I have a WebDAV user set up that currently gets usernames and passwords from my MySQL Database. I give users the option to use WebDAV for large file uploads (this is for a file sharing service I'm currently developing) but I've reached a little issue I can't seem to figure out.
First of all – how would I go about each user having their own WebDAV root so they can't look into other user's files? I already run a cronjob that checks for any users that enabled WebDAV and automatically creates the directories with the appropriate permissions. I just need some method of telling apache this.
Thanks for any help, I really appreciate it.
I also am aware I could just run a cronjob every minute to generate me an apache config and reload the apache config, but this would just be a little too much overhead and I'd like some more flexibility.
Best Answer
It's rather a pity that Apache's config isn't as flexible as nginx's, so you could do something like:
However, you can use
REMOTE_USERin a rewrite rule, like so:Then put all your auth/DAVish loveliness into a
<Location /__davinternal>and bob's your auntie's live-in lover.This works great if you've got consistent locations in your filesystem for all your users (say
/path/to/dav/store/<username>); if you've got user folders scattered across the filesystem (with a mapping in MySQL), you can still map your user locations, but you've got to use aRewriteMap:You can do a RewriteMap straight out of MySQL (via an external script), but I'd try and get my app to update a dbm file whenever that mapping information changed and use a dbm map instead -- much better performance, and doesn't hammer your database into the ground.
I've not covered the security implications of these setups in this answer, partially because I'm not entirely sure myself, and because I don't know what your exact security policy might be.