stevepedwards.com/DebianAdmin linux mint IT admin tips info

WebDAV – Web based Distributed Authoring and Versioning – Basic Auth with HTTP Access

WebDAV is a useful technology to know of depending on your requirements, particularly if you want users to edit and share files over the internet as it allows this using their browser alone - if it is webdav aware as Firefox, Chrome and IE are - due to the platform independence that goes with browsers.

foxhttpdav.png

ffoxindex.png

foxoptions.png

I personally don't see an advantage here over using samba for internal network file sharing except for the file locking ability, due to the relative complexity of setting up extra user access/directories/passwords for WebDAV on Apache, as transfer seems much slower also.

Different advantages as a secure Internet server though…?

Still, it's all education and interesting for other command and linux/Apache function reasons.

First look where the modules that allow Apache extra functionality reside:

cd /etc/apache2/mods-available/; ls

modsavail.png

Linux Apache servers can be set up to utilise their inherent modules and the davfs filesystem driver, and of course be set up for user level security.

This involves two aspects; a user/password authentication method such as basic or digest; a plain text or encrypted data transfer using HTTP and/or SSL (HTTPS).

I followed some of this How To: http://ubuntuguide.org/wiki/WebDAV

As I will be showing examples for both basic and digest passwords for the dav file system over HTTP and SSL, I'll load the relevant Apache2 modules now:

sudo apt-get install apache2-utils

a2enmod dav

sudo a2enmod dav_fs

sudo a2ensite default-ssl

sudo a2enmod ssl

a2enmod auth_basic.load

a2enmod auth_digest.load

This creates symlinks to those enabled:

modsen.png

Create a webdav password file for user stevee – note the password is hashed at the server, not plain text, but sent in plain text at login by the client to match, so insecure over HTTP even if htpasswd is used:

man htpasswd

htpasswd encrypts passwords using either bcrypt, a version of MD5 mod‐

ified for Apache, SHA1, or the system's crypt() routine.

For an in depth overview of basic and digest auth usage see:

https://tools.ietf.org/html/rfc2617#page-19

"HTTP/1.0", includes the specification for a Basic Access

   Authentication scheme. This scheme is not considered to be a secure
   method of user authentication (unless used in conjunction with some
   external secure system such as SSL [5]), as the user name and
   password are passed over the network as cleartext."

sudo htpasswd -c /etc/apache2/users.basic stevee

vi /etc/apache2/users.basic

stevee:$apr1$gKt…….

I am setting this up first as an “insecure” webdav server using port 80 HTTP so you can see the progression to a secure port 443 HTTPS server WITH digest auth also.

First, create the insecure server “webdav” folder under apache control:

sudo chown -R www-data:www-data /var/www/

sudo mkdir /var/www/webdav

ls -la /var/www

-rw-r--r-- 1 www-data www-data 392 Jul 28 10:01 index.html

drwxr-xr-x 2 www-data www-data 4096 Aug 3 20:54 webdav

Add this to bottom of the “insecure” http apache file

sudo vim /etc/apache2/sites-enabled/000-default.conf

Alias /webdav /var/www/webdav

<Directory /var/www/webdav>

DAV On

AuthType basic

AuthName "stevee"

AuthUserFile /etc/apache2/users.basic

Require valid-user

</Directory>

</VirtualHost>

Note what terms relate to the created dir/file structure above.

Create a test file in /webdav:

echo "this is a sample text file" | sudo tee -a /var/www/webdav/sample.txt

cd /var/www/webdav/;ls

sample.txt

cat sample.txt

this is a sample text file

sudo service apache2 restart

I added those webdav lines to one of my Apache Picams servers, but the newly created structure does not affect the original operation for viewing the cams, as the webdav lines point to a new sub directory /webdav. You should now be able to view the /webdav contents remotely after login:

chromelogin.png

ffoxindex.png

To be able to access and edit the files you can use other webdav aware Apps like cmd line cadaver, or GUI based Dolphin or Nautilus:

sudo apt-get install nautilus cadaver

To be able to edit sample.txt, to show how webdav access works, I can chown it to stevee and access it via Nautilus:

sudo chown stevee /webdav/sample.txt

sudo service apache2 restart

Open Nautilus from Menu, connect to dav://hpmint/webdav folder and edit the sample.txt file and drag/drop a file to the same folder from local:

nautilus.png

login.png

sample.png

dragdrop.png

I can click the sample file and edit it:

sampleedit.png

Save the file and check the contents remotely:

cat webdav/sample.txt

this is a sample text file

now, can I add to it...? Save...or not!

Watch what happens for the non DAV parent folder access with cadaver:

stevee@AMD ~ $ cadaver http://192.168.1.5
Could not access / (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `192.168.1.5' closed.
dav:!> quit
stevee@AMD ~ $ cadaver http://192.168.1.5/webdav
Authentication required for stevee on server `192.168.1.5':
Username: stevee
Password:
dav:/webdav/> ls
Listing collection `/webdav/': succeeded.
Quals.odt 13470 Aug 3 19:11
sample.txt 67 Aug 3 19:10
dav:/webdav/>

It all works...for insecure HTTP transfer.

The next Post will show the addition of digest and SSL security.

Comments are closed.

Post Navigation