Fixing “Could not open the lock database” Error in Apache WebDAV Setup: Permission and Configuration Guide


2 views

The core error message reveals multiple permission-related issues:

[error] [client 192.168.1.2] Could not open the lock database. [500, #400]
[error] [client 192.168.1.2] (13)Permission denied: Could not open property database. [500, #1]

These errors typically occur when the Apache process lacks proper permissions to access either the lock database file or the target directory.

For a functional WebDAV setup, you need to ensure:

# Set ownership for parent directory and lock file
sudo chown -R apache:apache /var/www/
sudo chmod -R 770 /var/www/DAVLock.db
sudo chmod -R 775 /var/www/dav/majid

The directory structure should look like:

/var/www/
├── dav/
│   └── majid/          # 775 permissions
├── DAVLock.db          # 770 permissions
└── users.db            # User credential file

Here's the recommended Apache configuration with security improvements:

# WebDAV Global Configuration
DAVLockDB "/var/www/DAVLock.db"

# Virtual Host Section
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    <Directory /var/www/dav/majid>
        DAV On
        Options -Indexes +MultiViews
        AuthType Basic
        AuthName "WebDAV Authentication"
        AuthUserFile /var/www/users.db
        Require valid-user
        
        # Enable all WebDAV methods
        <LimitExcept GET POST OPTIONS>
            Require user majid
        </LimitExcept>
    </Directory>

    Alias /majid "/var/www/dav/majid"
</VirtualHost>

If using SELinux (common on CentOS/RHEL), additional context changes are needed:

# Check current context
ls -Z /var/www/DAVLock.db

# Apply proper context
sudo chcon -R -t httpd_sys_rw_content_t /var/www/dav/
sudo chcon -t httpd_sys_rw_content_t /var/www/DAVLock.db

# Alternative: Disable SELinux enforcement temporarily for testing
sudo setenforce 0

The Options +Indexes directive serves two purposes:

  • For browser access: Displays directory listings
  • For WebDAV clients: Enables PROPFIND requests to discover resources

Best practice is to use -Indexes for security and rely on proper WebDAV methods for file discovery.

After making changes, verify with these commands:

# Check Apache configuration
sudo apachectl configtest

# Restart Apache
sudo systemctl restart apache2   # Debian/Ubuntu
sudo systemctl restart httpd     # CentOS/RHEL

# Test WebDAV access via command line
curl -X PROPFIND -u majid:password http://localhost/majid/
  1. Verify Apache user has write access to lock file and content directory
  2. Check for correct SELinux contexts if applicable
  3. Confirm the parent directory (/var/www/) has execute permission
  4. Ensure the lock database path is absolute (not relative)
  5. Test with different WebDAV clients (Windows Explorer, cadaver, Cyberduck)

When setting up Apache WebDAV, the lock database is crucial for maintaining file consistency across clients. The error messages you're seeing typically indicate one of these core issues:

  • Incorrect file permissions for the lock database
  • Missing parent directory permissions
  • SELinux context issues (on RHEL-based systems)
  • Insufficient privileges for the Apache user

The key error in your logs shows:

[error] [client 192.168.1.2] (13)Permission denied: Could not open property database

Let's verify the current permissions and ownership:

# Check current permissions
ls -la /var/www/DAVLock.db
ls -ld /var/www

# Verify Apache user (varies by distro)
ps aux | grep apache

Here's the step-by-step fix for most Linux distributions:

# Create the lock database directory if missing
sudo mkdir -p /var/www/dav_locks

# Set proper ownership (modify according to your Apache user)
sudo chown www-data:www-data /var/www/dav_locks  # Debian/Ubuntu
sudo chown apache:apache /var/www/dav_locks      # RHEL/CentOS

# Set permissions (770 for maximum security)
sudo chmod 770 /var/www/dav_locks

# Update Apache configuration
DAVLockDB /var/www/dav_locks/DAVLock.db

For SELinux systems, you'll need additional steps:

# Check current context
ls -Z /var/www/dav_locks

# Set proper context
sudo chcon -R -t httpd_sys_rw_content_t /var/www/dav_locks
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/dav_locks(/.*)?"
sudo restorecon -Rv /var/www/dav_locks

Regarding your second question about Options +Indexes:

  • For WebDAV clients: Not required. Clients use PROPFIND requests to list contents.
  • For browser access: Required to display directory listings.
  • Security recommendation: Disable Indexes for production WebDAV shares to prevent accidental exposure.

Here's an optimized configuration combining these fixes:

# WebDAV Lock Database
DAVLockDB /var/www/dav_locks/DAVLock.db

# WebDAV Share Configuration
<Directory /var/www/dav/majid>
    DAV On
    AuthType Basic
    AuthName "WebDAV Authentication"
    AuthUserFile /var/www/users.db
    Require valid-user
    
    # Security settings
    Options -Indexes
    AllowOverride None
    
    # Limit allowed methods
    <LimitExcept GET HEAD OPTIONS PROPFIND>
        Require user majid
    </LimitExcept>
</Directory>

Alias /majid /var/www/dav/majid

If issues persist, verify:

  1. Apache error logs after configuration changes
  2. Filesystem permissions all the way up the path
  3. SELinux/AppArmor contexts
  4. Proper restart of Apache (sudo systemctl restart apache2)
  5. Client-side caching issues (try different clients)