Limiting COPY method for WebDAV to one direction

Limiting COPY method for WebDAV to one direction

am 28.11.2006 00:44:28 von Todd Hivnor

--0-1607274707-1164671068=:84621
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.

I would like to allow users to copy files _from_ a certain directory,
but not _into_ it. However, if I allow the COPY method (via a the
LimitExcept tag) then I am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means to control the direction of the copy
method.

Is there are way to configure this? It seems like a fairly basic
requirement: a read-only WebDAV folder which allows users to copy files into
their personal directories, with a direct HTTP COPY call.

- Todd


---------------------------------
Access over 1 million songs - Yahoo! Music Unlimited.
--0-1607274707-1164671068=:84621
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2. 

I would like to allow users to copy files _from_ a certain directory,
but not _into_ it. However, if I allow the COPY method (via a the
LimitExcept tag) then I am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means to control the direction of the copy
method.

Is there are way to configure this? It seems like a fairly basic
requirement: a read-only WebDAV folder which allows users to copy files into
their personal directories, with a direct HTTP COPY call.

- Todd




Access over 1 million songs -
--0-1607274707-1164671068=:84621--

RE: Limiting COPY method for WebDAV to one direction

am 28.11.2006 00:48:08 von Mark Lavi

------_=_NextPart_001_01C7127E.7DB4CF90
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I don't know of an Apache/WebDAV solution off the top of my head for
your requirement, but it is probably easiest to address this from the
filesystem: change the permissions on the directory to be read only.

=20

--Mark=20

Mark Lavi, Enterprise Web Management Team @ SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction

=20

I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.=20



I would like to allow users to copy files _from_ a certain directory,=20

but not _into_ it. However, if I allow the COPY method (via a the=20

LimitExcept tag) then I am allowing copy _from_ and copy _to_. There
doesn't=20

seem to be able to any means to control the direction of the copy=20

method.=20



Is there are way to configure this? It seems like a fairly basic=20

requirement: a read-only WebDAV folder which allows users to copy files
into=20

their personal directories, with a direct HTTP COPY call.=20



- Todd

=20

________________________________

Access over 1 million songs - Yahoo! Music Unlimited.
o
..com/unlimited/>=20


------_=_NextPart_001_01C7127E.7DB4CF90
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"/>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>I don’t know of an =
Apache/WebDAV
solution off the top of my head for your requirement, but it is probably
easiest to address this from the filesystem: change the permissions on =
the
directory to be read only.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 





Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =




style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, w:st=3D"on">Enterprise Web Management Team @ =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707




size=3D3
face=3D"Times New Roman">






style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Monday, November =
27, 2006
3:44 PM

To: w:st=3D"on">users@httpd.apache.org

Subject: [users@httpd] =
Limiting
COPY method for WebDAV to one direction





style=3D'font-size:
12.0pt'> 




style=3D'font-size:10.0pt'>I am running WebDAV on my Apache 2.0.51 =
server on Fedora Core 2.




I would like to allow users to copy files =
_from_ a certain directory,


but not _into_ it. However, if I allow =
the COPY method (via a the


LimitExcept tag)  then I am allowing =
copy _from_ and copy _to_. There doesn't


seem to be able to any means to control =
the direction of the copy


method.



Is there are way to configure this? It =
seems like a fairly basic


requirement: a read-only WebDAV folder =
which allows users to copy files into


their personal directories, with a direct =
HTTP COPY call.




 - Todd


style=3D'font-size:12.0pt'> 



size=3D3
face=3D"Times New Roman">






style=3D'font-size:
12.0pt'>Access over 1 million songs - href=3D"http://pa.yahoo.com/*http:/us.rd.yahoo.com/evt=3D360 35/*http:/mus=
ic.yahoo.com/unlimited/">Yahoo!
Music Unlimited.









------_=_NextPart_001_01C7127E.7DB4CF90--

RE: Limiting COPY method for WebDAV to one direction

am 28.11.2006 20:15:15 von Todd Hivnor

--0-1252190581-1164741315=:96397
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Updating the permissions on the file system will work for folders which are strictly read-only. But in a lot of cases, I want the folder to be readable by group X and writable by group Y.



Mark Lavi wrote: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} st1\:*{behavior:url(#default#ieooui) } I don’t know of an Apache/WebDAV solution off the top of my head for your requirement, but it is probably easiest to address this from the filesystem: change the permissions on the directory to be read only.

--Mark

Mark Lavi, Enterprise Web Management Team @ SGI

mailto:mlavi@sgi.com || phone:+1-650-933-7707


---------------------------------

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction



I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.

I would like to allow users to copy files _from_ a certain directory,
but not _into_ it. However, if I allow the COPY method (via a the
LimitExcept tag) then I am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means to control the direction of the copy
method.

Is there are way to configure this? It seems like a fairly basic
requirement: a read-only WebDAV folder which allows users to copy files into
their personal directories, with a direct HTTP COPY call.

- Todd






---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
--0-1252190581-1164741315=:96397
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Updating the permissions on the file system will work for folders which are strictly read-only. But in a lot of cases, I want the folder to be readable by group X and writable by group Y.



Mark Lavi <mlavi@sgi.com> wrote:

uri="urn:schemas-microsoft-com:office:smarttags" name="PersonName">
I don’t know of an Apache/WebDAV solution off the top of my head for your requirement, but it is probably easiest to address this from the filesystem: change the permissions on the directory to be read only.
 
--Mark
Mark Lavi, Enterprise Web Management Team @
SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.a
pache.org

Subject:
[users@httpd] Limiting COPY method for WebDAV to one direction
 
I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2. 

I would like to allow users to copy files _from_ a certain directory,
but not _into_ it. However, if I allow the COPY method (via a the
LimitExcept tag)  then I am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means to control the direction of the copy
>method.

Is there are way to
configure this? It seems like a fairly basic

requirement: a read-only WebDAV folder which allows users to copy files into
their personal directories, with a direct HTTP COPY call.

 - Todd





Everyone is raving about
--0-1252190581-1164741315=:96397--

RE: Limiting COPY method for WebDAV to one direction

am 28.11.2006 22:03:26 von Mark Lavi

------_=_NextPart_001_01C71330.A5A8F703
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Ah, you've changed the scope of your question. :-)

=20

So long as you leverage an Apache authorization module with user and
group permissions, I would think you could control permissions on who
can do what per directory easily, but for this solution, you would not
give both groups WebDAV access.

=20

One group (read only) could browse the web server and download contents
of the autogenerated directory while the other group would be
authenticated to have WebDAV privileges. It's simpler to manage and
granular to the directory, but not exactly what you are asking for
because not both groups are given WebDAV permissions. So the read only
group could not do a select all files to download, much like a network
drive operation, unless they used some sort of browser enhancement.

=20

Configuration would be something like (I'm doing this off the top of my
head for illustration, please don't expect to cut and paste this without
syntax correction and adaptation for your situation):

=20



Options Indexes

AllowOverride None

AuthType Basic

AuthName "Only group X can publish!"

AuthUserFile /home/www/acl/htpasswdfile

AuthGroupFile /home/www/acl/groupfile

DAV On



Require group X





=20

--Mark=20

Mark Lavi, Enterprise Web Management Team @ SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Tuesday, November 28, 2006 11:15 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Limiting COPY method for WebDAV to one
direction

=20

Updating the permissions on the file system will work for folders which
are strictly read-only. But in a lot of cases, I want the folder to be
readable by group X and writable by group Y.=20



Mark Lavi wrote:

I don't know of an Apache/WebDAV solution off the top of my head for
your requirement, but it is probably easiest to address this from the
filesystem: change the permissions on the directory to be read only.

=20

--Mark=20

Mark Lavi, Enterprise Web Management Team @
SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction

=20

I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.=20

=20

I would like to allow users to copy files _from_ a certain directory,=20

but not _into_ it. However, if I allow the COPY method (via a the=20

LimitExcept tag) then I am allowing copy _from_ and copy _to_. There
doesn't=20

seem to be able to any means to control the direction of the copy=20

method.=20

=20

Is there are way to
configure this? It seems like a fairly basic=20

requirement: a read-only WebDAV folder which allows users to copy files
into=20

their personal directories, with a direct HTTP COPY call.=20

=20

- Todd





=20

=20

________________________________

Everyone is raving about the all-new Yahoo! Mail beta.
a
ilbeta>=20


------_=_NextPart_001_01C71330.A5A8F703
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"/>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ah, you’ve changed the scope =
of your
question.
face=3DWingdings> style=3D'font-size:10.0pt;font-family:Wingdings;color:navy'> J t> size=3D2 color=3Dnavy face=3DArial> style=3D'font-size:10.0pt;font-family:Arial;
color:navy'>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>So long as you leverage an Apache =
authorization
module with user and group permissions, I would think you could control
permissions on who can do what per directory easily, but for this =
solution, you
would not give both groups WebDAV access.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>One group (read only) could browse =
the web
server and download contents of the autogenerated directory while the =
other
group would be authenticated to have WebDAV privileges. It’s =
simpler to
manage and granular to the directory, but not exactly what you are =
asking for
because not both groups are given WebDAV permissions. So the read only =
group
could not do a select all files to download, much like a network drive
operation, unless they used some sort of browser =
enhancement.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Configuration would be something =
like (I’m
doing this off the top of my head for illustration, please don’t =
expect
to cut and paste this without syntax correction and adaptation for your
situation):



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><Directory =
"/www/docroot/projects/X">



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  Options =
Indexes



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AllowOverride =
None



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthType =
Basic



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthName "Only group X =
can
publish!"



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthUserFile =
/home/www/acl/htpasswdfile



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthGroupFile =
/home/www/acl/groupfile



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  DAV =
On



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  <LimitExcept GET HEAD
OPTIONS>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>   Require group =
X



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  =
</LimitExcept>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </Directory><=
/span>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 





Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =




style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, w:st=3D"on">Enterprise Web Management Team @ =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707




size=3D3
face=3D"Times New Roman">






style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Tuesday, November =
28, 2006
11:15 AM

To: =
users@httpd.apache.org

Subject: RE: =
[users@httpd]
Limiting COPY method for WebDAV to one =
direction





style=3D'font-size:
12.0pt'> 



style=3D'font-size:
12.0pt'>Updating the permissions on the file system will work for =
folders which
are strictly read-only. But in a lot of cases, I want the folder to be =
readable
by group X and writable by group Y.







Mark Lavi
<mlavi@sgi.com>
wrote:





style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"place"> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PersonName">
>I
don’t know of an Apache/WebDAV solution off the top of my head for =
your
requirement, but it is probably easiest to address this from the =
filesystem:
change the permissions on the directory to be read =
only.







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>









Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =






style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, u2:st=3D"on"> w:st=3D"on"> w:st=3D"on">Enterprise Web =
Management Team @

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'> =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707




size=3D3
face=3D"Times New Roman">








style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Monday, November =
27, 2006
3:44 PM

To: u2:st=3D"on">users@httpd.apache.org

Subject: [users@httpd] =
Limiting
COPY method for WebDAV to one direction









style=3D'font-size:
12.0pt'> 






style=3D'font-size:10.0pt'>I am running WebDAV on my Apache 2.0.51 =
server on Fedora Core 2.


 

 I would like to allow users to copy =
files _from_ a certain directory,


 but not _into_ it. However, if I =
allow the COPY method (via a the


 LimitExcept tag)  then I am =
allowing copy _from_ and copy _to_. There doesn't


 seem to be able to any means to =
control the direction of the copy


 method.

 

 Is there are way =
to

size=3D2 face=3D"Courier New"> =
configure this? It seems like a fairly basic


 requirement: a read-only WebDAV =
folder which allows users to copy files into


 their personal directories, with a =
direct HTTP COPY call.


 

  - =
Todd




style=3D'font-size:
12.0pt'>









style=3D'font-size:
12.0pt'> 



style=3D'font-size:12.0pt'> 



size=3D3
face=3D"Times New Roman">






style=3D'font-size:
12.0pt'>Everyone is raving about href=3D"http://us.rd.yahoo.com/evt=3D45083/*http:/advision.w ebevents.yaho=
o.com/mailbeta">the
all-new Yahoo! Mail beta.









------_=_NextPart_001_01C71330.A5A8F703--

RE: Limiting COPY method for WebDAV to one direction

am 29.11.2006 21:50:27 von Todd Hivnor

--0-721158456-1164833427=:52124
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Mark, thank for the clues. I guess I will need to tinker with OS-level file permissions to solve this. I was hoping for a pure-Apache solution, and am a bit disappointed with the granularity of control over COPY operations. But I can work around the issue using file level permissions.

Thanks for the clue.


Mark Lavi wrote: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} st1\:*{behavior:url(#default#ieooui) } Ah, you’ve changed the scope of your question. J

So long as you leverage an Apache authorization module with user and group permissions, I would think you could control permissions on who can do what per directory easily, but for this solution, you would not give both groups WebDAV access.

One group (read only) could browse the web server and download contents of the autogenerated directory while the other group would be authenticated to have WebDAV privileges. It’s simpler to manage and granular to the directory, but not exactly what you are asking for because not both groups are given WebDAV permissions. So the read only group could not do a select all files to download, much like a network drive operation, unless they used some sort of browser enhancement.

Configuration would be something like (I’m doing this off the top of my head for illustration, please don’t expect to cut and paste this without syntax correction and adaptation for your situation):


Options Indexes
AllowOverride None
AuthType Basic
AuthName "Only group X can publish!"
AuthUserFile /home/www/acl/htpasswdfile
AuthGroupFile /home/www/acl/groupfile
DAV On

Require group X



--Mark

Mark Lavi, Enterprise Web Management Team @ SGI

mailto:mlavi@sgi.com || phone:+1-650-933-7707


---------------------------------

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]
Sent: Tuesday, November 28, 2006 11:15 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Limiting COPY method for WebDAV to one direction


Updating the permissions on the file system will work for folders which are strictly read-only. But in a lot of cases, I want the folder to be readable by group X and writable by group Y.



Mark Lavi wrote:
I don’t know of an Apache/WebDAV solution off the top of my head for your requirement, but it is probably easiest to address this from the filesystem: change the permissions on the directory to be read only.



--Mark


Mark Lavi, Enterprise Web Management Team @

SGI

mailto:mlavi@sgi.com || phone:+1-650-933-7707


---------------------------------

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction





I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.

I would like to allow users to copy files _from_ a certain directory,
but not _into_ it. However, if I allow the COPY method (via a the
LimitExcept tag) then I am allowing copy _from_ and copy _to_. There doesn't
seem to be able to any means to control the direction of the copy
method.

Is there are way to

configure this? It seems like a fairly basic
requirement: a read-only WebDAV folder which allows users to copy files into
their personal directories, with a direct HTTP COPY call.

- Todd







---------------------------------

Everyone is raving about the all-new Yahoo! Mail beta.




---------------------------------
Check out the all-new Yahoo! Mail beta - Fire up a more powerful email and get things done faster.
--0-721158456-1164833427=:52124
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Mark, thank for the clues. I guess I will need to tinker with OS-level file permissions to solve this. I was hoping for a pure-Apache solution, and am a bit disappointed with the granularity of control over COPY operations. But I can work around the issue using file level permissions.

Thanks for the clue.


Mark Lavi <mlavi@sgi.com> wrote:

="City"> name="place">
Ah, you’ve changed the scope of your question. J ="Arial" size="2">
 
So long as you leverage an Apache authorization module with user and group permissions, I would think you could control permissions on who can do what per directory easily, but for this solution, you would not give both groups WebDAV access.
 
One group (read only) could browse the web server and download contents of the
autogenerated directory while the other group would be authenticated to have WebDAV privileges. It’s simpler to manage and granular to the directory, but not exactly what you are asking for because not both groups are given WebDAV permissions. So the read only group could not do a select all files to download, much like a network drive operation, unless they used some sort of browser enhancement.
 
Configuration would be something like (I’m doing this off the top of my head for illustration, please don’t expect to cut and paste this without syntax correction and adapt
ation for your situation):
color="navy" face="Arial" size="2"> 
<Directory "/www/docroot/projects/X">
  Options Indexes
  AllowOverride None
  AuthType Basic
lass="MsoNormal">  AuthName "Only group X can publish!"
  AuthUserFile /home/www/acl/htpasswdfile
  AuthGroupFile /home/www/acl/groupfile
  DAV On
  <LimitExcept GET HEAD OPTIONS>

   Require group X
  </LimitExcept>
 </Directory>
 
--Mark
Mark Lavi, Enterprise
Web Management Team @ SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]
Sent: Tuesday, November 28, 2006 11:15 AM
To: users@httpd.apa
che.org
Subject: RE: [users@httpd]
Limiting COPY method for WebDAV to one direction
 
Updating the permissions on the file system will work for folders which are strictly read-only. But in a lot of cases, I want the folder to be readable by group X and writable by group Y.



Mark Lavi <mlavi@sgi.com> wrote:
Type namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place">
I don’t know of an Apache/WebDAV solution off the top of my head for your requirement, but it is probably easiest to address this from the filesystem: change the permissions on the directory to be read only.
 
--Mark
Mark Lavi, 
 w:st="on">Enterprise Web Management Team @
 SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707

From: Todd Hivnor [mailto:spambox_98103@yahoo.com]

Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction
 
I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2. 
 
 I would like to allow users to copy files _from_ a certain directory,
 but not _into_ i
t. However, if I allow the COPY method (via a the

  face="Courier New">LimitExcept tag)  then I am allowing copy _from_ and copy _to_. There doesn't
 seem to be able to any means to control the direction of the copy
 method.
 
 Is there are way to
 configure this? It seems like a fairly basic 
 requirement: a read-only WebDAV folder which allows users to copy files into
 their personal directories, with a direct HTTP COPY call.
 
  - Todd



 
 

Everyone is raving about




Check out - Fire up a more powerful email and get things done faster.
--0-721158456-1164833427=:52124--

RE: Limiting COPY method for WebDAV to one direction

am 30.11.2006 04:18:17 von Mark Lavi

------_=_NextPart_001_01C7142E.2DFE2185
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

You know, the more I think about this, the more I think you could try to
get closer to implement what you want.

=20

The example below uses LimitExcept, I think you could further restrict
it by the WebDAV properties...yes, it looks like you can as described by
the HTTP methods listed for LIMIT:
http://httpd.apache.org/docs/2.2/mod/core.html#limit

=20

So you could try to add something like this to allow Group Y to COPY...

=20



Require group X





Require group X Y



=20

You could try to experiment multiple or directives
to get what you need and see if Apache can handle that. You could also
leave off the later directive to allow unauthenticated HTTP COPYs, GETs,
etc.

=20

Try it out, I'd expect that Apache 1.x couldn't handle this, but 2.2.x
might.

=20

--Mark=20

Mark Lavi, Enterprise Web Management Team @ SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Wednesday, November 29, 2006 12:50 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Limiting COPY method for WebDAV to one
direction

=20

Mark, thank for the clues. I guess I will need to tinker with OS-level
file permissions to solve this. I was hoping for a pure-Apache solution,
and am a bit disappointed with the granularity of control over COPY
operations. But I can work around the issue using file level
permissions.=20

Thanks for the clue.


Mark Lavi wrote:

Ah, you've changed the scope of your question. :-)

=20

So long as you leverage an Apache authorization module with user and
group permissions, I would think you could control permissions on who
can do what per directory easily, but for this solution, you would not
give both groups WebDAV access.

=20

One group (read only) could browse the web server and download contents
of the autogenerated directory while the other group would be
authenticated to have WebDAV privileges. It's simpler to manage and
granular to the directory, but not exactly what you are asking for
because not both groups are given WebDAV permissions. So the read only
group could not do a select all files to download, much like a network
drive operation, unless they used some sort of browser enhancement.

=20

Configuration would be something like (I'm doing this off the top of my
head for illustration, please don't expect to cut and paste this without
syntax correction and adaptation for your situation):

=20



Options Indexes

AllowOverride None

AuthType Basic

AuthName "Only group X can publish!"

AuthUserFile /home/www/acl/htpasswdfile

AuthGroupFile /home/www/acl/groupfile

DAV On



Require group X





=20

--Mark=20

Mark Lavi, Enterprise
Web Management Team @ SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Tuesday, November 28, 2006 11:15 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Limiting COPY method for WebDAV to one
direction

=20

Updating the permissions on the file system will work for folders which
are strictly read-only. But in a lot of cases, I want the folder to be
readable by group X and writable by group Y.=20



Mark Lavi wrote:

I don't know of an Apache/WebDAV solution off the top of my head for
your requirement, but it is probably easiest to address this from the
filesystem: change the permissions on the directory to be read only.

=20

--Mark=20

Mark Lavi, Enterprise Web Management Team @
SGI
mailto:mlavi@sgi.com || phone:+1-650-933-7707
________________________________


From: Todd Hivnor [mailto:spambox_98103@yahoo.com]=20
Sent: Monday, November 27, 2006 3:44 PM
To: users@httpd.apache.org
Subject: [users@httpd] Limiting COPY method for WebDAV to one direction

=20

I am running WebDAV on my Apache 2.0.51 server on Fedora Core 2.=20

=20

I would like to allow users to copy files _from_ a certain directory,=20

but not _into_ it. However, if I allow the COPY method (via a the=20

LimitExcept tag) then I am allowing copy _from_ and copy _to_. There
doesn't=20

seem to be able to any means to control the direction of the copy=20

method.=20

=20

Is there are way to
configure this? It seems like a fairly basic=20

requirement: a read-only WebDAV folder which allows users to copy
files into=20

their personal directories, with a direct HTTP COPY call.=20

=20

- Todd






=20

=20

________________________________

Everyone is raving about the all-new Yahoo! Mail beta.
a
ilbeta>=20

=20

=20

________________________________

Check out the all-new Yahoo! Mail beta
a
ilbeta> - Fire up a more powerful email and get things done faster.


------_=_NextPart_001_01C7142E.2DFE2185
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"/>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You know, the more I think about =
this, the
more I think you could try to get closer to implement what you =
want.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>The example below uses LimitExcept, =
I
think you could further restrict it by the WebDAV properties…yes, =
it
looks like you can as described by the HTTP methods listed for LIMIT: href=3D"http://httpd.apache.org/docs/2.2/mod/core.html#limit ">http://http=
d.apache.org/docs/2.2/mod/core.html#limit
>

style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>So you could try to add something =
like
this to allow Group Y to COPY…



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  <LimitExcept PUT DELETE =
size=3D2 face=3DArial> style=3D'font-size:10.0pt;font-family:Arial'>MKCOL ont
size=3D2 face=3DArial> style=3D'font-size:10.0pt;font-family:Arial'> face=3DArial>MOVE =
face=3DArial>LOCK =
face=3DArial> style=3D'font-family:Arial'>UNLOCK color=3Dnavy> style=3D'color:navy'>>
o:p>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>   Require group =
X



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  =
</LimitExcept>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  <LimitExcept COPY GET =
POST HEAD
OPTIONS>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>   Require group X =
Y



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  =
</LimitExcept>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You could try to experiment =
multiple
<LIMIT> or <LIMITEXCEPT> directives to get what you need and =
see if
Apache can handle that.  You could also leave off the later =
directive to allow
unauthenticated HTTP COPYs, GETs, etc.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Try it out, I’d expect that =
Apache
1.x couldn’t handle this, but 2.2.x =
might.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 





Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =




style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, w:st=3D"on">Enterprise Web Management Team @ =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707




size=3D3
face=3D"Times New Roman">






style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Wednesday, November =
29, 2006
12:50 PM

To: w:st=3D"on">users@httpd.apache.org

Subject: RE: =
[users@httpd]
Limiting COPY method for WebDAV to one =
direction





style=3D'font-size:
12.0pt'> 



style=3D'font-size:
12.0pt'>Mark, thank for the clues. I guess I will need to tinker with =
OS-level
file permissions to solve this. I was hoping for a pure-Apache solution, =
and am
a bit disappointed with the granularity of control over COPY operations. =
But I
can work around the issue using file level permissions.



Thanks for the clue.





Mark Lavi
<mlavi@sgi.com>
wrote:





style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"place">
Ah, you’ve =
changed
the scope of your question.
face=3DWingdings> style=3D'font-size:10.0pt;font-family:Wingdings;color:navy'> J t>









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>So long as you leverage an Apache
authorization module with user and group permissions, I would think you =
could
control permissions on who can do what per directory easily, but for =
this
solution, you would not give both groups WebDAV =
access.







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>One group (read only) could browse =
the web
server and download contents of the autogenerated directory while the =
other
group would be authenticated to have WebDAV privileges. It’s =
simpler to
manage and granular to the directory, but not exactly what you are =
asking for
because not both groups are given WebDAV permissions. So the read only =
group
could not do a select all files to download, much like a network drive
operation, unless they used some sort of browser =
enhancement.







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Configuration would be something =
like
(I’m doing this off the top of my head for illustration, please
don’t expect to cut and paste this without syntax correction and
adaptation for your =
situation):







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><Directory
"/www/docroot/projects/X">
o:p>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  Options =
Indexes







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AllowOverride =
None







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthType =
Basic







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthName "Only group X =
can
publish!"







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthUserFile
/home/www/acl/htpasswdfile







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  AuthGroupFile
/home/www/acl/groupfile







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  DAV =
On







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  <LimitExcept GET HEAD =
OPTIONS>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>   Require group =
X







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>  =
</LimitExcept>







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </Directory> >







style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>









Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =






style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, u4:st=3D"on"> w:st=3D"on"> w:st=3D"on">Enterprise=

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'> Web Management Team @ =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707




size=3D3
face=3D"Times New Roman">








style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Tuesday, November =
28, 2006
11:15 AM

To: w:st=3D"on">users@httpd.apache.org

Subject: RE: =
[users@httpd]
Limiting COPY method for WebDAV to one =
direction









style=3D'font-size:
12.0pt'> 







style=3D'font-size:
12.0pt'>Updating the permissions on the file system will work for =
folders which
are strictly read-only. But in a lot of cases, I want the folder to be =
readable
by group X and writable by group Y.







Mark Lavi
<mlavi@sgi.com>
=
wrote:









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"City"> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"place"> namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PersonName">
>I
don’t know of an Apache/WebDAV solution off the top of my head for =
your
requirement, but it is probably easiest to address this from the =
filesystem:
change the permissions on the directory to be read =
only.











style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 
p>













Roman"> style=3D'font-size:12.0pt;color:navy'>--Mark =








style=3D'font-size:10.0pt;
color:navy'>Mark Lavi, u2:st=3D"on"> w:st=3D"on"> w:st=3D"on">Enterprise :place> Web Management Team =
@

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'> =
SGI

size=3D2 color=3Dnavy face=3D"Courier New">
style=3D'font-size:10.0pt;color:navy'>mailto:mlavi@sgi.com || =
phone:+1-650-933-7707
<=
/pre>




size=3D3
face=3D"Times New Roman">










style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma> Todd =
Hivnor
[mailto:spambox_98103@yahoo.com]

Sent: Monday, November =
27, 2006
3:44 PM

To: u2:st=3D"on"> w:st=3D"on">users@httpd.apache.org

Subject: [users@httpd] =
Limiting
COPY method for WebDAV to one direction















style=3D'font-size:
12.0pt'> 








style=3D'font-size:10.0pt'>I am running WebDAV on my Apache 2.0.51 =
server on Fedora Core 2.


  

  I would like to allow users =
to copy files _from_ a certain directory,


  but not _into_ it. However, =
if I allow the COPY method (via a the


  LimitExcept tag)  then I =
am allowing copy _from_ and copy _to_. There doesn't


  seem to be able to any means =
to control the direction of the copy


  method.

  

  Is there are way =
to

size=3D2 face=3D"Courier New"> =
configure this? It seems like a fairly basic


  requirement: a read-only =
WebDAV folder which allows users to copy files into


  their personal directories, =
with a direct HTTP COPY call.


  

   - =
Todd






style=3D'font-size:
12.0pt'>















style=3D'font-size:
12.0pt'> 







style=3D'font-size:
12.0pt'> 





size=3D3
face=3D"Times New Roman">








style=3D'font-size:
12.0pt'>Everyone is raving about href=3D"http://us.rd.yahoo.com/evt=3D45083/*http:/advision.w ebevents.yaho=
o.com/mailbeta">the
all-new Yahoo! Mail beta.





style=3D'font-size:
12.0pt'> 



style=3D'font-size:12.0pt'> 



size=3D3
face=3D"Times New Roman">






style=3D'font-size:
12.0pt'>Check out href=3D"http://us.rd.yahoo.com/evt=3D43257/*http:/advision.w ebevents.yaho=
o.com/mailbeta">the
all-new Yahoo! Mail beta - Fire up a more powerful email and get =
things
done faster.









------_=_NextPart_001_01C7142E.2DFE2185--