Blog Pro de Jean-Baptiste HEREN

Notes d'un consultant Freelance en Informatique

To content | To menu | To search

Build & use mod_auth_user_dir on debian 5.0 Lenny

Posted on Friday 02 April 2010, 12:34 - Linux - Permalink

In the need of a WebDAV functionnality that could allow one to share users personal directories with automated authentification, i found an apache module, auth_user_dir, that looked fine to me on http://www.genos.org :

You can create private user folders using the WebDAV protocol. Users will have only permissions to access to their own directory. Without this module, a htaccess file must be created inside every user folder. This is completely unmanageable when the number of users is big.

We can build a file server accessible from Windows and Linux using the WebDAV protocol and a web server like Apache. Because the protocol is build upon HTTP, the server uses ports TCP 80 (HTTP) and TCP 443 (HTTPS). These ports are commonly open in firewalls without any other special requirement.

The module appears to have been developed in 2004 an  attached tutorial was referring to some patches that no longer exist. So here is explained the way I managed to build this module on debian in 2010. I also found some tricks to make the mysql authentication work. This is a little crap but it worked !

Prerequisites

first install the needed dev packages if those are not already on your system

# apt-get install apache2     \

  apache2-threaded-dev        \

  libtool                     \

  libltdl3                    \

  libltdl3-dev                \

  automake                    \

  make                        \

  libapache2-mod-auth-mysql   \

  libapache2-mod-ldap-userdir \

  libapr1                     \

  libapr1-dev                 \

Get the module source code (or take the ready to make attached file)

# cd /root

# mkdir src

# cd src

# wget http://www.genos.org/downloads/mod_authuserdir-1.0.tgz

# tar -xzvf mod_authuserdir-1.0.tgz

# cd mod_auth_user_dir/

Then download the replacement files attached or patch 

# patch -p1 < Makefile.am.diff

# patch -p1 < configure.in.diff

build the module

# aclocal

# autoconf

# automake -a

# ./configure --with-apache=/usr/include/apache2

Install the module

Build and install library

# apxs2 -i -a -n auth_user_dir libmod_auth_user_dir.la

Create the needed file for activation of this module in apache2, the debian way

# echo 'LoadModule mod_auth_user_module /usr/lib/apache2/modules/libmod_auth_user_dir.so' \

> /etc/apache2/mods-available/auth_user_dir.load

Enable the needed modules

# a2enmod auth_mysql

# a2enmod dav

# a2enmod dav_fs

# a2enmod auth_user_dir

Create database and tables for mysql_auth . (Here we assume you already have mysql running)

# mysqladmin -uroot -p create davusers

# mysql -uroot -p davusers

mysql> CREATE TABLE users (

>   user_name CHAR(30) NOT NULL,

>   user_passwd CHAR(20) NOT NULL,

>   user_group CHAR(10),

>   PRIMARY KEY (user_name)

> );

Add one user to database

> INSERT INTO  `davusers`.`user_info` (

> `user_name` ,

> `user_passwd` ,

> `user_group`

> ) VALUES (

> 'test',  'test',  ''

> );

Create folder for DAV & users subfolders

# mkdir /var/davshare

# mkdir /var/davshare/test

Change apache virtualhost configuration

Add the following directory to your virtualhost conf file

Alias /webdav /var/davshare

<Location /webdav>

# Activate DAV module on this location

DAV On

# Specific auth_user_Dir Parameter

  AuthUserDirRoot  "/var/davsharev"

# auth_mysql parameters

AuthName "Secured access"

AuthGroupFile /dev/null

AuthUserFile /dev/null

AuthType Basic

AuthBasicAuthoritative Off

AuthMySQL On

AuthMySQL_Host localhost

AuthMySQL_User admin

AuthMySQL_Password mmypassword

AuthMySQL_Authoritative on

AuthMySQL_DB davusers

AuthMySQL_Password_Table user_info

AuthMySQL_Username_Field user_name

AuthMySQL_Password_Field user_passwd

AuthMySQL_Group_Field user_group

AuthMySQL_Group_Table user_info

AuthMySQL_Encryption_Types Plaintext PHP_MD5 Crypt_DES

<Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>

require valid-user

</Limit>

</Location>

Restart Apache2

# /etc/init.d/apache2 restart

Does it works ?

If you are on a linux, then you can test your connexion with a command line client : cadaver.

# apt-get install cadaver

# cadaver my.virtual.host/webdav/test


cadaver should ask you a username and password. type the ones you added in mysql table and you should see a dav prompt like it :

dav:/webdav/> ls

Listing collection `/webdav/': succeeded.

Coll:   test                                     0  Apr  2 16:14

Coll:   notme                                  0  Apr  2 16:14


Then if you try to access to a folder different from the user you specified at logon, you will be asked for the correct username and password.

So it should work. the last issue is that users can see the list on folders in the dav share, even if they cannot see the contents. If anyone has an idea to fix this issue ...

Also here is a nice description on how you can get connected to a webDAV Share using Any operating system : http://plone.org/documentation/kb/webdav.


I hope this will help someone, it already helped myself :)

Jean-Baptiste Heren

Author: Jean-Baptiste Heren

Stay in touch with the latest news and subscribe to the RSS Feed about this category

Comments are closed


You Might Also Like

vbox_logo.png

Convert virtual drive from virtualbox to vmware

You have a virtualbox image and want to use it in VMWARE ? If the .ova file does not fits your needs, you can try to convert the hard drive and then use it directly in a configured vmware machine....

Continue reading

harddrive_osx.png

Repair HFS+ Volume on OSX

Yesterday I had a little surprise on one of my disks (the backup one.Disk utility was unable to repair it, but here you will find some tips 1- read your disk with Linux Boot on Ubuntu live CD and try...

Continue reading