Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebDAV with a Quota?

Posted by Cliff on from the no-full-disks dept.

gik asks: "I'm in the need for a quota-managing, multi-account capable, class-1 WebDAV server (for remote file storage for clients). I've been researching WebDAV for a long long time now, and have only found one all-in-one implementation: Xythos webfile server, which is a very costly (but a very good) solution. I know that some online storage companies use a hacked Apache, but as anyone who's worked with WebDAV knows, doing this with Apache can be hard. So I'm asking: Does anyone out there know of a good WebDAV server with (hopefully) quota management that is as reliable and free as Apache? Oracle's IFS, Novell Netware, and the like are acceptable as possible candidates."

7 of 44 comments (clear)

  1. IIS by RzUpAnmsCwrds · · Score: 3, Funny

    IIS?

  2. Patch for quotas by Anonymous Coward · · Score: 3, Informative

    Here is William A.Carrel's Patch patch for Apache 2. setup info

  3. Quota by jrockway · · Score: 3, Interesting

    Regarding quota, can you not set up the server to save files in the user's homedir (like in public_html or something)? Then the quota will be managed by the underlying OS (and should be trivial to set up).

    --
    My other car is first.
    1. Re:Quota by LiENUS · · Score: 3, Informative

      linux quotas are managed by owner not by location, files created by apache are owned by the user the apache daemon runs as, there is a mod_setuid or something like that that may assist you however.

    2. Re:Quota by Foolhardy · · Score: 3, Informative
      Unfortunately, from the docs for Apache mod_dav:
      In order for mod_dav to manage files, it must be able to write to the directories and files under its control using the User and Group under which Apache is running. New files created will also be owned by this User and Group.
      There seems to be no support for having new files created as the user that logged on, far as I can tell. mod_dav does not handle authentication of logons itself, you have to use mod_auth_digest or mod_ssl, so it may not even be aware of what user is logged on.

      I get the feeling that Apache was designed for providing uploads to clients only, not full scale IO, and that mod_dav is a bit of an afterthought for trusted users.

      BTW: This mod (and Apache) specifically provide no support for quotas:
      Another possible denial-of-service attack involves a client simply filling up all available disk space with many large files. There is no direct way to prevent this in Apache, so you should avoid giving DAV access to untrusted users.
  4. Frontpage extensions vs. WebDAV by jeif1k · · Score: 4, Informative

    Yes, Frontpage has allowed upload of content through HTTP for a long time (it may even have been the first WYSIWYG HTML editor to support this). However, the mechanism it used to use was proprietary, had gaping security holes, and it had very limited functionality. (I don't know what Frontpage uses these days, but Windows has WebDAV client support built-in, although it has some limitations.)

    WebDAV attempts to standardize this kind of functionality and make it available to many more programs and across platforms. WebDAV is sufficiently functional, complete, and efficient to serve both as a network file system protocol and as a network-based version control system.

  5. Zope, perhaps by Earlybird · · Score: 3, Informative
    Zope supports WebDAV. Zope supports quota-limited mounted databases.

    You would use Zope as a dumb, albeit journaled and transactional, file storage, though the files themselves will be stored in an opaque (object database) format; in other words, the only way to access the files will be through WebDAV (or FTP, which Zope also supports).