face=3DArial>MOVE
=
face=3DArial>LOCK
=
face=3DArial>
style=3D'font-family:Arial'>UNLOCK
color=3Dnavy>
style=3D'color:navy'>>=
o:p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> Require group =
X
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> =
</LimitExcept>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> <LimitExcept COPY GET =
POST HEAD
OPTIONS>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> Require group X =
Y
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> =
</LimitExcept>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You could try to experiment =
multiple
<LIMIT> or <LIMITEXCEPT> directives to get what you need and =
see if
Apache can handle that. You could also leave off the later =
directive to allow
unauthenticated HTTP COPYs, GETs, etc.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Try it out, I’d expect that =
Apache
1.x couldn’t handle this, but 2.2.x =
might.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
Roman">
style=3D'font-size:12.0pt;color:navy'>--Mark =
style=3D'font-size:10.0pt;
color:navy'>Mark Lavi,
w:st=3D"on">Enterprise Web Management Team @ =
SGI
size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707
size=3D3
face=3D"Times New Roman">
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]
Sent: Wednesday, November =
29, 2006
12:50 PM
To:
w:st=3D"on">users@httpd.apache.org
Subject: RE: =
[users@httpd]
Limiting COPY method for WebDAV to one =
direction
style=3D'font-size:
12.0pt'>
style=3D'font-size:
12.0pt'>Mark, thank for the clues. I guess I will need to tinker with =
OS-level
file permissions to solve this. I was hoping for a pure-Apache solution, =
and am
a bit disappointed with the granularity of control over COPY operations. =
But I
can work around the issue using file level permissions.
Thanks for the clue.
Mark Lavi
<mlavi@sgi.com> wrote:
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City">
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"place">Ah, you’ve =
changed
the scope of your question.
face=3DWingdings>
style=3D'font-size:10.0pt;font-family:Wingdings;color:navy'> J
t>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>So long as you leverage an Apache
authorization module with user and group permissions, I would think you =
could
control permissions on who can do what per directory easily, but for =
this
solution, you would not give both groups WebDAV =
access.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>One group (read only) could browse =
the web
server and download contents of the autogenerated directory while the =
other
group would be authenticated to have WebDAV privileges. It’s =
simpler to
manage and granular to the directory, but not exactly what you are =
asking for
because not both groups are given WebDAV permissions. So the read only =
group
could not do a select all files to download, much like a network drive
operation, unless they used some sort of browser =
enhancement.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Configuration would be something =
like
(I’m doing this off the top of my head for illustration, please
don’t expect to cut and paste this without syntax correction and
adaptation for your =
situation):
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><Directory
"/www/docroot/projects/X">=
o:p>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> Options =
Indexes
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> AllowOverride =
None
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> AuthType =
Basic
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> AuthName "Only group X =
can
publish!"
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> AuthUserFile
/home/www/acl/htpasswdfile
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> AuthGroupFile
/home/www/acl/groupfile
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> DAV =
On
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> <LimitExcept GET HEAD =
OPTIONS>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> Require group =
X
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> =
</LimitExcept>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </Directory>
>
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
Roman">
style=3D'font-size:12.0pt;color:navy'>--Mark =
style=3D'font-size:10.0pt;
color:navy'>Mark Lavi,
u4:st=3D"on">
w:st=3D"on">
w:st=3D"on">Enterprise=
size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'> Web Management Team @ =
SGI
size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707
size=3D3
face=3D"Times New Roman">
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]
Sent: Tuesday, November =
28, 2006
11:15 AM
To:
w:st=3D"on">users@httpd.apache.org
Subject: RE: =
[users@httpd]
Limiting COPY method for WebDAV to one =
direction
style=3D'font-size:
12.0pt'>
style=3D'font-size:
12.0pt'>Updating the permissions on the file system will work for =
folders which
are strictly read-only. But in a lot of cases, I want the folder to be =
readable
by group X and writable by group Y.
Mark Lavi
<mlavi@sgi.com> =
wrote:
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City">
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"place">
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PersonName">
>I
don’t know of an Apache/WebDAV solution off the top of my head for =
your
requirement, but it is probably easiest to address this from the =
filesystem:
change the permissions on the directory to be read =
only.
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>
p>
Roman">
style=3D'font-size:12.0pt;color:navy'>--Mark =
style=3D'font-size:10.0pt;
color:navy'>Mark Lavi,
u2:st=3D"on">
w:st=3D"on">
w:st=3D"on">Enterprise
:place> Web Management Team =
@
size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'> =
SGI
size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707<=
/pre>
size=3D3
face=3D"Times New Roman">
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]
Sent: Monday, November =
27, 2006
3:44 PM
To:
u2:st=3D"on">
w:st=3D"on">users@httpd.apache.org
Subject: [users@httpd] =
Limiting
COPY method for WebDAV to one direction
style=3D'font-size:
12.0pt'>
style=3D'font-size:10.0pt'>I am running WebDAV on my Apache 2.0.51 =
server on Fedora Core 2.
I would like to allow users =
to copy files _from_ a certain directory,
but not _into_ it. However, =
if I allow the COPY method (via a the
LimitExcept tag) then I =
am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means =
to control the direction of the copy
method.
Is there are way =
to
size=3D2 face=3D"Courier New"> =
configure this? It seems like a fairly basic
requirement: a read-only =
WebDAV folder which allows users to copy files into
their personal directories, =
with a direct HTTP COPY call.
- =
Todd
style=3D'font-size:
12.0pt'>
style=3D'font-size:
12.0pt'>
style=3D'font-size:
12.0pt'>
size=3D3
face=3D"Times New Roman">
style=3D'font-size:
12.0pt'>Everyone is raving about
href=3D"http://us.rd.yahoo.com/evt=3D45083/*http:/advision.w ebevents.yaho=
o.com/mailbeta">the
all-new Yahoo! Mail beta.
style=3D'font-size:
12.0pt'>
style=3D'font-size:12.0pt'>
size=3D3
face=3D"Times New Roman">
style=3D'font-size:
12.0pt'>Check out
href=3D"http://us.rd.yahoo.com/evt=3D43257/*http:/advision.w ebevents.yaho=
o.com/mailbeta">the
all-new Yahoo! Mail beta - Fire up a more powerful email and get =
things
done faster.