How to map authenticated Apache users to their own directory?

I am trying to offer our users an Apache WebDav space where they can store their calendar (.ics) files. I've got Dav and LDAP authentication running already. But I fail to jail users to some sub-directories. After all I don't want them to access each other's calendar files.

Example: Let's say user johndoe logs in. Then I'd like to have his "/" path be mapped to /var/www/users/johndoe on disk. So that every user has their own directory.

What I have tried so far:

  1. UserDir /var/www/users/*/

    but it seems like this directory just sets the path for /~johndoe/ requests which is not what I want.

  2. RewriteRule ^/ /users/%{REMOTE_USER} [R]

    Fails. And it's probably just rewriting the path which isn't what I want.

  3. AliasMatch ^/ /var/www/users/%{REMOTE_USER}/

    This should map the path to a directory on disk but the %{REMOTE_USER} does not get expanded.

Is is possible to jail logged in users to some subdirectory? Thanks in advance.


Solution 1:

If you are willing to use a directory prefix instead of "/", you can use something like this:

# Let's setup WebDAV first
<Directory /var/lib/storage>
        Dav On
        Options Indexes
        AllowOverride None
</Directory>
# Now we'll set up the user area mapping
RewriteCond %{REQUEST_URI} ^/storage/
RewriteRule ^/storage/(.*?)$ /var/lib/storage/user/%{LA-U:REMOTE_USER}/$1 [L]

Moreover, the same user directories can be accessed read-only using the /~user/ syntax

# Public area can be accessed as https://server/~user/
RewriteCond %{REQUEST_URI} ^/~
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$
RewriteRule ^/~([^/]+)/?(.*)    /var/lib/storage/user/$1/$2 [L]

YMMV