User profile for user: Gryphon
Gryphon Author
User level: Level 1
16 points

webDAV Access problems

Hello,

I recently (Two days ago) set up webDAV services, used them, and all was well. Now, though I haven't made any changes to the webDAV configuration, I'm having access problems. I can get the folder to show up on my desktop, and I can copy items to and from the folder, but when I try to copy an item in the webdav folder to a sub-folder, it gives me the following error:

That operation can not be completed because one or more required items cannot be found. (Error code -43)

Also, if I open one of the html files, make some changes, and save it to the webDAV folder, it looks like it's being saved, nor does it give me an error. But the changes aren't actually saved, and I can't open the file again until I unload and reload the webDAV folder.

Here's the message from my error logs when I try to move the items on the webDAV folder:

[Thu Sep 21 06:19:00 2006] [error] [client my.ip.address.here] Could not MOVE/COPY /favicon.ico. [500, #0]
[Thu Sep 21 06:19:00 2006] [error] [client my.ip.address.here] (13)Permission denied: Could not rename resource. [500, #0]
[Thu Sep 21 06:19:03 2006] [error] [client my.ip.address.here] client denied by server configuration: /Library/WebServer/Documents/.DS_Store

I've checked permissions, and they seem to be allowing me read/write access.

Oh, it's running off Tiger Server 10.4.7 on a headless mini.

iMac 1.0 Ghz G4 17 Flat Panel, Mac OS X (10.4.7)

Posted on Sep 21, 2006 4:41 AM

Reply
4 replies
User profile for user: Gryphon
Gryphon Author
User level: Level 1
16 points

Sep 21, 2006 9:09 PM in response to Gryphon

Okay, I think I've tracked the problem down to a permissions problem - but I'm still confused. I go in through the terminal and note that all of the files and folders, and they are all set to owner "gryphon", group "gryphon". However, when I copy a file or folder to the webDAV folder and then check, they are set to owner "www", group "admin". I've checked my realm permissions, and they are set to allow the user "gryphon" to browse and author - the same for group "gryphon". When I log in, I log in as "gryphon".

Very confused. Can anyone help?
Reply
User profile for user: Gryphon
Gryphon Author
User level: Level 1
16 points

Sep 22, 2006 11:12 AM in response to Gryphon

Okay, it turns out it was a permissions problem. I chowned all the appropriate files to www and now there isn't a problem.

I still don't understand why, even though realms were set up to allow user gryphon browse and author access, these didn't seem to apply when using webDAV. But, it works again and that's the important thing.
Reply
User profile for user: Brett_X
Brett_X
User level: Level 2
210 points

Sep 26, 2006 7:59 AM in response to Gryphon

I still don't understand why, even though realms were
set up to allow user gryphon browse and author
access, these didn't seem to apply when using webDAV.
But, it works again and that's the important thing.


I believe the reason is because WebDAV doesn't have control of the files until the group or owner is WWW. From that point, WebDAV uses the OD users/passwords to manage the realm. I'm far from an expert in this, but that's how I understand it.
Reply
User profile for user: Ralph Wahrlich
Ralph Wahrlich
User level: Level 1
9 points

Oct 3, 2006 2:36 PM in response to Brett_X

Here's my understanding of things, based on quite a bit of configuration tweaks and tests over the last few weeks.

The 'browse' and 'author' permissions for WebDAV (the ones controlled in Server Admin -> Web -> Settings -> Sites -> (sitename) -> Realms) don't have anything to do with ownerships or permissions of files/folders created or modified on the filesystem. They are solely for determining what the HTTP client is allowed to do, based on the username that the client authenticates as.

If the client's request is allowed, any filesystem operations then carried out are subject to the user and group (and the umask) which the webserver process is running under. This is completely separate from the WebDAV realms. On the install here, httpd runs with user 'www' and group 'www' (this can be seen in the output from ps). So, when new files are created, they are consequently owned by user 'www' and group 'www'.

If any messages like 'Permission denied' occur in the webserver logs, the very first thing I would check is the ownership and permissions of the files, as viewed in a shell on the webserver itself (this is what Gryphon did when noting that existing files were owned by "gryphon:gryphon", and new files were owned by "www:admin"). If the webserver could not write to the files or directories it needs to, there's every chance this would manifest itself as strange errors like "The file could not be found" on a client mounting the WebDAV folder in a place like Finder.

Background:

I am running the web service on Mac OS X Server, as a staging area for edits to our organisation's live website. I need to allow clients to edit with several editors (Macromedia Dreamweaver, Macromedia Contribute, and NVU). I also use a hodge-podge of in-house software to help manage and post the content. Doing this kind of thing is absolutely guaranteed to provoke a whole host of permissions problems, unless there is a clear understanding of the permissions and authentication requirements of the webserver and the filesystem.

Extra point: permissions of newly created files by the webserver (as opposed to the ownership):

When using Macromedia Contribute to edit a page (via WebDAV), the file would be unwritable by group after it was saved. I would have to then 'chmod g+w' the file every time it was changed, so that my utility scripts could modify the file if they had to (I don't want to run them as user 'www'). This is because of the rollback feature in Contribute, which necessitates the creating of a new file; it wouldn't happen in Dreamweaver, as DW wasn't using rollback). (see http://www.adobe.com/go/tn_19176) Solution: changed the umask of the webserver process (this is done in the startup script which launches httpd - the implementation is left as an exercise to the reader). [Caveat: I would never do this on a webserver exposed to the Internet without throughly researching the security implications arising - and I probably just wouldn't. I only did this because the server is behind our organisation's firewall].

Mac Mini G4 1.25GHz Mac OS X (10.4.7)
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

webDAV Access problems

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up