WebDAV file sharing

WebDAV (Web Distributed Authoring and Versioning) offers a network file system over HTTP connection

Server side (apache2)

WebDAV server runs from Apache HTTPD webserver.
By default we use basic authentication scheme (mod_auth_basic) with user/password stored in local file (mod_authn_file).
For security reasons (since password is sent in plain text), we only enable WebDAV server over SSL/TLS connection (https).

Password can be optionally retrieved from SQL database | html

# Enable Apache httpd WebDAV support
sudo a2enmod dav_fs

Create the WebDAV root directory (it must be owned by www-data user):

# DAV data location
sudo mkdir -p /var/www/dav/files
sudo chown www-data:www-data /var/www/dav /var/www/dav/files

Create the password file and protect it:

# Create the WebDAV user/password file
sudo htpasswd -c /var/www/dav/passwd.dav user
# sudo htpasswd /var/www/dav/passwd.dav someone_else

sudo chown root:www-data /var/www/dav/passwd.dav
sudo chmod 640 /var/www/dav/passwd.dav

Configure Apache HTTPD to use WebDAV:

# Enable WebDav section from the SSL/TLS enable website
sudo vi /etc/apache2/sites-available/tognoli.conf
                # mod_dbd configuration
                # DBDriver mysql
                # DBDParams "dbname=apacheauth user=apache password=xxxxxx"

                # WebDAV server
                Alias /dav /var/www/dav/files

                <Directory /var/www/dav/files>
                        Options Indexes MultiViews
                        AllowOverride None
                        Order allow,deny
                        allow from all

                <Location /dav>
                        DAV On
                        AuthType Basic
                        AuthName "Network storage"

                        # AuthBasicProvider socache dbd
                        # AuthnCacheProvideFor dbd
                        # AuthnCacheContext my-server
                        # AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"

                        AuthUserFile /var/www/dav/passwd.dav
                        Require valid-user
# Need to restart server
sudo /etc/init.d/apache2 restart
#sudo /etc/init.d/apache2 force-reload

Davfs links

Davfs does not follow symlinks, so to add an external directory to the share, use Fuse bindfs

sudo bindfs -o map=user/www-data:@group/@www-data ~user/Documents docs

Client side (Linux)

Mount an WebDav share on linux is done with davfs2 package.

# Install DavFS2 support
sudo apt-get install davfs2
# Create mount point
sudo mkdir /media/dav

To allow non root users to invoke mount.davfs (optional):

# SetUID mount.davfs:
sudo dpkg-reconfigure davfs2
> Should unprivileged users be allowed to mount WebDAV resources? Yes

# then, all members of davfs2 group can invoke mount
sudo adduser user davfs2

By default mount command will ask for user/password credentials.
But credential can be stored in a file, either system-wide or per user.

# To enable user-specific credentials support:
sudo vi /etc/davfs2/davfs2.conf
# secrets         ~/.davfs2/secrets
secrets         ~/.davfs2/secrets
# System wide passwords:
sudo vi /etc/davfs2/secrets

# Per-user passwords:
sudo vi ~/.davfs2/secrets
 /etc/davfs2/secrets, ~/.davfs2/secrets
/media/dav <user> <password>
# Must protect secret file:
sudo chown root:root /etc/davfs2/secrets
sudo chmod 600 /etc/davfs2/secrets
# sudo chown user ~/.davfs2/secrets
# sudo chmod 600 ~/.davfs2/secrets

Include server public certificate, to prevent man-in-the-middle attacks.

# to store server certificate (this is the default Apache certificate)
sudo mv ssl-cert-snakeoil.pem /etc/davfs2/certs/
sudo vi /etc/davfs2/davfs2.conf
# trust_server_cert
trust_server_cert ssl-cert-snakeoil.pem

To manually mount a WebDAV share:

# Manual mount:
mount -t davfs -o rw https://www.tognoli.fr/files /media/tognoli.fr

To mount from fstab:

# Mount point configuration
sudo vi /etc/fstab
# Mount WebDAV server:
https://bertrand.tognoli.fr/files /media/dav davfs rw,user,noauto,file_mode=600,dir_mode=700 0 0
# Mount
echo "/media/dav user password" >> ~/.davfs2/secrets
mount /media/dav

Client side (Windows)

Select Map network drive, and map to https://www.tognoli.fr/files

From command line:

net use Z: https://www.tognoli.fr/files /user:bertrand
****** (password)