manpagez: man pages & more
man wfsctl(8)
Home | html | info | man

wfsctl(8)                 BSD System Manager's Manual                wfsctl(8)


     wfsctl -- WebDAV File Sharing control utility


     wfsctl command [arg]


     The wfsctl utility allows administrators to start, stop, and check the
     status of the WebDAV File Sharing service (WFS). It also allows adminis-
     trators to create and delete WebDAV share points. It operates by config-
     uring the Apache httpd server.  The wfsctl command requires root privi-


     wfsctl provides the following commands:

     start                  Enable the WFS configuration, and either start or
                            restart Apache to pick it up. If necessary, this
                            action will create an SSL Identity matching the
                            machine's host name as determined by the host-
                            name(1) command, and place it in the System key-
                            chain. It will also update, if necessary, environ-
                            ment variable definitions for use by parameteried
                            httpd config files.

     stop                   Disable the WFS configuration, and restart Apache
                            if it's already running.

     status                 Display the status of WFS, either "enabled" or
                            "disabled", whether or not Apache is running.

     shares                 Display existing WebDAV share points.

     share path             Create a WebDAV share point for the specified file
                            system path.

     unshare path | name    Disable WebDAV for the share point at the speci-
                            fied file system path or share point name, and
                            delete the share point if no other file sharing
                            service (AFP or SMB) was enabled on that share

     diagnose               Display detailed status of Apache and WebDAV-
                            related processes.


     WebDAV File Sharing operates by:

     1.   Recognizing WebDAV clients when they send OPTIONS or PROPFIND direc-

     2.   Requiring such clients to provide OD credentials

     3.   Assigning those authenticated users an HTTP cookie to recognize them
          as WebDAV clients

     4.   Launching an instance of the Apache httpd process on behalf of that
          user, configured as a WebDAV server

     5.   Reverse-proxying HTTP traffic to that user-specific instance of
          httpd, so that the WebDAV client (typically an iWork app on iOS) can
          access the home directory and share points on the server machine
          with privileges of the authenticated user

     6.   Recognizing share points that are marked as WebDAV share points.

     Depending on how Apache is configured, this can coexist with other Apache
     web service functions.


     Note that WebDAV File Sharing requies SSL, and uses Basic authentication,
     with credentials that would otherwise be sent in the clear over the net-
     work. Also note that it uses Apache modules mod_secure_transport for SSL,
     and mod_authn_od_apple for Basic authentication with OpenDirectory cre-


     Certain settings are kept in /etc/wfs/wfs.plist and are configurable by
     the administrator, including:

     ServerName             The host name the Apache web server should use,
                            and also the Common Name of the identity certfi-
                            cate. If this is not configured, or set to an
                            empty string, the hostname(1) of the machine is

     ServerAddr             The IP address the Apache web server should use to
                            listen for HTTPS requests. Default is "*", which
                            means all addresses.

     ServerPort             The TCP port the Apache web server should use to
                            listen for HTTPS requests. Default is the standard
                            HTTPS port, 443.

     AccessGroup            The Open Directory group allowed access to the
                            WebDAV File Sharing service. The default is
                            "everyone", which gives access to any authenti-
                            cated user. Administrators can change this setting
                            to restrict access further. Note that in any case
                            authenticated users will have, at most, the privi-
                            leges they are normally allowed by file system
                            permissions. There is no provision for guest
                            access, so unauthenticated users have no access.

                            Whether to allow remote WebDAV clients to see
                            their home diretory as a share point. Default is

     The Apache config file for WebDAV File Sharing is parameterized, and the
     httpd server is managed by the httpd-wrapper utility, which passes param-
     eters to httpd. This is normally transparent, but note that to check the
     Apache config file syntax, do not use "apachectl configtest" or "httpd
     -t". Instead, use "httpd-wrapper -t".


     wfsctl returns a status code of 0 for success. In the event of failure it
     returns a non-zero status, and may also dump additional diagnostic infor-


             The parameterized Apache config file for the main instance of

             The parameterized Apache config file for the user-specific
             instances of httpd

             The Apache config file providing directives specific to each
             share point; dynamically generated when ehare points are modified
             by wfsctl

             The file where admin-configurable settings for WFS are stored.

             The file where environment variables definitions are managed
             automatically; these variables are passed to httpd for use in
             parameterized config files.

             The main WebDAV File Sharing log file

             A symlink seen by Apache when WebDAV File Sharing is enabled.

             A directory created on the behalf of each authenticated user to
             store user-specific WebDAV File Sharing logs.

             The parameterized sandbox profile for user-specific httpd

             The dynamically generated portion of the sandbox profile


     httpd(8) httpd-wrapper(8)

macOS                           Sept. 20, 2016                           macOS

Mac OS X 10.12.6 - Generated Sun Nov 5 18:46:07 CST 2017
© 2000-2023
Individual documents may contain additional copyright information.