Setting up a WebDAV sync file repository for multiple users

ewout
I just set up a WebDAV repository using Apache, hooking up the (Basic) authentication with a large user database. Everything seems to work, but apparently zotero puts all files (the .prop and .zip files), for all users, in the same directory.

My question is: this cannot be the correct way to go about it, because first, everybody has access to everybody elses files and second because I cannot imagine scaling a single directory to the files of thousands of users (there seems to only one lastsync file).

So does anybody have any suggestions how I would go about setting up a WebDAV repository for multiple users using Apache? I guess the result would have to be something like http://example.com/username/zotero/ , but I don 't understand how to configure my VirtualHost to do that.
  • noksagt
    This is really an Apache question & not a zotero question & you should probably refer to support channels for Apache for good advice, but I'll try to give an overview.
    but apparently zotero puts all files (the .prop and .zip files), for all users, in the same directory.
    If and only if all users use the same URL for their WebDAV server.
    everybody has access to everybody elses files
    This is inevitable for a single directory with basic AUTH.
    second because I cannot imagine scaling a single directory to the files of thousands of users (there seems to only one lastsync file).
    Per-user permissions for thousands of users with basic auth also does not scale well.
    So does anybody have any suggestions how I would go about setting up a WebDAV repository for multiple users using Apache?
    For thousands of users, you may want something like LDAP & to setup Apache to use UserDir. The latter allows your proposed URL scheme.
    I don 't understand how to configure my VirtualHost to do that.
    If you have thousands of users, this shouldn't be your job. Hopefully you have an IT department to help you get everything setup correctly and/or have a good hosting company who will do this for you (or have the funds needed to change hosts and/or to have the server setup professionally).
  • ewout
    Thank you for your response. I understand this is a bit off-topic, but anyway...

    The WebDAV URL is secured by Basic AUTH, but I plan to put it on a SSL domain. Also, I use something similar to LDAP: My users are not on the server, they live in a Mysql database (used for standard web aplicaitons like elgg, drupal, omeka or Wordpress MU for example). I found this apache module, (libapache2-mod-auth-mysql on debian) which allows apache to talk to my user database, similarly to a LDAP or Radius server.

    So far so good, but as I said, this only gives me one directory for thousands of users. As far as I can tell, the UserDir solution would map URLs (example.com/~username/zotero/) to filesystem paths /home/username/zotero/, but the users are not on the server, so this won't work as is.

    I guess my whole idea is flawed. Still, I wonder how large Universities provide their members with a WebDAV storage.
  • noksagt
    I found this apache module, (libapache2-mod-auth-mysql on debian) which allows apache to talk to my user database, similarly to a LDAP or Radius server.
    It looks unmaintained, but there is http://www.mgamble.ca/oss/mod_mysql_userdir/

    The bottom-line is that you will need some mechanism of having separate directories on your server that you can associate with individual accounts. With apache, this is easiest when said accounts are actually user accounts on the system. We do this at our institution (although we disable shell access for most users). LDAP is convenient for us, because it takes care of SAMBA/SFTP auth, etc. in addition to auth for our web space.

    There are various webapps and non-Apache WebDAV servers that other institutions run too.
  • ewout
    Here is the solution I adopted, for now. To recap, my problem was to set up webdav shares for the users of my Web application (an elgg instance, but it could have been a Drupal, Wordpress MU or some such software). These are the steps I took:

    1. set up WebDAV for apache: install mod_dav and mod_dav_fs
    2. set up authentication: my users live in a mysql database, in a user table with md5 hashed passwords. I installed mod_auth_mysql and configured it to talk to my users database. This is my configuration in my virtualhost:

    AliasMatch "^/(.)(.*)/zotero/(.*)$" "/var/data/files/$1/$1$2/zotero/$3"

    <LocationMatch "^/(.*)/zotero(.*)$">
    Options +Indexes
    DAV On
    AuthType Basic
    AuthName "Zotero"
    AuthBasicAuthoritative off
    AuthUserFile /dev/null
    AuthMySQL_Host db.example.com
    AuthMySQL_User elgg
    AuthMySQL_Password supersecret
    Auth_MySQL_DB elgg
    Auth_MySQL_Password_Table elggusers
    Auth_MySQL_Username_Field username
    Auth_MySQL_Password_Field password
    Auth_MySQL_Encryption_Types PHP_MD5
    </LocationMatch>

    Since I use Basic AUTH, this goes into the SSL virtual host. the AliasMatch maps a simple URL, https://example.com/username/zotero/ to the particular location of the uploaded users files of my Web application. For Drupal or other software, this location and the mapping regexp would be different.

    Note the AuthUserFile /dev/null, this prevented apache from trying to open a non-existent authentication file.

    Normally, there would be Require valid-user at the end of this configuration, but I don't want that every user can access all other user's WebDAV shares. So I wrote a plugin for my web application that 1. creates a zotero/ subdirectory in their uploaded file space and 2. puts a .htaccess file with "Require user username" in it. (The plugin also gives an option to opt-out, then it replaces .htaccess with "Require user 0", the 0 being a non-existent user).

    Note that the VirtualHost has AllowOverride All in another place, so .htaccess files are already enabled.

    I haven't tested it a lot. But in principle, this would be a solution to the problem of using an existing web application into a zotero-enabled WebDAV host.
Sign In or Register to comment.