Hello, I wish to make users' Unix home directories available to them via WebDAV. Since the Apache HTTP Server supports WebDAV, SSL, and a variety of authentication schemes, it seemed an appropriate basis, but it does not appear to fit the bill because it always runs under a particular user account. It needs to access the exact set of files the user can access, and when it writes files it must write them as the authenticated user; it would therefore need to either run as the authenticated user or simulate that fact.
Other people have noted and/or addressed this issue. MoulDAVia is a server designed for this purpose. Others[1] have achieved this functionality with apache when an AFS server shares the files to publish, as httpd can retrieve krb5 tokens for multiple AFS users. A message[2] on the dav-dev mailing list summarizes the issues for regular Unix filesystems. The best way I have thought to achieve this functionality in Apache is to add an option, say "SetuidIfAuthenticated." With that directive set, Apache will retain access to root privileges until it has authenticated the user. It will then getpwnam(3) the authenticated user name and switch to the resulting UID. If the authenticated user does not correspond to a Unix user, Apache will report an error and fall back on the account given in the User directive. I have not studied the Apache code at all, so I can't say offhand whether this approach will require changes to the Apache core or whether a module alone could implement the functionality. Is that is a good approach to the need I described? If it requires changes to the Apache core, might they be acceptable for inclusion in the standard codebase? Might any associated module become part of the standard set? Thanks. [1] http://www.cpan.org/modules/by-module/Apache/Apache-AuthKrb5Afs-1.0.readme [2] http://mailman.lyra.org/pipermail/dav-dev/1999-March/000170.html