[Solved] How can I manage user permissions or dedicated folders for differents users ?
Added by willow2406 3 days ago
OS: raspbian (debian 12)
lighttpd/1.4.69 (ssl)
Clients : Cinnamon/nemo, android Cx Explorer
Config : https://paste.lighttpd.net/FD#3jKH627WgIvOWUKz0GDH62tu
I have achieved to run webdav sharing on my raspap/debian12 box, and i'm very happy with it (I'm a newbie with lighttp)
I'd now like user matt to read/write on /media/stoc_serveur/webdav/matt_files/
and my family (and user matt !) to read/write on /media/stoc_serveur/webdav/family/
Is any way to achieve permissions management ?
Or should i define multiple shares based on the URL ?
Or any other solution ?
| lighttpdCONFIG (112 KB) lighttpdCONFIG |
Replies (7)
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by gstrauss 3 days ago
You have configured access control for $HTTP["url"] =~ "^/webdav(?:/|$)". Good. In the auth.require within that block, you can put a match for "/webdav/matt_files" with "require" => "matt" before the "" => ( ... )
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by willow2406 2 days ago
Thank you for your answer ! I try to understand the syntax, but i'm quite lost.. as I said, i'm a newbie here !
would it be something like that ?
@ $HTTP["url"] =~ "^/webdav(?:/|$)" {
# block 2
alias.url = (
"/webdav" => "/media/stoc_serveur/webdav",
)
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/mdpwebdav.shadow"
auth.require = (
"^/webdav/matt_files(?:/|$)" => (
"require" => "matt",
),
"" => (
"method" => "basic",
"realm" => "webdav",
"require" => "valid-user",
),
)
@RE: How can I manage user permissions or dedicated folders for differents users ? - Added by gstrauss 2 days ago
Close. You should include "method" and "realm" in "^/webdav/matt_files(?:/|$)" => ( "require" => "matt", ),
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by willow2406 1 day ago
I did not succeed in matching the url, i was trying with that stuff, but every valid user has access to the 'MAtt_files' folder
$HTTP["url"] =~ "^/webdav(?:/|$)" {
# block 2
alias.url = (
"/webdav" => "/media/stoc_serveur/webdav",
)
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/mdpwebdav.shadow"
auth.require = (
"^MAtt_files(?:/|$)" => (
"method" => "basic",
"realm" => "webdav",
"require" => "matt"
)
"" => (
"method" => "basic",
"realm" => "webdav",
"require" => "valid-user"
)
)
}
So i came up with that ugly solution :
$HTTP["url"] =~ "^/webdav/famille(?:/|$)" {
alias.url = ("/webdav/famille" => "/media/stoc_serveur/webdav/famille")
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable" # (default)
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/mdpwebdav.shadow"
auth.require = (
"" => ( "method" => "basic",
"realm" => "webdav",
"require" => "valid-user" ),
)
}
$HTTP["url"] =~ "^/webdav/MAtt_files(?:/|$)" {
alias.url = ("/webdav/MAtt_files" => "/media/stoc_serveur/webdav/MAtt_files")
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable" # (default)
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/mdpwebdav.shadow"
auth.require = (
"" => ( "method" => "basic",
"realm" => "webdav",
"require" => "user=matt" ),
)
}
It seems to work as i wished, but i can understand this is not optimal.
I'd prefer your solution, though. Any advice ?
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by gstrauss 1 day ago
I'd prefer your solution, though. Any advice ?
Please read my prior post more carefully.
Close. You should include "method" and "realm" in
"^/webdav/matt_files(?:/|$)" => ( "require" => "matt", ),or, if the case-sensitive URL contains uppercase"^/webdav/MAtt_files(?:/|$)"
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by willow2406 about 15 hours ago
I'm sorry if i bother you, I have tried with that :
$HTTP["url"] =~ "^/webdav(?:/|$)" {
# block 2
alias.url = (
"/webdav" => "/media/stoc_serveur/webdav",
)
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/mdpwebdav.shadow"
auth.require = (
"^/webdav/MAtt_files(?:/|$)" => (
"method" => "basic",
"realm" => "webdav",
"require" => "user=matt",
),
"" => (
"method" => "basic",
"realm" => "webdav",
"require" => "valid-user",
),
)
After the modifications, i just restart the lighttpd service :systemctl restart lighttpd.service
The webdav share is working but every valid user has acces to MAtt_files, e.g. dav://loic@serveur2nous.local/webdav/MAtt_files can read/write the folder
However, the solution i posted earlier keeping 2 webdav definitions works, i can go ahead with that.
Thanks for your help, sorry to be such a noob.
RE: How can I manage user permissions or dedicated folders for differents users ? - Added by gstrauss about 14 hours ago
Sorry. auth.require takes strings for prefix match, not regex.
auth.require = (
"/webdav/MAtt_files/" => (
"method" => "basic",
"realm" => "webdav",
"require" => "matt"
)
"" => (
"method" => "basic",
"realm" => "webdav",
"require" => "valid-user"
)
)