Manualshelf

User manual

ManualsBrandsApache Technologies ManualsMusical equipment14
11121314151617181920
Chapter 1 Web Technologies Overview 17
Understanding WebDAV
If you use WebDAV to provide live authoring on your website, you should create realms
and set access privileges for users. Each site you host can be divided into a number of
realms, each with its own set of users and groups that have either browsing or
authoring privileges.
Defining Realms
When you define a realm, which is typically a folder (or directory), the access privileges
you set for the realm apply to all the contents of that directory. If a new realm is
defined for one of the folders within the existing realm, only the new realm privileges
apply to that folder and its contents. For information about creating realms and setting
access privileges, see “Setting Access for Websites on page 43.
Setting WebDAV Privileges
The Apache process running on the server needs to have access to the websites files
and folders. To provide this access, Mac OS X Server installs a user named “www and a
group named “www in the servers Users & Groups List. The Apache processes that
serve webpages run as the www user and as members of the www group. You need to
give the www group read access to files within websites so that the server can transfer
the files to browsers when users connect to the sites. The Apache process runs with
effective user id and group id of www and needs access to the files and directories in
the WebDAV realm, and to the /var/run/davlocks directory.
Understanding WebDAV Security
In Mac OS X Server 10.4, WebDAV lets you use a web server as a file server. Clients use
their browsers from any location, on any type of computer, to access and share files on
the server. See “Using WebDAV” for more information about using WebDAV for file
sharing.
WebDAV also lets users update files in a website while the site is running. When
WebDAV is enabled, the web server must have write access to the files and folders
within the site users are updating.
Both features of WebDAV—providing a file server with browser access and website
updating—have significant security implications when other sites are running on the
server, because individuals responsible for one site may be able to modify other sites.
You can avoid this problem by carefully setting access privileges for the site files using
the Sharing module of the Workgroup Manager application. Mac OS X Server uses a
predefined group www, which contains the Apache processes. You need to give the
www group Read & Write access to files within the website. You also need to assign
these files Read & Write access by the website administrator (Owner) and No Access to
Everyone.