Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebDAV with a Quota?

Posted by Cliff on from the no-full-disks dept.

gik asks: "I'm in the need for a quota-managing, multi-account capable, class-1 WebDAV server (for remote file storage for clients). I've been researching WebDAV for a long long time now, and have only found one all-in-one implementation: Xythos webfile server, which is a very costly (but a very good) solution. I know that some online storage companies use a hacked Apache, but as anyone who's worked with WebDAV knows, doing this with Apache can be hard. So I'm asking: Does anyone out there know of a good WebDAV server with (hopefully) quota management that is as reliable and free as Apache? Oracle's IFS, Novell Netware, and the like are acceptable as possible candidates."

14 of 44 comments (clear)

  1. IIS by RzUpAnmsCwrds · · Score: 3, Funny

    IIS?

  2. Enabling WebDAV on Apache by shufler · · Score: 2, Informative

    This article details adding WebDAV functionality to Apache. I'm not quit sure what is so hard about it. Works in Windows, Linux, and OS X.

    1. Re:Enabling WebDAV on Apache by shufler · · Score: 2, Informative
      Reading the link, sounds a lot like (groan) FrontPage... Since I know this can not be the case, could one of the learned Slashdotters explain to me what WebDAV means?

      Reading the link provides the following explaination:

      In order to simplify the way you update websites, WebDAV was invented. Web-based Distributed Authoring and Versioning (WebDAV) uses extensions to the existing HTTP protocol to enable multiple users to manage and modify the files in a remote system. Using suitably enabled clients you can view, open, edit and save files directly into the filesystem of the Web site as it were of a remote website.


      FrontPage does has WebDAV capabilities built-in, but I (and probably you) doubt this is the main reason someone would use FrontPage.

      Bottom line: The purpose of WebDAV is to give multiple people the ability to edit and publish remote content.
  3. Patch for quotas by Anonymous Coward · · Score: 3, Informative

    Here is William A.Carrel's Patch patch for Apache 2. setup info

  4. Quota by jrockway · · Score: 3, Interesting

    Regarding quota, can you not set up the server to save files in the user's homedir (like in public_html or something)? Then the quota will be managed by the underlying OS (and should be trivial to set up).

    --
    My other car is first.
    1. Re:Quota by LiENUS · · Score: 3, Informative

      linux quotas are managed by owner not by location, files created by apache are owned by the user the apache daemon runs as, there is a mod_setuid or something like that that may assist you however.

    2. Re:Quota by Foolhardy · · Score: 3, Informative
      Unfortunately, from the docs for Apache mod_dav:
      In order for mod_dav to manage files, it must be able to write to the directories and files under its control using the User and Group under which Apache is running. New files created will also be owned by this User and Group.
      There seems to be no support for having new files created as the user that logged on, far as I can tell. mod_dav does not handle authentication of logons itself, you have to use mod_auth_digest or mod_ssl, so it may not even be aware of what user is logged on.

      I get the feeling that Apache was designed for providing uploads to clients only, not full scale IO, and that mod_dav is a bit of an afterthought for trusted users.

      BTW: This mod (and Apache) specifically provide no support for quotas:
      Another possible denial-of-service attack involves a client simply filling up all available disk space with many large files. There is no direct way to prevent this in Apache, so you should avoid giving DAV access to untrusted users.
    3. Re:Quota by LiENUS · · Score: 2, Interesting
      http://httpd.apache.org/docs-2.0/mod/mod_suexec.ht ml

      Just thought I'd note if you use a dav cgi script you can potentially utilize that to achieve quotas, depending on how much you trust your script you could make the cgi script setuid root and then authenticate against /etc/shadow (bad idea on non ssl connection btw) and from there immediately setuid to the user you authenticate as. From here standard OS quotas will indeed take effect.

      The problem is if someone finds a flaw in your script then they can root your server. You would also need a farely complete WebDAV implementation in perl or whatever your using for cgi (note you can use C if youd like), perhaps the best way to accomplish this is use pam for authentication and once your authenticated (Hopefully within 40-50 lines of code at the max) immediately chroot to your directory your writing to and then setuid to your user, you've potentially increased your security vs the standard mod_dav implementation at this point as users are now within a chroot which they have no way of escaping and they are setuid to a different user so they cannot overwrite other users files.

  5. Frontpage extensions vs. WebDAV by jeif1k · · Score: 4, Informative

    Yes, Frontpage has allowed upload of content through HTTP for a long time (it may even have been the first WYSIWYG HTML editor to support this). However, the mechanism it used to use was proprietary, had gaping security holes, and it had very limited functionality. (I don't know what Frontpage uses these days, but Windows has WebDAV client support built-in, although it has some limitations.)

    WebDAV attempts to standardize this kind of functionality and make it available to many more programs and across platforms. WebDAV is sufficiently functional, complete, and efficient to serve both as a network file system protocol and as a network-based version control system.

  6. Zope, perhaps by Earlybird · · Score: 3, Informative
    Zope supports WebDAV. Zope supports quota-limited mounted databases.

    You would use Zope as a dumb, albeit journaled and transactional, file storage, though the files themselves will be stored in an opaque (object database) format; in other words, the only way to access the files will be through WebDAV (or FTP, which Zope also supports).

  7. ezPublish CMS has WebDAV capabilities by gregwbrooks · · Score: 2, Informative
    eZ publish has WebDAV capabilties. Here's a handy how-to on setting up an intranet using it.

    Since it's based on PHP and pretty extensible, I would think getting a quota function established (if eZ publish doesn't already have one) would be easy enough.

    Now, can someone help me get the damned 3.4.4 version to run on FreeBSD? ;)

    --


    "It was a summer's tale: Just a boy, his Linux, and a head full of dreams..."
  8. Obligatory 10-second Google search by fsck! · · Score: 2, Informative

    http://www.needful.de/docs/projekte/webdav-quota/

  9. iDisk by Johnny+Mnemonic · · Score: 2, Interesting


    Apple's iDisk offering is, or at least once was, WebDAV. Also incorporates quotas and is multi-user capable. Allows them to give nice hooks to publishing directly from iMovie and iPhoto, for example.

    Sorry, I don't know exactly how they do it; but I do know that when it was announced (in '99?) there was some discussion about how Apple was accomplishing it. And you could probably reverse-implement their implementation in a few hours of poking.

    For that matter, I think SpyMac uses the same thing.

    --

    --
    $tar -xvf .sig.tar
  10. WebDAV without Apache? by david.given · · Score: 2, Informative
    Does anyone know where I can find a small, simple WebDAV server that's doesn't require something as heavyweight as Apache?

    My main server is a low-end notebook. It passes packets, does SMTP, file serving etc quite nicely. Unfortunately apache is just way too heavyweight for it; I use thttpd instead, which is smaller and faster.

    I'd like to set up a WebDAV server. But I don't want to have to replace thttpd. Are there any small, light tools that will just do WebDAV and nothing else, that I can add to my setup?