Zdravim,
rad bych krome stavajici Samby a SFTP zpristupnil uzivatelske domovske adresare jeste pres WebDAV kvuli integrovanemu klientu ve Widlich.
Na serveru mam Ubuntu 12.04 a Apache. WebDAV mi uz funguje, ale pouze do jednoho centralniho adresare:
<VirtualHost *:80>
ServerName data.example.net
Redirect permanent / https://data.example.net/
</VirtualHost>
<VirtualHost *:443>
ServerName data.example.net
DocumentRoot /data
ErrorLog /var/log/apache2/error_data-example-net.log
LogLevel warn
CustomLog /var/log/apache2/access_data-example-net.log combined
Options Indexes FollowSymLinks
ServerSignature off
SSLEngine on
SSLCertificateFile /etc/ssl/certs/data.example.net.crt
SSLCertificateKeyFile /etc/ssl/private/data.example.net.key
#SSL server accepts strong encryption only. The following enables only the seven strongest ciphers:
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
<Location />
#allow only HTTPS, not HTTP
SSLRequireSSL
#allows export browsers to upgrade to stronger encryption
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
Dav On
AuthType Digest
AuthName "WebDAV data.example.net"
AuthDigestProvider file
AuthUserFile /etc/apache2/.htdigest_WEBDAV
Require valid-user
#Require user uzivatel1 uzivatel2
Options +Indexes
</Location>
</VirtualHost>
Nyni bych rad nastavil jednotlive uzivatele. Nasel jsem
nasledujici navod a tam to resi pomoci aliasu a
Location. Kazdy uzivatel ma tedy svoji
Location sekci a
alias:
# user2
Alias /user2 /home/user2
<Directory /home/user2 >
DAV On
AuthType Basic
AuthName "My WebDav Directory"
AuthUserFile /auth/webdav.user
Require valid-user
</Directory>
<Location /user2/>
Require user user2
</Location>
...
Pro treba 1000 uzivatelu mi to uz prijde dost neefektivni a navic pri pridani uzivatele musim restartovat webserver.
Da se udelat neco jako u Samby:
[homes]
comment = Domovske adresare
browseable = yes
writable = yes
create mask = 0700
directory mask = 0700
valid users = %S
guest ok = no
follow symlinks = no
Kde si pak uzivatel v okolnich pocitacich "otevre server" a vidi pro kazde uzivatelske jmeno jednu slozku a samba ho pusti pouze do te jeho vlastni?
Jedine co me napadlo je pouzit spolecnou
Directory sekci treba do
/webdav a pomoci
symlinku nebo
mount --bind tam vytvorit adresare pro uzivatelska jmena a v definici virtualhostu mit pouze pro kazdeho uziviatele
Location sekci:
<Location /user2/>
Require user user2
</Location>
A uzivatel by si pripojoval
https://data.example.net/user2/Je to dobry napad? Jak to resite vy? Je lepsi pouzit misto Apache jiny webserver? Zamky nepotrebuju, staci mi jenom zakladni prenos souboru.