WebDAV

Don't have root privileges? Can't create new users and change their passwords? Just trying to grant access to web users who want to publish content? What to do? FTP's not a real solution. Perhaps WebDAV is the solution for you. WebDAV is a flexible client/server protocol that offers file access without requiring you to give actual system user access to remote clients. It even offers version tracking and file locking so that groups of users can work on the same files.

The advantage of WebDAV is that you don't need to investigate external users and add them to the system. WebDAV is an Apache module that uses Apache-based web users, and which, when fully configured and enabled, allows web-based read/write access to files on your system-even with secure SSL, when configured properly. When you run WebDAV with Apache, it will use the standard security settings that you defined for Apache and atop the file system's own security permissions. Users see only the files for which you give them web logins to see. Additionally, since they're restricted to the system account apache, they have less opportunity to run local exploits in an attempt to gain root privileges.

Fresh out of the box, WebDAV is almost ready to go. You need to add only a few minor configurations to get it started. That said, you will need to do some work if you want to implement WebDAV with discrete Apache-based user-level logins and have a reasonable level of user authentication over a secure SSL-based connection. It's not an overly difficult task, however, and we show you how to do it in the WebDAV section of this chapter.

------refer to <>