On Apr 29, 2004, at 10:59 PM, Amit Athavale wrote:
May be DAV ACL is the way to go ?
AFAIK WebDAV+ACL+some kind authentication serves the purpose where each
user having it own area and he can play with permissions of files and yet you have
private repository and user doesn't have a clue of how the back-end storage is
managed !
That is in fact what happens with Apache + mod_dav. You manage the access control using restrictions in your httpd.conf, .htaccess files etc. Where Apache gets the Authentication data doesn't really matter: its own password file, /etc/passwd or PAM, with the appropriate modules. It is responsible for enforcing the Authorization and Access control, and then writes everything as the web server user. This is actually not very different from what the kernel does: in the end the files are just bits on a disk and the unix AAA model we build is very much an artefact that said kernel enforces.
I have worked on a product that contained an Apache-based FTP module with the same AAA model, and people found this "the web server owns everything" idea hard to grasp.
No, I was talking about "DAV ACL" model and if some day we have mod_dav implementing
ACL draft (soon to be RFC), people have to grasp "the web server owns everything" idea ;)
Look at this : http://www.webdav.org/acl/
S.
