Mod_dav_acl is an Apache module that implements Access Control Rights as defined in RFC3744.
ACL (meta)info is stored within the extended attributes of the filesystem, with XFS being the most convenient to work with (65k ea limit + nanosecond timestamps enabled by default). In ext3 filesystem, eas can be enabled with the option user_xattr.
Principals are stored into a shared memory segment to allow faster ACL processing. However, some other optimizations would be nice as well.
The configuration directives are as follows:
- AclLockFile: lock filename for shared memory
- AclSharedMemFile: shared memory name
- AclSharedMemSize: max size of shared memory segment, contains principal uris
- AclPrincipals: base URI for principals
- AclPrincipalDir: real absolute directory path for principals
- AclOwnerFullRights: the owner (if exists) has full rights to the resource if no acl is set
- DAVETagResponse: enable strong ETag responses (required by e.g. CalDAV/XCAP)
- DAVACL: enable ACL handling
For principal editings, a simple shell script called principals.sh is included for adding/removing principals (needs some changes before use) based on sending simple http (dav) requests by using libcurl to the server. It does not include adding user identities into the password database (htdigest e.g.), so users (+credentials) must be added separately.
To install, run ./configure && make && make install. You typically also need e.g. autoreconf -i to auto-generate ./configure script.
Once the module is successfully compiled and loaded, tests can be run with make check or by running ./acl_tests. A simple libcurl test client will send some basic tests to a server listening at localhost. You need to create (digest) users: joe, joppe and admin before running the tests (all share the same password == password) unless you modify the scripts, of course. Also, /xxx/principals and /xxx/acltests directories must be created and accessible by apache (in debian www-data user).
An example dav_acl.conf for testing purposes has been provided, including GLOBALS but can, of course, be local as well.
This release includes a _proper_ Apache 2.2.8 patch and some test & test configuration updates.
Version 0.1.4: N/A