WebDAV CGI - Documentation

Requirements

• all required Perl modules: see Installation
• a database (SQLite3, PostgreSQL, MySQL, ... (all supported by a Perl DBI driver))
• a Web server software (Apache recommended)
• a little bit configuration: Apache setup (see Installation) and a WebDAV CGI Setup
• WebDAV CGI works only with a UNIX/Linux server (Ubuntu 14.04/16.04 recommended, Windows/MacOS-X not tested and not supported)

You do not need mod_dav for the Apache Web server. WebDAV CGI replaces mod_dav completely.

• Basic authentication as described in the following instruction
• Session or form-based authentication

Installation

Note: All steps are done with root rights.

Upgrade Note: Please take a look at the Upgrade section for further information.

1. download WebDAV CGI (note: not necessary for Gentoo)
2. install required CPAN modules (Debian/Ubuntu package name):
   • CGI (included in most Linux dists; older dists need that: libcgi-perl)
   • DBI (libdbi-perl) and a database driver, e.g. DBD::SQLite (libdbd-sqlite3-perl) - (since v0.3.0)
   • Date::Parse (libtimedate-perl) - (since v0.2.1)
   • OSSP::uuid (libossp-uuid-perl or from http://www.ossp.org/pkg/lib/uuid/) - (since v0.3.0) (since v0.8.0 replaced by UUID::Tiny)
   • UUID::Tiny (libuuid-tiny-perl) - (since 0.8.0)
   • XML::Simple (libxml-simple-perl)
   • Quota (libquota-perl) - (since v0.3.4)
   • Archive::Zip (libarchive-zip-perl) - (since v0.5.0)
   • Image::Magick (perlmagick) - (since v0.5.1) (since v0.5.3 replaced by Graphics::Magick)
   • Graphics::Magick (libgraphics-magick-perl or http://www.graphicsmagick.org/perl.html) - (since v0.5.3)
   • File::Spec::Link (libfile-copy-link-perl) - (since v0.5.2)
   • IO::Compress::Gzip (included in most Linux dists) - (since v0.7.0)
   • IO::Compress::Deflate (included in most Linux dists) - (since v0.7.0)
   • IO::Compress::Brotli - (since v1.1.2)
   • Module::Load (included in most Linux dists, older need libmodule-load-perl) - (since v0.8.0)
   • optional (for SMB backend): Filesys::SmbClient (libfilesys-smbclient-perl) - (since v0.8.0)
   • optional (for RCS backend): Rcs (librcs-perl) - (since v0.8.0)
   • JSON (libjson-perl) - (since v0.8.5)
   • DateTime - (since v0.8.5)
   • DateTime::Format::Human::Duration (libdatetime-format-human-duration-perl) - (since v0.8.5)
   • Image::ExifTool (libimage-exiftool-perl)- (since v1.0.1)
   • List::MoreUtils (liblist-moreutils-perl)- (since v1.1.0)
   • optional for SendByMail extension:MIME::Entity (libmime-tools-perl) - (since v0.9.1)
   • optional for LDAP address book of SendByMail extension:Net::LDAP (libnet-ldap-perl) - (since v0.9.1)
   • optional for Kerberos helpers in conjunction with mod_perl (AFS, SMB):Env::C - (since v1.0.0)
   • optional for AFS Kerberos helpers in conjunction with mod_perl:AFS::PAG - (since v1.0.1)
   You can do that with 'perl -MCPAN -e "install <ModuleName>"' or with 'apt-get install <PackageName>'.

   ## Debian/Ubuntu quick install: 
   apt install libdbi-perl libdbd-sqlite3-perl sqlite3 libtimedate-perl \
               libuuid-tiny-perl libxml-simple-perl libquota-perl \
               libarchive-zip-perl libgraphics-magick-perl libmodule-load-perl \
               libfile-copy-link-perl libjson-perl libdatetime-perl \
               libmime-tools-perl libnet-ldap-perl libimage-exiftool-perl \
               liblist-moreutils-perl libcgi-session-perl libwww-csrf-perl \
                libdatetime-format-human-duration-perl
   
   
   cpan install IO::Compress::Brotli
   
   ## only for PostgreSQL users:
   apt install libdbd-pg-perl
   
   ## only for MySQL users:
   apt install libdbd-mysql-perl
   
   ## only for SMB backend users:
   apt install libfilesys-smbclient-perl smbclient krb5-user
   
   ## only for RCS backend users:
   apt install librcs-perl
   
   ## only for AFS users:
   apt install openafs-client krb5-user openafs-krb5 libafs-pag-perl
   
   ## for mod_perl users with Kerberos (SMB, AFS) authentication:
   cpan install Env::C
   
   

3. install additional binaries/packages for a better WebDAV CGI experience:
   • Ghostscript - allows the web interface of WebDAV CGI to generate thumbnails for PDF/PS files (Debian/Ubuntu package: ghostscript)
   • smbclient (only for SMB backend users) - allows the web interface to show quota information (Debian/Ubuntu package: smbclient)
   • kinit (only for SMB and AFS backend users) - allowed you to omit mod_auth_kerberos (Debian/Ubuntu package: krb5-user)
   • libreoffice - allows file conversions

   ## Debian/Ubuntu quick install:
   apt install  ghostscript
   
   ## only for SMB backend users:
   apt install smbclient
   
   ## only for SMB and AFS backend users:
   apt install krb5-user
   
   ## for ODFConverter extension:
   apt install libreoffice
   
   

   ## Gentoo quick install:
   emerge -va app-text/ghostscript-gpl
   
   ## only for SMB backend users:
   emerge -va net-fs/cifs-utils
   
   ## only for SMB and AFS backend users:
   emerge -va app-crypt/heimdal
   

4. install locales

   ## Debian/Ubuntu quick install:
   rm -f /var/lib/locales/supported.d/webdavcgi
   for l in de_DE en_US fr_FR it_IT hu_HU ; do
           fgrep $l /usr/share/i18n/SUPPORTED >> /etc/locale.gen
   done
   locale-gen
   

5. change directory to your preferred installation path, e.g. cd /etc
6. install WebDAV CGI:
   • unzip webdavcgi-latest.zip or tar jxf webdavcgi-latest.tar.gz2 (Gentoo: emerge -va www-apps/webdavcgi)
   • OR clone the Git repo (preferred): git clone https://github.com/DanRohde/webdavcgi.git
7. change directory to the source base (e.g: cd webdavcgi*) and call bash install.sh to compile all wrappers and to fix file permissions
8. configure webdav.pl
9. configure your web server:
   • you can do that with rewrite rules (recommended)
   • or with a handler action (unsupported)
   Examples for Apache 2.x: (you need the Apache rewrite module: a2enmod rewrite) - and don't forget to take a look at the backend specific configuration: AFS, GFS, SMB/CIFS, DBB, or RCS

   ### EXAMPLE 1: a complete (virtual) server root handled by WebDAV CGI:
   ScriptAlias /webdavcgi /etc/webdavcgi/cgi-bin/webdavwrapper
   # ScriptAlias /logout /etc/webdavcgi/cgi-bin/logout
   <Location /webdavcgi>
           AuthType Basic
           AuthName "WebDAV space"
           AuthUserFile /path-to-my-auth-file
           Require valid-user
   </Location>
   RewriteEngine On
   # RewriteRule /logout - [L]
   RewriteRule ^/ /webdavcgi [PT,E=WEBDAVCONF:/etc/webdav.conf,E=PERLLIB:/etc/webdavcgi/lib/perl,L]
       

   
   

   ### EXAMPLE 2: a virtual path /webdav
   ScriptAlias /webdavcgi /etc/webdavcgi/cgi-bin/webdavwrapper
   # ScriptAlias /webdav/logout /etc/webdavcgi/cgi-bin/logout
   <Location /webdavcgi>
           AuthType Basic
           AuthName "WebDAV space"
           AuthUserFile /path-to-my-auth-file
           Require valid-user
   </Location>
   # if you want to map this to a real path, do that:
   # (and setup $VIRTUAL_BASE='/webdav/?' and $DOCUMENT_ROOT in your WebDAV CGI config)
   RewriteEngine On
   # RewriteRule ^/webdav/logout - [L]
   RewriteRule ^/webdav /webdavcgi  [PT,E=WEBDAVCONF:/etc/webdav.conf,E=PERLLIB:/etc/webdavcgi/lib/perl,L]
       

   
   

   ### EXAMPLE 3: a .htaccess file to handle a complete folder with WebDAV CGI:
   ### Prerequisites: /webdavcgi is a script alias 
   ##       (ScriptAlias /webdavcgi /etc/webdavcgi/cgi-bin/webdavwrapper) and
   ###      'AllowOverride AuthConfig FileInfo' is set for the current folder
   RewriteEngine On
   RewriteRule .* /webdavcgi [E=WEBDAVCONF:/etc/webdav.conf,E=PERLLIB:/etc/webdavcgi/lib/perl]
   
   AuthType Basic
   AuthName "A protected WebDAV folder"
   AuthUserFile /path-to-my-auth-file
   Require valid-user
       

Upgrade

Upgrading from 1.1.2 to 1.1.3

• $MIMEFILE default changed to /etc/mime.types

Upgrading from 1.1.1 to 1.1.2

• Brotli compression was added: Perl module IO::Compress::Broli required (cpan install IO::Compress::Brotli)
• The web interface was refactored:
  • folder upload was implemented (by form and D&D) and can be disabled with $ALLOW_FOLDERUPLOAD=0; in webdav.conf
  • $HEADER and $LANGSWITCH defaults were changed
  • menus in toolbar and navigation bar are allowed now
  • the new $ALLOW_PATHINFO (default: 0) enables former enabled path input in toolbar (quick navigation) again
• The new Localizer extension allows an easy translation of the Web interface (locales and help files).
• The new extension MotD is activated by default now and shows /etc/motd as a dialog to the web users of WebDAV CGI.

Upgrading from 1.1.0 to 1.1.1

• Feedback extension was added.
• SaveSettings extension was added.
• Some config variables were added:
  • $OPTIMIZERTMP - contains absolute path for caches: message, CSS, JS (default: /tmp)
  • $READBUFSIZE - contains buffer size for local file reads (default: 65536)

Upgrading from 1.0.0 to 1.1.0

• A new Perl module is required: List::MoreUtils (Debian/Ubuntu: apt-get install liblist-moreutils-perl)
• The new ImageInfo extensions needs the additional Perl module Image::ExifTool
  (Debian/Ubuntu: apt-get install libimage-exiftool-perl, CPAN: perl -MCPAN -e "install Image::ExifTool")
• It's now possible to use AFS in conjunction with mod_perl and without mod_waklog, but it makes it necessary to install a new Perl module: AFS::PAG (Debian: apt-get install libafs-pag-perl or perl -MCPAN -e "install AFS::APG").
• GPXViewer extension was added.
• QuickToggle extension was added.
• VideoJS extension was added.
• A statusbar was added (see settings dialog).
• Hungarian language was added. Don't forget to add the necessary locale hu_HU.UTF-8 UTF-8
• New config variables were added and can be used for an easier upgrade (don't change this variables) if you use it for your @EXTENSIONS list in your webdav.conf, e.g. @EXTENSIONS = (@DEFAULT_EXTENSIONS, @EXTRA_EXTENSIONS);:
  • @DEFAULT_EXTENSIONS - contains a list of useful extensions
  • @AFS_EXTENSIONS - contains a list of AFS backend related extensions
  • @EXTRA_EXTENSIONS - contains a list of special extensions (e.g. GPXViewer, SourceCodeViewer, HexDump, SendByMail)
  • @PUB_EXTENSIONS - contains a list of public URI extensions
  • @DEV_EXTENSIONS - contains a list for WebDAV CGI developers (e.g. PropertiesViewer, SysInfo)

Upgrading from 0.9.0 to 1.0.0

• The database schema has some bugs so it needs a update (please kill all speedy processes before you start with the database schema changes):

  # PostgreSQL:
  ALTER TABLE webdav_locks ALTER COLUMN basefn TYPE varchar(5000);
  ALTER TABLE webdav_locks ALTER COLUMN fn TYPE varchar(5000);
  ALTER TABLE webdav_locks ALTER COLUMN type DROP not null;
  ALTER TABLE webdav_props ALTER COLUMN fn TYPE varchar(5000);
  
  
  # MySQL:
  ALTER TABLE webdav_locks MODIFY basefn varchar(5000) not null;
  ALTER TABLE webdav_locks MODIFY fn varchar(5000) not null;
  ALTER TABLE webdav_locks MODIFY type varchar(255);
  ALTER TABLE webdav_props MODIFY fn varchar(5000) not null;
  
  
  # SQLite:
  DROP INDEX webdav_locks_idx1;
  DROP INDEX webdav_locks_idx2;
  DROP INDEX webdav_locks_idx3;
  DROP INDEX webdav_locks_idx4;
  ALTER TABLE webdav_locks RENAME TO webdav_locks_old;
  DROP INDEX webdav_props_idx1;
  DROP INDEX webdav_props_idx2;
  ALTER TABLE webdav_props RENAME TO webdav_props_old;
  CREATE TABLE webdav_locks (basefn VARCHAR(5000) NOT NULL, fn VARCHAR(5000) NOT NULL, type VARCHAR(255), scope VARCHAR(255), token VARCHAR(255) NOT NULL, depth VARCHAR(255) NOT NULL, timeout VARCHAR(255) NULL, owner TEXT NULL, timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP);
  CREATE TABLE webdav_props (fn VARCHAR(5000) NOT NULL, propname VARCHAR(255) NOT NULL, value TEXT);
  CREATE INDEX webdav_locks_idx1 ON webdav_locks (fn);
  CREATE INDEX webdav_locks_idx2 ON webdav_locks (basefn);
  CREATE INDEX webdav_locks_idx3 ON webdav_locks (fn,basefn);
  CREATE INDEX webdav_locks_idx4 ON webdav_locks (fn,basefn,token);
  CREATE INDEX webdav_props_idx1 ON webdav_props (fn);
  CREATE INDEX webdav_props_idx2 ON webdav_props (fn,propname);
  INSERT INTO webdav_locks SELECT * FROM webdav_locks_old;
  INSERT INTO webdav_props SELECT * FROM webdav_props_old;
  DROP TABLE webdav_locks_old;
  DROP TABLE webdav_props_old;
  
  

• mod_perl is now supported for AFS and SMB backends
• ZIP download and upload moved to new extension Zip. Expand your extension list to activate it @EXTENSIONS = ( 'Zip', ...);
• The AFS Group Manager is an extension now. Add 'AFSGroupManger' to your extensions list to activate it.
• The AFS ACL Manager is an extension now. Add 'AFSACLManager' to your extensions list to use it.
• Search support was moved to a new extension (Search). Expand your extension list to enable search @EXTENSIONS=('Search',...);
• The option '$ALLOW_EDIT' was removed, instead use or not use 'TextEditor' extension: @EXTENSION=('TextEditor',....);
• The option '@EDITABLEFILES' was removed, instead configure 'TextEditor' extension: $EXTENSION_CONFIG{TextEditor}{editablefiles}=\@EDITABLEFILES;
• A lot of new extensions were added (activation: @EXTENSIONS= ('ExtensionName1', 'ExtensionName2', ... );):
  • AFSACLManager - enables AFS ACL management
  • AFSGroupManager - enables AFS Group management
  • Diff - compares two files/folders
  • DiskUsage - shows disk usage for folders
  • Download - adds a download button
  • HexDump - shows a hexdump
  • Highlighter - colorize text and backgrounds of files and folders
  • History - shows a folder history
  • ODFConverter - converts between Open Document file formats and other Office file formats
  • Permissions - manage POSIX file permissions (user,group,others:rwxst)
  • PosixAclManager - allows POSIX ACL changes
  • Redirect - redirects folders to any web page
  • Search - enables file/content search support
  • SendByMail - sends files/folders by e-mail ( Perl module MIME::Entity from MIME tools required; Debian/Ubuntu: apt-get install libmime-tools-perl)
  • SourceCodeViewer - shows syntax highlighted source code
  • TextEditor - allows text file modifications
  • ViewerJS - shows OpenDocument and PDF files
  • Zip - allows ZIP download for files/folders and ZIP upload with decompression

Upgrading from 0.8.6 to 0.9.0

• The classic view and the sidebar view are removed from code base.
  • %UI_ICONS configuration variable is obsolete and was removed
• The complete backend configuration was changed:
  • %FSVLINK=(...); was replaced by $BACKEND_CONFIG{FS}{fsvlink}={...};
  • %SMB=(...); was replaced by $BACKEND_CONFIG{SMB}={...};
  • %RCS=(...); was replaced by $BACKEND_CONFIG{RCS}={...};
  • $GFSQUOTA='...'; was replaced by $BACKEND_CONFIG{GFS}{quota}='...';
  • $AFS_FSCMD='...'; was replaced by $BACKEND_CONFIG{AFS}{fscmd}='...';
  • $AFSQUOTA='...'; was replaced by $BACKEND_CONFIG{AFS}{quota}='...';
  • %DBB=(...); was replaced by $BACKEND_CONFIG{DBB}={...};
• A extension configuration variable was added: %EXTENSION_CONFIG

Upgrading from 0.8.5 to 0.8.6

1. The Simple View:
   • Home button template was changed: data-action="changeuri" was replaced by class="action changeuri" (see The Simple View Documentation)

Upgrading from 0.8.4 to 0.8.5

1. the SVN repository URL has changed: svn switch --relocate https://webdavcgi.svn.sourceforge.net/svnroot/webdavcgi/trunk http://svn.code.sf.net/p/webdavcgi/code/trunk
2. the default view was changed from 'sidebar' to 'simple'
3. new Perl modules are needed:
   • JSON (Ubuntu/Debian package: libjson-perl)
   • DateTime (Ubuntu/Debian package: libdatetime-perl
   • DateTime::Format::Human::Duration (CPAN)
4. SMB backend: the new optional flag 'secure' was added to enable a URL check for allowed servers and shares

Upgrading from 0.8.3 to 0.8.4

1. The new install.sh script does not copy or link webdav.pl and webdavwrapper to your cgi-bin directory. You can add/change ScriptAliases to use webdav.pl or a webdavwrapper from your installation src, e.g.

   ScriptAlias /webdavcgi /etc/webdavcgi/cgi-bin/webdavwrapper
   RewriteRule ^/ /webdavcgi [PT,L,E=WEBDAVCONF:/etc/webdav.conf,E=PERLLIB:/etc/webdavcgi/lib/perl]
   <Location /webdavcgi>
   	AuthType Basic
   	AuthUserFile /etc/apache2/webabusers
   	AuthName "WebDAV space"
   	Require valid-user
   </Location>	
   

2. AFS backend:
   • Speedy support for AFS was added and a mod_auth_kerberos free installation is now possible:
     • a new setuid/setgid wrapper was added: helper/webdavwrapper-afs.c (mod_waklog isn't required if you use webdavwrapper-afs.c)
     • a PAG script was added: cgi-bin/afswrapper
     • visit AFS section for details
   • mod_waklog is no longer required for AFS
3. SMB backend:
   • a wrapper for mod_auth_kerberos free installation was added
   • username/password/workgroup authentication support was added

Upgrading from 0.8.2 to 0.8.3

1. changed @UNSELECTABLE_FOLDERS default to () (relevant for AFS backend users)
2. changed helper/webdavwrapper-smb.c to fix a Kerberos ticket bug (relevant for SMB backend users)

Upgrading from 0.8.1 to 0.8.2

1. see Speedy support section to improve the WebDAV CGI performance

Upgrading from 0.8.0 to 0.8.1

1. %AUTOREFRESH was added for the new auto-refresh feature

Upgrading from 0.7.x to ≥0.8.0

1. a new Perl module is needed: Module::Load (Ubuntu/Debian package: libmodule-load-perl)
2. OSSP::uuid Perl module was replaced by UUID::Tiny (Ubuntu/Debian package: libuuid-tiny-perl)
3. WebDAV CGI comes with some own modules so you need to set a additional Perl library path:
   • add E=PERLLIB:/etc/webdavcgi/lib/perl to your rewrite rule options in the Apache configuration
   • OR add SetEnv PERLLIB /etc/webdavcgi/lib/perl to your Apache configuration (don't forget to activate/install env module, e.g. a2enmod env; /etc/init.d/apache restart)
   • OR change shebang of webdav.pl to #!/usr/bin/perl -I/etc/webdavcgi/lib/perl
4. $IGNOREFILEPERMISSIONS config variable was removed
5. $BACKEND variable was added and is required (allowed values: 'FS', 'AFS', 'GFS', 'SMB', 'DBB')
6. $SHOW_MIME and $SHOW_PERM were removed: use the new options @ALLOWED_TABLE_COLUMNS and @VISIBLE_TABLE_COLUMNS instead
7. %MIMETYPES format was changed: only a single filename suffix is allowed as a key (instead of a space separated list of suffixes); please use $MIMEFILE instead
8. @EXTENSIONS parameter was added: contains a list of extensions
9. $ENABLE_SYSINFO was removed: add 'SysInfo' to the @EXTENSIONS list
10. $ENABLE_PROPERTIES_VIEWER was removed: add 'PropertiesViewer' to the @EXTENSIONS list
11. $ENABLE_SIDEBAR was removed: use @SUPPORTED_VIEWS instead
12. $MAXLASTMODIFIEDSIZE was removed
13. $MAXNAVPATHSIZE was added

Upgrading from ≤0.6.x to ≥0.7.x

1. two new Perl modules are used by WebDAV CGI: IO::Compress::Gzip and IO::Compress::Deflate (both are integrated in most Linux dists)
2. WebDAV CGI is no longer a single file distribution therefore:
   1. unpack the new installation package in your preferred installation path, e.g. cd /etc; unzip webdavcgi-0.7.?.zip
   2. link the path for easier upgrades, e.g. ln -s /etc/webdavcgi-0.7.? /etc/webdavcgi
   3. copy the webdav.pl script to your CGI directory and allow execution, e.g.

      cp /etc/webdavcgi/cgi-bin/webdav.pl /usr/lib/cgi-bin 
      chmod a+x /usr/lib/cgi-bin/webdav.pl 

   4. add the $INSTALL_BASE variable to your existing /etc/webdav.conf, e.g.

      echo "\$INSTALL_BASE='/etc/webdavcgi/';" >> /etc/webdav.conf

   5. check your config file and modules, e.g.

      #> perl -c /etc/webdav.conf
      webdav.conf syntax OK
      
      #> perl -I/etc/webdavcgi/lib/perl -c /usr/lib/cgi-bin/webdav.pl
      webdav.pl syntax OK
      
      #> bash /etc/webdavcgi/checkenv
      +++ Checking perl:
        perl /usr/bin/perl
      ++++ Checking required modules:
        CGI installed
        DBI installed
        POSIX installed
        File::Temp installed
        Date::Parse installed
        UUID::Tiny installed
        XML::Simple installed
        Quota installed
        Archive::Zip installed
        IO::Compress::Gzip installed
        IO::Compress::Deflate installed
        Digest::MD5 installed
        Module::Load installed
      ++++ Checking optional modules:
        DBD::SQLite installed
        DBD::mysql installed
        DBD::Pg installed
      ++++ Checking required modules for FS backend:
        File::Spec::Link installed
      ++++ Checking required modules for AFS backend:
        File::Spec::Link already checked
      ++++ Checking required modules for GFS backend:
        File::Spec::Link already checked
      ++++ Checking required modules for SMB backend:
        Filesys::SmbClient installed
      ++++ Checking required modules for RCS backend:
        Rcs installed
      ++++ Checking optional binaries:
        smbclient /usr/bin/smbclient
      #### Summary:
      All modules found.
      All binaries found. 

3. WebDAV CGI has a new Web interface and some configuration defaults were changed and new options were added. See CHANGELOG in your installation path and take a look into webdav.pl for further information.

WebDAV CGI Setup

1. Create a /etc/webdav.conf with a minimal setup and don't forget to fix file permissions:
   chmod a+r /etc/webdav.conf:

   ## the install base is needed to find webdav-ui.* and locale files 
   ## (don't forget the trailing slash):
   $INSTALL_BASE = '/etc/webdavcgi/';
   
   ## the backend module (supported: FS, AFS, GFS, SMB, DBB, RCS, GIT):
   $BACKEND = 'FS';
   
   ## this is an example if a user starts with home dir (http://mywebdavserver/ -> user home):
   $VIRTUAL_BASE = '/';
   $DOCUMENT_ROOT = '/home/'.$ENV{REMOTE_USER}.'/';
   ## if you use a complex home folder structure, try this:
   # $DOCUMENT_ROOT=(getpwnam($ENV{REMOTE_USER}))[7].'/';
   
   
   $DBI_SRC='dbi:SQLite:dbname=/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
   $DBI_USER='';
   $DBI_PASS=''; 
   $CREATE_DB = !-e '/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
   
   

2. Please take a look at backend specific configuration sections AFS, GFS, SMB/CIFS, DBB, RCS, GIT
3. Set up your database
4. If you need to change other options, take a look at etc/webdav.conf.complete
5. Enable session or form-based authentication if needed.
6. There are a lot of extensions to activate.
7. Don't forget to check the config file syntax: perl -c /etc/webdav.conf
8. configure your Apache web server

Hints

• You can use Apache's 'SetEnv VAR VAL' or 'RewriteRule ... [E=VAR:VAL]' in conjunction with '$ENV{VAR}' in your config to setup WebDAV CGI. This allows you a path based, virtual host based or user based configuration.
• see Performance section for more.

• RedHat/Fedora/CentOS: see https://bugzilla.redhat.com/show_bug.cgi?id=527143#c2
• You can use Image::Magick instead but it makes trouble in conjunction with Speedy:

  sed -i -e 's@Graphics::Magick@Image::Magick@g' \
                  checkenv \
  		lib/perl/WebInterface/Renderer.pm

Database Setup

Common Instructions

1. Install the necessary Perl DBI driver (Debian/Ubuntu package: libdbd-...-perl)
2. Create the database and the schema
3. Configure WebDAV CGI ($DBI_SRC, $DBI_USER, $DBI_PASS)

SQLite 3

• DBI driver for SQLite3: Debian/Ubuntu package: libdbd-sqlite3-perl
• You can use the auto create feature ($CREATE_DB=1;)
• Example config:

  $DBI_SRC='dbi:SQLite:dbname=/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
  $DBI_USER="";
  $DBI_PASS="";
  $CREATE_DB = !-e '/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
  

PostgreSQL

• DBI driver for PostgreSQL: Debian/Ubuntu package: libdbd-pg-perl
• Disable the auto create feature ($CREATE_DB = 0;) and create the database schema with following statements (the database 'webdavcgi' must exists), e.g:

  ## Ubuntu/Debian:
  apt-get install postgresql postgresql-client
  
  su - postgres 
  
  createuser webdavcgi -P
  
  createdb -O webdavcgi webdavcgi 
  
  psql webdavcgi <<EOF
  
  CREATE TABLE webdav_locks (basefn VARCHAR(5000) NOT NULL, fn VARCHAR(5000) NOT NULL, 
  			   type VARCHAR(255), scope VARCHAR(255), 
  			   token VARCHAR(255) NOT NULL, depth VARCHAR(255) NOT NULL, 
  			   timeout VARCHAR(255) NULL, owner TEXT NULL, 
  			   timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP);
  CREATE TABLE webdav_props (fn VARCHAR(5000) NOT NULL, propname VARCHAR(255) NOT NULL, value TEXT);
  CREATE INDEX webdav_locks_idx1 ON webdav_locks (fn);
  CREATE INDEX webdav_locks_idx2 ON webdav_locks (basefn);
  CREATE INDEX webdav_locks_idx3 ON webdav_locks (fn,basefn);
  CREATE INDEX webdav_locks_idx4 ON webdav_locks (fn,basefn,token);
  CREATE INDEX webdav_props_idx1 ON webdav_props (fn);
  CREATE INDEX webdav_props_idx2 ON webdav_props (fn,propname);
  
  
  GRANT ALL ON ALL TABLES IN SCHEMA public TO webdavcgi;
  
  EOF
  
  

• Example config:

  $DBI_SRC='dbi:Pg:dbname=webdavcgi;host=localhost;port=5432';
  $DBI_USER='webdavcgi';
  $DBI_PASS='changeme';
  $CREATE_DB = 0;
  

MySQL

• DBI driver for MySQL: Debian/Ubuntu-Package: libdbd-mysql-perl
• Disable the auto create feature ($CREATE_DB = 0;) and create the database schema with following statements (the database 'webdavcgi' must exists), e.g.:

  mysql -p webdavcgi <<EOF
  
  CREATE TABLE webdav_locks (basefn VARCHAR(5000) NOT NULL, fn VARCHAR(5000) NOT NULL, 
                             type VARCHAR(255), scope VARCHAR(255), 
                             token VARCHAR(255) NOT NULL, depth VARCHAR(255) NOT NULL, 
                             timeout VARCHAR(255) NULL, owner TEXT NULL, 
                             timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP);
  CREATE TABLE webdav_props (fn VARCHAR(255) NOT NULL, propname VARCHAR(255) NOT NULL, value TEXT);
  CREATE INDEX webdav_locks_idx1 ON webdav_locks (fn);
  CREATE INDEX webdav_locks_idx2 ON webdav_locks (basefn);
  CREATE INDEX webdav_locks_idx3 ON webdav_locks (fn,basefn);
  CREATE INDEX webdav_locks_idx4 ON webdav_locks (fn,basefn,token);
  CREATE INDEX webdav_props_idx1 ON webdav_props (fn);
  CREATE INDEX webdav_props_idx2 ON webdav_props (fn,propname);
  
  EOF
  
  

• Example config:

  $DBI_SRC='DBI:mysql:database=webdavcgi;host=localhost;port=3306';
  $DBI_USER='mysqluser';
  $DBI_PASS='changeme';
  $CREATE_DB=0;
  

UID/GID Wrapper

• Your operating system have to know all your WebDAV users. The following command should display a complete passwd entry (replace UID with a account name):

  getent passwd UID
  
  # OR
  
  getent passwd 
  # should display all users
  

  Configure NSSWITCH (/etc/nsswitch.conf) to make your user accounts usable.
• The owner and group must be root: chown root:root cgi-bin/webdavwrapper*
• The webdavwrapper binary needs set-user-ID and the set-group-ID bit to change the user ID and the group ID at runtime. Of course it needs also execute flags.

  chmod ug+s,a+x cgi-bin/webdavwrapper*
  

Folder Sharing / Group Access

1. Add all users to UNIX/Posix group (/etc/groups, a LDAP group, ...) - recommended:
   • create a group, e.g: groupadd GROUP
   • create a folder to share: mkdir SHAREDFOLDER
   • change the group: chgrp GROUP SHAREDFOLDER
   • set set-GID-flag to the folder and make it readable/executable/writeable for the group: chmod g+srwx SHAREDFOLDER
   • set the $UMASK parameter in your WebDAV CGI config file: $UMASK = 0002;
   Attention: You need a single database for all users to share WebDAV locks and properties. If you use a file based database like SQLite you have to use a singe file writable for all users.
2. Use the UID/GID Wrapper to map all users to a common user:
   • create a common user, e.g.:adduser USER
   • create a folder to share: mkdir SHAREDFOLDER
   • change the owner: chown USER SHAREDFOLDER
   • set the WEBDAV_USER environment variable: add E=WEBDAV_USER:USER to your Apache rewrite rule option

1. Create a AFS group and add AFS users to the group.
2. Set lookup, read, write, delete, insert, and lock rights for that group to the shared folder.
3. Don't forget to set lookup rights for the AFS group to all upper folders.

Web interface

How to add a new translation

find /etc/webdavcgi/ -name locale -type d -exec chmod -R a+w {} \;
find /etc/webdavcgi/ -name help -type d -exec chmod -R a+w {} \;

find /etc/webdavcgi/ -name locale -type d -exec chgrp -R mygroup {} \;
find /etc/webdavcgi/ -name help -type d -exec chgrp -R mygroup {} \;
find /etc/webdavcgi/ -name locale -type d -exec chmod -R g+w {} \;
find /etc/webdavcgi/ -name help -type d -exec chmod -R g+w {} \;

How to change CSS styles

• Add a webdav-ui-custom.css to the lib/ directory of the WebDAV CGI installation (recommended). Note: webdav.pl delivers this style file with a cache timeout of one week. You can compress the style sheet to speed up file transfers: (gzip webdav-ui-custom.css). If webdav-ui-custom.css and webdav-ui-custom.css.gz exist then the uncompressed version is delivered.
• Add the following to your WebDAV CGI configuration file:

  $CSS .= <<EOF 
  
  	.filelist { font-size: 0.9em; }
  
  EOF
  ;
  

• Set $CSSURI variable in your WebDAV CGI config, e.g. $CSSURI='http://myserver/mystyle.css';
• Set the $HTMLHEAD variable in your WebDAV CGI config (e.g. $HTMLHEAD='<link .../>'; or $HTMLHEAD='<style>...</style>';)
• see Simple view documentation for more.
• ...

How to add or change icons

• $ICONS{'mymime/type'}='/uripath/to/my/icons/test.gif';
• %ICONS = ( %ICONS, ( 'mymime/type1'=>'/uripath/to/my/icons/test1.gif', 'mymime/type2'=>'/uripath/to/my/icons/test2.gif', ) );

How to customize error messages/documents

Two HTTP status codes are supported for customized error documents: '404 Not Found' and '403 Forbidden'

You have to use '.html' or '.txt' extensions for your error documents to determine a correct MIME type.

1. put your error documents to the $INSTALL_BASE/htdocs folder or wherever you want (should be readable by your users)
2. add following options to your WebDAV CGI configuration file:

   $ERROR_DOCS{'404 Not Found'} = "$INSTALL_BASE/htdocs/404.html";
   $ERROR_DOCS{'403 Forbidden'} = "$INSTALL_BASE/htdocs/403.html";
   

Variable substitution in $HEADER, $SIGNATURE, $LANGSWITCH, and %ICONS

Performance

• Use a fast (local) database.
• Don't use mod_auth_external without auth caching.
• Use load balancing cluster (Attention: use a central, single database for all nodes)
• Disable all features you don't need (take a look at all $ALLOW_... and $ENABLE_... parameters in the WebDAV CGI setup section):
  • $ENABLE_LOCK = 0; - disable WebDAV locking support but it is unsafe in conjunction with shared group folders and some clients make trouble.
  • Web interface:
    • $ENABLE_THUMBNAIL=0; - disables thumbnail support
    • $ENABLE_THUMBNAIL_CACHE=1; - enables the thumbnail cache and reduces CPU usage (only useful if $ENABLE_THUMBNAIL=1;)
    • $ENABLE_THUMBNAIL_PDFPS=0; - disables thumbnails for PDF/PS documents and reduces CPU usage (only useful if $ENABLE_THUMBNAIL=1;
• Compression of HTML, JavaScript, and CSS is enabled by default ($ENABLE_COMPRESSION = 1;) but this option can increase your server load.
• Filter and limit large folders ($FILECOUNTLIMIT, $FILECOUNTPERDIRLIMIT, $FILEFILTERPERDIR)
• Limit folder depth for copy/move operations ($LIMIT_FOLDER_DEPTH)
• Change the bufsize for upload/download operations ($BUFSIZE)
• Since WebDAV CGI v1.0.0 mod_perl is supported for backends without setuid/setgid wrapping (e.g. SMB, AFS)
• disable $CREATE_DB after first WebDAV access (PROPFIND request). If you use a file based database like SQLite you can enable/disable it automatically: $CREATE_DB = !-e <mydatabasefile.db>
• Slow response working with WebDAV resources on Windows Vista or Windows 7: KB2445570
• For AFS backend users:
  • prevent usage of mod_auth_kerberos and mod_waklog
  • replace pagsh with a fast bourne shell (e.g. DASH) in the afswrapper script (cgi-bin/afswrapper)

Security

HTTP Basic Authentication and Brute Force Attacks

1. You can use the session.pl script of WebDAV CGI (see Session or form-based authentication) for your WebDAV access because the session authentication handler of WebDAV CGI has a pure brute force attack detection and prevention (BFAP). There are some options you can set in your webdav-session.conf to modify the behavoir of BFAP. The default setting allows only 3 login attempts within 10 seconds for a account:

   $SESSION{bfap} = {
       # type of BFAP protection for counting login attempts  (0: disabled; 1: by user; 2: by user@IP; 3: by IP):
       # note: if you use NAT or a load balancer the REMOTE_ADDR environment variable is not useable so you should use value "2"
       type => 1,
       # number of allowed login failures before logon will be paused:
       failcount} => 3,
       # time range in seconds before the failcount will be reseted:
       failrange => 10,
       # delay in seconds to be paused after failcount was reached (only effective in session logon screen):
       delay => 10,
       # sleep for some seconds before login attempt (every (successful) logon will be delayed) (0 - disabled)
       sleep => 0,
       # sleep for random seconds before (successul) login attempt (0 - disabled; >0: range of seconds for random routine)
       randomsleep => 0,
       # sleep some seconds after failcount was reached:
       sleeponfail => 3,
   };
   

2. Or you can use a authentication module of your webserver. You should use
   • fail2ban
   • or mod_security (Apache only).

Temporary files and disk/memory space

• cached files for JavaScript, CSS, localization messages
• thumbnails for previes
• upload and download files
• brute force attack prevention(BFAP) files (webdav_bfap_*)