 | mod_dav_aclmod_dav_acl is an Apache RFC3744 (Access Control Rights) module implementation. |
| Download | |
mod_dav_acl Ranking & Summary
Advertisement
mod_dav_acl Tags
mod_dav_acl Description
mod_dav_acl is an Apache RFC3744 (Access Control Rights) module implementation. mod_dav_acl is an Apache RFC3744 (Access Control Rights) module implementation.Requirements:· Requires patches to Apache, mostly to mod_dav module, patch included. Patch contains strong ETag handling, usec timestamps to ETags, conditional PUTs and some hooks to allow integration to ACL handlings. Apply the patch to Apache sources and compile it before using this module. Also a patch to apr library is required to enable nano(actually usec)second timestamps in resources. Patch included, but it is optional (etags aren't just that strong without it).· ACL (meta)info is stored within the extended attributes of the filesystem. Currently XFS probably the most convenient to work with (65k ea limit + nanosecond timestamps enabled by default). In ext3 filesystem eas can be enabled with the option user_xattr. · Principals are stored into a shared memory segment to allow faster ACL processing, though some other optimizations would be nice as well... Configuration directives:AclLockFile /var/tmp/davacl.lock· lock filename for shared memoryAclSharedMemFile /var/tmp/davacl.shm· shared memory nameAclSharedMemSize 65000· max size of shared memory segment, contains principal urisAclPrincipals http://example.com/principals· base URI for principalsAclPrincipalDir /var/principals· real absolute directory path for principalsAclOwnerFullRights on· the owner (if exists) has full rights to the resource if not any acl is set. DAVETagResponse on· enable strong ETag responses (required e.g. by CalDAV/XCAP)DAVACL on· enable ACL handlingPrincipal editings:· A simple shell script: principals.sh included for adding/removing principals (needs some changes before use)· Based on sending simple http (dav) requests by using libcurl to the server· Does not include adding user identities into the password database (htdigest e.g.), so users (+credentials) must be added separetely.Installation:./configure && make && make installYou typically also need e.g. autoreconf -i to autogenerate ./configure script. Tests:· Once the module is successfully compiled and loaded, tests can be run with make check or by running ./acl_tests. A simple libcurl testclient will send some basic tests to a server listening at localhost.· You need to create (digest) users: joe, joppe and admin before running the tests (all share the same password == password) unless you modify the scripts, of course. Also /xxx/principals and /xxx/acltests directories must be created and accessable by apache (in debian www-data user).Example dav_acl.conf for testing purposes: Alias /principals "/var/www/principals/"Alias /acltests "/var/www/acltests/"# GLOBALS but can of course be local as well AclOwnerFullRights onAclLockFile /var/tmp/davacl.lockAclSharedMemFile /var/tmp/davacl.shmAclSharedMemSize 65000AclPrincipals http://localhost/principalsAclPrincipalDir /var/www/principals< Location /principals > Dav on AuthType Digest AuthName "testing" AuthUserFile /var/www/passwords Require valid-user AuthDigestProvider file FileETag MTime DAVETagResponse on DAVACL on< /Location >< Location /acltests > Dav on AuthType Digest AuthName "testing" AuthUserFile /var/www/passwords Require valid-user AuthDigestProvider file FileETag MTime DAVETagResponse on DAVACL on< /Location >What's New in This Release:· added a _proper_ Apache 2.2.8 patch· some test & test configuration updates
mod_dav_acl Related Software