Build & use mod_auth_user_dir on debian 5.0 Lenny
Posted on Friday 02 April 2010, 12:34 - Linux - Permalink Tweet
- Article
- |
- Comments(0)
- |
- Attachments(3)
In the need of a WebDAV functionnality that could allow one to share users personal directories with automated authentification, i found an apache module, auth_user_dir, that looked fine to me on http://www.genos.org :
You can create private user folders using the WebDAV protocol. Users will have only permissions to access to their own directory. Without this module, a htaccess file must be created inside every user folder. This is completely unmanageable when the number of users is big.
We can build a file server accessible from Windows and Linux using the WebDAV protocol and a web server like Apache. Because the protocol is build upon HTTP, the server uses ports TCP 80 (HTTP) and TCP 443 (HTTPS). These ports are commonly open in firewalls without any other special requirement.
The module appears to have been developed in 2004 an attached tutorial was referring to some patches that no longer exist. So here is explained the way I managed to build this module on debian in 2010. I also found some tricks to make the mysql authentication work. This is a little crap but it worked !
Prerequisites
first install the needed dev packages if those are not already on your system
# apt-get install apache2 \
apache2-threaded-dev \
libtool \
libltdl3 \
libltdl3-dev \
automake \
make \
libapache2-mod-auth-mysql \
libapache2-mod-ldap-userdir \
libapr1 \
libapr1-dev \
Get the module source code (or take the ready to make attached file)
# cd /root
# mkdir src
# cd src
# wget http://www.genos.org/downloads/mod_authuserdir-1.0.tgz
# tar -xzvf mod_authuserdir-1.0.tgz
# cd mod_auth_user_dir/
Then download the replacement files attached or patch
# patch -p1 < Makefile.am.diff
# patch -p1 < configure.in.diff
build the module
# aclocal
# autoconf
# automake -a
# ./configure --with-apache=/usr/include/apache2
Install the module
Build and install library
# apxs2 -i -a -n auth_user_dir libmod_auth_user_dir.la
Create the needed file for activation of this module in apache2, the debian way
# echo 'LoadModule mod_auth_user_module /usr/lib/apache2/modules/libmod_auth_user_dir.so' \
> /etc/apache2/mods-available/auth_user_dir.load
Enable the needed modules
# a2enmod auth_mysql
# a2enmod dav
# a2enmod dav_fs
# a2enmod auth_user_dir
Create database and tables for mysql_auth . (Here we assume you already have mysql running)
# mysqladmin -uroot -p create davusers
# mysql -uroot -p davusers
mysql> CREATE TABLE users (
> user_name CHAR(30) NOT NULL,
> user_passwd CHAR(20) NOT NULL,
> user_group CHAR(10),
> PRIMARY KEY (user_name)
> );
Add one user to database
> INSERT INTO `davusers`.`user_info` (
> `user_name` ,
> `user_passwd` ,
> `user_group`
> ) VALUES (
> 'test', 'test', ''
> );
Create folder for DAV & users subfolders
# mkdir /var/davshare
# mkdir /var/davshare/test
Change apache virtualhost configuration
Add the following directory to your virtualhost conf file
Alias /webdav /var/davshare
<Location /webdav>
# Activate DAV module on this location
DAV On
# Specific auth_user_Dir Parameter
AuthUserDirRoot "/var/davsharev"
# auth_mysql parameters
AuthName "Secured access"
AuthGroupFile /dev/null
AuthUserFile /dev/null
AuthType Basic
AuthBasicAuthoritative Off
AuthMySQL On
AuthMySQL_Host localhost
AuthMySQL_User admin
AuthMySQL_Password mmypassword
AuthMySQL_Authoritative on
AuthMySQL_DB davusers
AuthMySQL_Password_Table user_info
AuthMySQL_Username_Field user_name
AuthMySQL_Password_Field user_passwd
AuthMySQL_Group_Field user_group
AuthMySQL_Group_Table user_info
AuthMySQL_Encryption_Types Plaintext PHP_MD5 Crypt_DES
<Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
require valid-user
</Limit>
</Location>
Restart Apache2
# /etc/init.d/apache2 restart
Does it works ?
If you are on a linux, then you can test your connexion with a command line client : cadaver.
# apt-get install cadaver
# cadaver my.virtual.host/webdav/test
cadaver should ask you a username and password. type the ones you added in mysql table and you should see a dav prompt like it :
dav:/webdav/> ls
Listing collection `/webdav/': succeeded.
Coll: test 0 Apr 2 16:14
Coll: notme 0 Apr 2 16:14
Then if you try to access to a folder different from the user you specified at logon, you will be asked for the correct username and password.
So it should work. the last issue is that users can see the list on folders in the dav share, even if they cannot see the contents. If anyone has an idea to fix this issue ...
Also here is a nice description on how you can get connected to a webDAV Share using Any operating system : http://plone.org/documentation/kb/webdav.
I hope this will help someone, it already helped myself :)