WEBdav

    • OMV 3.x
    • Hi,

      I have tried to activate a WEBdav share. But I can't login to it! my User ist in the group webdav-users and I gave the user webdav the permission to write in the shared folder (I did this in the terminal, cause the webdav-user is not shown in openmediavault).
      When I try to login it says username/password wrong. If i cancel the Login window the browser(chrome) shows this:

      Source Code

      1. This XML file does not appear to have any style information associated with it. The document tree is shown below.
      2. <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
      3. <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
      4. <s:message>Username or password does not match</s:message>
      5. <s:sabredav-version>1.8.10</s:sabredav-version>
      6. </d:error>
    • currently, it is not working on OMV > 3.013
      workaround for this is

      Shell-Script

      1. cat <<'EOF' > /var/www/webdav/app/WebDAV/Auth/Openmediavault.php
      2. <?php
      3. /**
      4. * Copyright (C) 2015 OpenMediaVault Plugin Developers.
      5. *
      6. * This program is free software: you can redistribute it and/or modify
      7. * it under the terms of the GNU General Public License as published by
      8. * the Free Software Foundation, either version 3 of the License, or
      9. * (at your option) any later version.
      10. *
      11. * This program is distributed in the hope that it will be useful,
      12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      14. * GNU General Public License for more details.
      15. *
      16. * You should have received a copy of the GNU General Public License
      17. * along with this program. If not, see <http://www.gnu.org/licenses/>.
      18. */
      19. namespace OmvExtras\WebDAV\Auth;
      20. use OMV\Rpc\Rpc;
      21. use Sabre\DAV\Auth\Backend\AbstractBasic;
      22. /**
      23. * HTTP Basic authentication backend that integrates with OpenMediaVault.
      24. */
      25. class Openmediavault extends AbstractBasic
      26. {
      27. /**
      28. * Validates a username and password.
      29. *
      30. * @param string $username
      31. * @param string $password
      32. *
      33. * @return bool
      34. */
      35. public function validateUserPass($username, $password)
      36. {
      37. $omvRpcContext = [
      38. 'username' => 'admin',
      39. 'role' => OMV_ROLE_ADMINISTRATOR,
      40. ];
      41. $result = Rpc::call('UserMgmt', 'authUser', [
      42. 'username' => $username,
      43. 'password' => $password,
      44. ], $omvRpcContext, Rpc::MODE_REMOTE);
      45. if (!$result['authenticated']) {
      46. return false;
      47. }
      48. $user = Rpc::call('UserMgmt', 'getUser', [
      49. 'name' => $username,
      50. ], $omvRpcContext, Rpc::MODE_REMOTE);
      51. // Only allow admin or users in the webdav-users group.
      52. if ($username === 'admin' || in_array('webdav-users', $user['groups'])) {
      53. return true;
      54. }
      55. return false;
      56. }
      57. }
      58. EOF
      Display All

      I will submit this patch soon
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details

      The post was edited 1 time, last by luxflow ().

    • luxflow wrote:

      currently, it is not working on OMV > 3.013
      workaround for this is

      Shell-Script

      1. cat <<'EOF' > /var/www/webdav/app/WebDAV/Auth/Openmediavault.php
      2. <?php
      3. /**
      4. * Copyright (C) 2015 OpenMediaVault Plugin Developers.
      5. *
      6. * This program is free software: you can redistribute it and/or modify
      7. * it under the terms of the GNU General Public License as published by
      8. * the Free Software Foundation, either version 3 of the License, or
      9. * (at your option) any later version.
      10. *
      11. * This program is distributed in the hope that it will be useful,
      12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      14. * GNU General Public License for more details.
      15. *
      16. * You should have received a copy of the GNU General Public License
      17. * along with this program. If not, see <http://www.gnu.org/licenses/>.
      18. */
      19. namespace OmvExtras\WebDAV\Auth;
      20. use OMV\Rpc\Rpc;
      21. use Sabre\DAV\Auth\Backend\AbstractBasic;
      22. /**
      23. * HTTP Basic authentication backend that integrates with OpenMediaVault.
      24. */
      25. class Openmediavault extends AbstractBasic
      26. {
      27. /**
      28. * Validates a username and password.
      29. *
      30. * @param string $username
      31. * @param string $password
      32. *
      33. * @return bool
      34. */
      35. public function validateUserPass($username, $password)
      36. {
      37. $omvRpcContext = [
      38. 'username' => 'admin',
      39. 'role' => OMV_ROLE_ADMINISTRATOR,
      40. ];
      41. $result = Rpc::call('UserMgmt', 'authUser', [
      42. 'username' => $username,
      43. 'password' => $password,
      44. ], $omvRpcContext, Rpc::MODE_REMOTE);
      45. if (!$result['authenticated']) {
      46. return false;
      47. }
      48. $user = Rpc::call('UserMgmt', 'getUser', [
      49. 'name' => $username,
      50. ], $omvRpcContext, Rpc::MODE_REMOTE);
      51. // Only allow admin or users in the webdav-users group.
      52. if ($username === 'admin' || in_array('webdav-users', $user['groups'])) {
      53. return true;
      54. }
      55. return false;
      56. }
      57. }
      58. EOF
      Display All
      I will submit this patch soon
      Hi,
      is the problem still alive? i get the same error as described.
      I use:

      Release: 3.0.40
      Codename: Erasmus
    • I updated it in the repo. Some times commit and/or messages from github don't explicitly tell me to put a new version in the repo.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      I updated it in the repo. Some times commit and/or messages from github don't explicitly tell me to put a new version in the repo.

      Thanks! I have a question, what is best way to notify you to put a new version in the repo?
      Forum PM message?
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • Niemand wrote:

      I got a question about Webdav:

      I can only access with the admin-account to it, not with others. But if I want to share Data with other people, I don't want to give my admin password to them. What can I do?


      `Only users that are members of the 'webdav-users' group will be permitted to use WebDAV.`
      `Make sure the user 'webdav' has read and write access to the shared folder.`

      OMV admin page -> User -> create user and select user to give access -> Edit -> Groups -> check 'webdav-users' -> Save

      This plugin has limit
      It cannot give shared folder per user
      All webdav user share have access to same shared folder
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • luxflow wrote:

      This plugin has limit
      It cannot give shared folder per user
      All webdav user share have access to same shared folder
      I don't understand this completely. Here are my questions:
      1. Is this the plugin's only limit over more complete implementations of WebDAV?
      2. When you say "shared folder per user," do you mean it doesn't allow (a) individual users to set up their own folders accessible via WebDAV, (b) owned by the individual user, and (c) shared by the users who have access to the folder?
      3. When you say, "All webdav user share have access to the same shared folder," do you mean there can only be at most one WebDAV folder on the server and anyone who uses WebDAV has +rw access to all the files within it?
      4. Do restrictions on a top-level folder accessible via WebDAV apply to all child folders underneath this parent folder?
      5. Since OMV is based on Debian, would a WebDAV implementation for Debian, and bypassing OMV itself, be a more complete, trouble-free way to implement WebDAV.
    • Swampy wrote:

      Is this the plugin's only limit over more complete implementations of WebDAV?

      When you say "shared folder per user," do you mean it doesn't allow (a) individual users to set up their own folders accessible via WebDAV, (b) owned by the individual user, and (c) shared by the users who have access to the folder?

      When you say, "All webdav user share have access to the same shared folder," do you mean there can only be at most one WebDAV folder on the server and anyone who uses WebDAV has +rw access to all the files within it?

      Do restrictions on a top-level folder accessible via WebDAV apply to all child folders underneath this parent folder?

      Since OMV is based on Debian, would a WebDAV implementation for Debian, and bypassing OMV itself, be a more complete, trouble-free way to implement WebDAV.
      Privileges and permissions explained under OMV
      I recommend to read `Privileges under OMV` section in `Privileges and permissions explained under OMV` that @subzero79 wrote

      So
      openmediavault-webdav plugins dosen't support intergration for OMV Privileges
      that's it

      1. Complete webdav protocol very complex to implement all
      As I know there is no 'complete' public webdav implementation
      This plugin and other webdav relate programs depend on `sabre` which is near complete webdav implementation
      Sabre supports ACL (similar Privileleges in OMV term)
      But this plugin dosen't support ACL currently,
      With some effots (neither easy nor very hard), ACL can be supported

      2. see first link

      3. yes you can set `one` shared folder in openmediavault-webdav plugin
      permission is read & write and you cannot change

      4. child folders in a shared folder can be access in omv-webdav

      5. I know some options, but external package for webdav dosen't have intergration for omv
      (it means that external packages don't know about OMV shared folder and privileges)
      So you have to setup what shared folder and what privileges is(in OMV terms) for individual user
      You have to setup for example `A user have read access to A folder, B user have read & write access to A,B folder`

      One alternative I can think, `Owncloud` and use local external storage
      but owncloud is little heavy program
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • Wow! Thanks Niemand and Luxflow. Now I understand that OMV adds its own file system layer on top of the standard *nix ugo file system. And, if I understand luxflow correctly, the WebDAV plugin bypasses the OMV layer (by using NFS?).

      I only have three comments/questions in response.
      1. Subzero79's document says, "these privileges have absolutely no effect in the core file system layer where they belong (let that be ext3, ext4, xfs, or jfs). Every change you do in privileges section, OMV will not execute a single chmod or a chown over that folder. For general knowledge purposes every share created under OMV webUI is created with default 2775 permission, with a root:users folder ownership." I'm not sure what to make of this. Because the privileges "have absolutely no effect" on the *nix file system, does the part about "default 2775 permission, with a root:users folder ownership" exist solely in the OMV file system space, so that in the underlying *nix the owner could simultaneously be foo, and the group could be bar, with chmod +700? OR, is the part about the default permission and root:users the exception to the earlier rule, so that creating a share in OMV actually does have an effect on the core file system layer, namely creating a directory structure with root as the owner and users as the group, with permissions 2775?
      2. I've used WebDAV on a number of different systems, including among others a Netgear ReadyNAS that I administer myself and a Sakai system on which I am a user. If you're unfamiliar with Sakai, it's an open-source learning management system used at many colleges & universities. As such, it's organized around courses and projects, each of which has a "Resource" storage area. Sakai apparently generates a WebDAV URI for every separate "Resource." IIRC, it actually generates two: one with write permissions and one with only read permissions. Since Sakai is open source, I wonder how hard it would be to take the relevant code from Sakai and modify it for OMV, so that when a share is created it can easily be accessed via WebDAV. Also, I'm not sure of the details, but I don't think this scheme would necessarily require a specific owner and group, unless OMV breaks when it's not using root:users.
      3. Awasu has an article on managing permissions in OMV, including a shell script to fix ownership and permissions. This seems to take care of the native *nix side of the equation, and it would fix things if the WebDAV plugin, NFS, or some other vandal mucks things up. But what about the other side? Suppose a share already has the proper *nix ownership & permissions, and now all one wants to do is to fix the corresponding OMV settings. Are there shell commands that can do this? And if so, would implementing a schedule for running the script, as the article recommends, be all that's necessary to overcome the plugin's bypassing of the OMV file system layer?
    • Swampy wrote:

      a shell script to fix ownership and permissions
      The resetperms plugin does about the same thing and is easier to use.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • @Swampy don't think too much about privileges, is just to give login access. They can control read and write in the software layer (samba and proftpd), but they fail to work if you take the write bit in the posix permission group for example.
      Folders created in the webui have those default permission. You can change them if you want.

      WebDAV controls access by using a group, members of that group will be able to login, nothing special. All files
      Created under WebDAV will have ownership of webdav user.

      There is no magical filesystem layer here provided by Omv is just a simple Linux Debian server with a very good control panel.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Thanks, Ryecoaaron & Subzero79!

      OK. So let's focus solely on functionality. Forgive me because I'm trying to make sure I understand this. Below, where I'm able to piece together information to guess at an answer, I put the guess at the end in square brackets, "[ ]."

      Using the WebDAV plugin is it possible:
      1. For individual users to make one or more of their own folders accessible via WebDAV? [If a user, say Jon, is a member of a group with WebDAV access, the user can log in and then create folders and files. Jon will be the owner. -- But what if the folders/files are created some other way, say by uploading with FTP? Can Jon subsequently make them accessible via WebDAV?]
      2. For the owner of a WebDAV share, Share A, to give a subset of all users (e.g., Group "Stark") rwx access via WebDAV to a folder and its offspring? [The owner, Jon, can accomplish this by setting *nix group to Stark and permission to 770. But see #3 & 4 below]
      3. For the same owner of the same WebDAV share to give another subset (e.g., Group "Lannister") only rx access to the same folders? [The owner, Jon, can accomplish this by setting *nix group to Lannister and permission to 750. But will changing the group this way break #2?]
      4. For the same owner of the same WebDAV share to deny all access to these same folders to a third subset of all users (e.g., Group "Targaryen")? [The owner, Jon, can accomplish this by setting *nix group to Targaryen and permission to 700. But will changing the group this way break #2 & #3?]
      5. To have the same kinds of access or non-access as described in #2-4 for a different WebDAV share, Share B, only this time the group assignments would be different? E.g., Members of Group Stark have complete rwx access to Share A (#2 above) but no access to Share B, while members of Group Targaryen have complete rwx access to Share B but no access to Share A.
      6. To have the same kinds of access or non-access described in #2-4 for a third WebDAV share, Share C, only this time the access applies to different groups, and individual users previously in different groups are now in the same ones, while users previously in the same group are now in different ones? E.g., Rob and Jon are both in the Stark group, Jamie and Cersei are in the Lannister group, and Aemon and Danni are in the Targaryen group. But Aemon and Jon are also in the "Black" group, Danni, Rob, and Cersei are in the "Crowned" group, and Jamie is in the "Handless" group. While still preserving access to Shares A & B, is it possible to give the Black group rwx access, the Crowned group rx access, and the Handless group no access to Share C?
      7. To change access (via group) on the fly. E.g., if membership in a WebDAV group merely allows login access, if Jon logs in as a member of Group Stark, to exercise his rights as a member of Group Black, does he have to logout and login again as a member of Black, or can he simply chgrp after logging in?
      8. To change access without reconfiguring groups. E.g., suppose we realize that Jon should be in both the Stark and Targaryen groups. Do we now have to completely revamp what we did before (e.g., creating a "Stark-Targaryen" group for Jon alone), or is there some other way to assign Jon to both groups and still give him rwx access to Shares A, B, & C?

      The post was edited 5 times, last by Swampy ().