Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebDAV with a Quota?

Posted by Cliff on from the no-full-disks dept.

gik asks: "I'm in the need for a quota-managing, multi-account capable, class-1 WebDAV server (for remote file storage for clients). I've been researching WebDAV for a long long time now, and have only found one all-in-one implementation: Xythos webfile server, which is a very costly (but a very good) solution. I know that some online storage companies use a hacked Apache, but as anyone who's worked with WebDAV knows, doing this with Apache can be hard. So I'm asking: Does anyone out there know of a good WebDAV server with (hopefully) quota management that is as reliable and free as Apache? Oracle's IFS, Novell Netware, and the like are acceptable as possible candidates."

3 of 44 comments (clear)

  1. Quota by jrockway · · Score: 3, Interesting

    Regarding quota, can you not set up the server to save files in the user's homedir (like in public_html or something)? Then the quota will be managed by the underlying OS (and should be trivial to set up).

    --
    My other car is first.
    1. Re:Quota by LiENUS · · Score: 2, Interesting
      http://httpd.apache.org/docs-2.0/mod/mod_suexec.ht ml

      Just thought I'd note if you use a dav cgi script you can potentially utilize that to achieve quotas, depending on how much you trust your script you could make the cgi script setuid root and then authenticate against /etc/shadow (bad idea on non ssl connection btw) and from there immediately setuid to the user you authenticate as. From here standard OS quotas will indeed take effect.

      The problem is if someone finds a flaw in your script then they can root your server. You would also need a farely complete WebDAV implementation in perl or whatever your using for cgi (note you can use C if youd like), perhaps the best way to accomplish this is use pam for authentication and once your authenticated (Hopefully within 40-50 lines of code at the max) immediately chroot to your directory your writing to and then setuid to your user, you've potentially increased your security vs the standard mod_dav implementation at this point as users are now within a chroot which they have no way of escaping and they are setuid to a different user so they cannot overwrite other users files.

  2. iDisk by Johnny+Mnemonic · · Score: 2, Interesting


    Apple's iDisk offering is, or at least once was, WebDAV. Also incorporates quotas and is multi-user capable. Allows them to give nice hooks to publishing directly from iMovie and iPhoto, for example.

    Sorry, I don't know exactly how they do it; but I do know that when it was announced (in '99?) there was some discussion about how Apple was accomplishing it. And you could probably reverse-implement their implementation in a few hours of poking.

    For that matter, I think SpyMac uses the same thing.

    --

    --
    $tar -xvf .sig.tar