wfsctl(8) BSD System Manager's Manual wfsctl(8)
NAME
wfsctl -- WebDAV File Sharing control utility
SYNOPSYS
wfsctl command [arg]
OVERVIEW
The wfsctl utility allows administrators to start, stop, and check the
status of the WebDAV File Sharing service (WFS). It also allows adminis-
trators to create and delete WebDAV share points. It operates by config-
uring the Apache httpd server. The wfsctl command requires root privi-
leges.
COMMANDS
wfsctl provides the following commands:
start Enable the WFS configuration, and either start or
restart Apache to pick it up. If necessary, this
action will create an SSL Identity matching the
machine's host name as determined by the host-
name(1) command, and place it in the System key-
chain. It will also update, if necessary, environ-
ment variable definitions for use by parameteried
httpd config files.
stop Disable the WFS configuration, and restart Apache
if it's already running.
status Display the status of WFS, either "enabled" or
"disabled", whether or not Apache is running.
shares Display existing WebDAV share points.
share path Create a WebDAV share point for the specified file
system path.
unshare path | name Disable WebDAV for the share point at the speci-
fied file system path or share point name, and
delete the share point if no other file sharing
service (AFP or SMB) was enabled on that share
point.
diagnose Display detailed status of Apache and WebDAV-
related processes.
DETAILS
WebDAV File Sharing operates by:
1. Recognizing WebDAV clients when they send OPTIONS or PROPFIND direc-
tives
2. Requiring such clients to provide OD credentials
3. Assigning those authenticated users an HTTP cookie to recognize them
as WebDAV clients
4. Launching an instance of the Apache httpd process on behalf of that
user, configured as a WebDAV server
5. Reverse-proxying HTTP traffic to that user-specific instance of
httpd, so that the WebDAV client (typically an iWork app on iOS) can
access the home directory and share points on the server machine
with privileges of the authenticated user
6. Recognizing share points that are marked as WebDAV share points.
Depending on how Apache is configured, this can coexist with other Apache
web service functions.
NOTE
Note that WebDAV File Sharing requies SSL, and uses Basic authentication,
with credentials that would otherwise be sent in the clear over the net-
work. Also note that it uses Apache modules mod_secure_transport for SSL,
and mod_authn_od_apple for Basic authentication with OpenDirectory cre-
dentials.
CONFIGURABLE SETTINGS
Certain settings are kept in /etc/wfs/wfs.plist and are configurable by
the administrator, including:
ServerName The host name the Apache web server should use,
and also the Common Name of the identity certfi-
cate. If this is not configured, or set to an
empty string, the hostname(1) of the machine is
used.
ServerAddr The IP address the Apache web server should use to
listen for HTTPS requests. Default is "*", which
means all addresses.
ServerPort The TCP port the Apache web server should use to
listen for HTTPS requests. Default is the standard
HTTPS port, 443.
AccessGroup The Open Directory group allowed access to the
WebDAV File Sharing service. The default is
"everyone", which gives access to any authenti-
cated user. Administrators can change this setting
to restrict access further. Note that in any case
authenticated users will have, at most, the privi-
leges they are normally allowed by file system
permissions. There is no provision for guest
access, so unauthenticated users have no access.
SynthesizeSharePointForUserHomeDir
Whether to allow remote WebDAV clients to see
their home diretory as a share point. Default is
True.
The Apache config file for WebDAV File Sharing is parameterized, and the
httpd server is managed by the httpd-wrapper utility, which passes param-
eters to httpd. This is normally transparent, but note that to check the
Apache config file syntax, do not use "apachectl configtest" or "httpd
-t". Instead, use "httpd-wrapper -t".
RETURN VALUES
wfsctl returns a status code of 0 for success. In the event of failure it
returns a non-zero status, and may also dump additional diagnostic infor-
mation.
FILES
/etc/wfs/httpd_webdavsharing.conf
The parameterized Apache config file for the main instance of
httpd
/etc/wfs/httpd_webdavsharing_template.conf
The parameterized Apache config file for the user-specific
instances of httpd
/etc/wfs/httpd_webdavsharing_sharepoints.conf
The Apache config file providing directives specific to each
share point; dynamically generated when ehare points are modified
by wfsctl
/etc/wfs/wfs.plist
The file where admin-configurable settings for WFS are stored.
/etc/apache2/env.plist
The file where environment variables definitions are managed
automatically; these variables are passed to httpd for use in
parameterized config files.
/Library/Logs/WebDAVSharing.log
The main WebDAV File Sharing log file
/etc/apache2/other/httpd_webdavsharing.conf
A symlink seen by Apache when WebDAV File Sharing is enabled.
/var/run/webdavsharing/<username>/
A directory created on the behalf of each authenticated user to
store user-specific WebDAV File Sharing logs.
/usr/share/sandbox/wfs.sb
The parameterized sandbox profile for user-specific httpd
instances.
/etc/wfs/wfs.sb
The dynamically generated portion of the sandbox profile
SEE ALSO
httpd(8) httpd-wrapper(8)
macOS Sept. 20, 2016 macOS
Mac OS X 10.12.6 - Generated Sun Nov 5 18:46:07 CST 2017