WebDAV CGI - Documentation: mod_perl

You can use mod_perl if you don't need special file permissions like AFS, SMB, or DB back-end.

Installation

  1. be sure you use Apache's MPM prefork (Debian/Ubuntu: apt-get install apache2-mpm-prefork)
  2. install mod_perl (Debian/Ubuntu: apt-get install libapache2-mod-perl2)
  3. configure Apache's mod_perl: 
    ScriptAlias /webdavcgi /etc/webdavcgi/cgi-bin/webdav.pl

PerlRequire /etc/webdavcgi/helper/mod_perl_startup.pl

# only for Kerberos auth:
KrbMethodNegotiate off
KrbMethodK5Passwd on
KrbSaveCredentials on
Krb5Keytab /etc/apache.keytab


<Location /webdavcgi>

	# only for Kerberos auth:	
	AuthType Kerberos
	
	AuthName "WebDAV CGI Account"
	# AuthUserFile /etc/apache2/users	
	Require valid-user
	
	SetHandler perl-script
	PerlOptions +SetupEnv
	PerlResponseHandler ModPerl::RegistryPrefork
	Options +ExecCGI

</Location>

RewriteEngine on
RewriteRule ^/ /webdavcgi [PT,L,E=WEBDAVCONF:/etc/webdav.conf,E=AUTHHEADER:%{HTTP:Authorization}]
  4. configure WebDAV CGI for AFS or SMB

AFS

webdav.conf: 
$INSTALL_BASE = '/etc/webdavcgi/';
$BACKEND = 'AFS';

$DOCUMENT_ROOT = '/afs/';
$VIRTUAL_BASE='/';

# simulates mod_auth_kerberos and mod_waklog: kinit; setpag; aklog; ...; unlog;:
# and it makes sense for mod_auth_kerberos and mod_waklog users too:
require Helper::AfsKrb5AuthHelper;
Helper::AfsKrb5AuthHelper->new();


$DBI_SRC='dbi:SQLite:dbname=/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
$DBI_USER='';
$DBI_PASS=''; 
$CREATE_DB = !-e '/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';

$BACKEND_CONFIG{AFS}{quota}='/usr/bin/fs listquota $FS';

@EXTENSIONS = (@DEFAULT_EXTENSIONS,@AFS_EXTENSIONS,@EXTRA_EXTENSIONS);
$EXTENSION_CONFIG{AFSACLManager} = { allow_afsaclchanges =>1 };
$EXTENSION_CONFIG{AFSGroupManager} = { disallow_groupchanges=>0 };

$ALLOW_CHANGEPERM = 0;


$MIMEFILE='/etc/mime.types';

SMB

webdav.conf: 
$INSTALL_BASE = '/etc/webdavcgi/';

require Helper::Krb5AuthHelper;
Helper::Krb5AuthHelper->new();

$DOCUMENT_ROOT = '/';
$VIRTUAL_BASE = '/';

$BACKEND='SMB';

$DBI_SRC='dbi:SQLite:dbname=/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';
$DBI_USER='';
$DBI_PASS=''; 
$CREATE_DB = !-e '/tmp/webdav.'.$ENV{REMOTE_USER}.'.db';

$SHOW_QUOTA = -x '/usr/bin/smbclient';
$ALLOW_CHANGEPERM = 0;
$ALLOW_SYMLINK = 0;

#### SMB backend setup:
### required entries: defaultdomain, domains, fileserver
### optional entries: sharefilter, usersharefilter, shares, sharealiases
$BACKEND_CONFIG{SMB} = {
  defaultdomain => 'MY.EXAMPLE.DOMAIN.ORG',	#required

  ## allow only configured server names and shares (default: 0)
  secure => 1, # optional

  ## a global share filter (filter out admin shares with trailing $):
  sharefilter => [ qr/\$$/, ],  #optional

  usersharefilter => {  #optional
    ## admin has no matching filter so he can see all shares (overwrites sharefilter):
    myadminexample => [ qr/__NEVER_MATCH/, ],
  }, 

  sharesep => '~', #optional - servername-share separator symbol (default: '~')
  ## don't use a separator symbol like '$', '-', '_', '#', '%', '?', '&', '/', '\', or letters/numbers
  ## good alternative separators are '!', ':', '=', '\'', '"', '`', '+', '*', or '@'

  ## enables/disables quota support for all domains and shares:
  quota => 1, # optional

  domains => { #required
    'MY.EXAMPLE.DOMAIN.ORG' => {	#required (multiple domain entries allowed for forests)
      ## a domain based filter (overwrites sharefilter and userfilter above):
      sharefilter => [ qr/\$$/, ],	#optional
      usersharefilter => {		#optional
        ## a domain based user filter (overwrites all sharefilter and global filter):
        myadminexample => [ qr/__NEVER_MATCH/, ], 
      }, 
      fileserver => {			#required
        'mywindowsfileserver1.my.example.domain.org' => {	#required

          ## a fileserver based share filter (overwrites all domain based filter):
          sharefilter => [ qr/\$/, ],	#optional

          usersharefilter => {		#optional
            ## overwrites all sharefilter and domain based filter
            myadminexample => [ qr/__NEVER_MATCH/ ] 
          }, 

          ## disables all filter and (slow) automatic share detection:
          shares => [ 'MyFirstShare', 'MySecondShare', 'MyThirdShare/start/here' ],	#optional
          
          ## enables/disables quota support for given shares:
          quota => { 'MyFirstShare' => 0 }, # optional

	  ## defines a initial directory for a share (don't forget the initial '/'):
	  initdir => { 			#optional
	  	'MyFirstShare' => '/starthere', 
		'MySecondShare'=> '/start/here' 
	  },

          sharealiases => {		#optional
            ## shows 'H: (Home)' instead of 
            ## 'mywindowsfileserver1.my.example.domain.org~MyFirstShare' in the Web interface
            'MyFirstShare' => 'H: (Home)/',
            ## shows 'S: (Scratch)' instead of 
            ## 'mywindowsfileserver1.my.example.domain.org~MySecondShare' in the Web interface
            'MySecondShare' => 'S: (Scratch)/',
	    'MyThirdShare/start/here' => 'T: Temp (/start/here/)',
          },
        },
      },
    },
  },
};
© ZE CMS, Humboldt-Universität zu Berlin | Written 2010-2015 by Daniel Rohde