[GH-ISSUE #229] webdav auth bug #116

New Issue

zhus · 2026-04-08T16:50:26+03:00

zhus commented

2026-04-08 16:50:26 +03:00

Originally created by @Asmaelh on GitHub (Jun 2, 2023).
Original GitHub issue: https://github.com/sigoden/dufs/issues/229

When connect with webdav login as admin, i see only public folder without write perm.
My config:

dufs -A -a admin:admin@/:rw -a @/public

In webui everything works properly.

Dufs version: 0.34.1
Browser/Webdav Info: WinSCP, X-plore
OS Info: Windows 10, Android 11

Originally created by @Asmaelh on GitHub (Jun 2, 2023). Original GitHub issue: https://github.com/sigoden/dufs/issues/229 When connect with webdav login as admin, i see only public folder without write perm. My config: dufs -A -a admin:admin@/:rw -a @/public In webui everything works properly. - Dufs version: 0.34.1 - Browser/Webdav Info: WinSCP, X-plore - OS Info: Windows 10, Android 11

zhus closed this issue

2026-04-08 16:50:26 +03:00

zhus commented

2026-04-08 16:50:27 +03:00

@sigoden commented on GitHub (Jun 3, 2023):

Some Webdav clients will only bring the Authorization header when encountering a 401 error after setting the user name and password.

This causes even though the user is logged in and therefore only sees the "public" directory.

This part of the Webdav client does not support the account mode of dufs, which is read-only when anonymous and read-write after authentication.

@sigoden commented on GitHub (Jun 3, 2023): Some Webdav clients will only bring the Authorization header when encountering a 401 error after setting the user name and password. This causes even though the user is logged in and therefore only sees the "public" directory. This part of the Webdav client does not support the account mode of dufs, which is read-only when anonymous and read-write after authentication.

zhus commented

2026-04-08 16:50:27 +03:00

@sigoden commented on GitHub (Jun 3, 2023):

This problem has the following solutions:

Force users to log in, the disadvantage is that anonymous users cannot use it
Let go of the directory list, the disadvantage is that anonymous users do not know which directories can be made public, and the first write operation of authenticated users will fail (some clients will fail multiple times)
Display a __access_restricted__ virtual directory, the user clicks to start authentication and display all directories

I don't know which solution is the best, Welcome everyone's suggestions.

@sigoden commented on GitHub (Jun 3, 2023): This problem has the following solutions: 1. Force users to log in, the disadvantage is that anonymous users cannot use it 2. Let go of the directory list, the disadvantage is that anonymous users do not know which directories can be made public, and the first write operation of authenticated users will fail (some clients will fail multiple times) 3. Display a `__access_restricted__` virtual directory, the user clicks to start authentication and display all directories I don't know which solution is the best, Welcome everyone's suggestions.

zhus commented

2026-04-08 16:50:27 +03:00

@Asmaelh commented on GitHub (Jun 4, 2023):

I need authorisation via webdav only for the administrator, users will log in via the web.
the problem here is that even with authorisation, the admin can't see other folders than the public folder and has no rights.
maybe you can advise a webdav client where full access works.

@Asmaelh commented on GitHub (Jun 4, 2023): I need authorisation via webdav only for the administrator, users will log in via the web. the problem here is that even with authorisation, the admin can't see other folders than the public folder and has no rights. maybe you can advise a webdav client where full access works.

zhus referenced this issue

2026-04-08 16:53:05 +03:00

[PR #116] [MERGED] feat: support customize http log format #477

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#116