Aaron Adams’s Blowhard Blog

So you’ve enabled WebDAV on your OS X server with the intention to drag-and-drop files and folders to a web site. But there’s a problem. When you drag a folder from your local machine to the WebDAV share, OS X gives you this error:

“The operation cannot be completed because you do not have sufficient privileges for some of the items.”

WTF does that mean? What privileges and what items? (Some specifics would really be a great troubleshooting help here.) You can create new folders and copy files by the dozen, you just can’t drag-and-drop an existing folder. You know that ACL and/or POSIX permissions on the WebDAV server are set correctly. It’s frustrating. What the hell is going on?

The problem lies with OS X’s .DS_Store files. In the HFS+ filesystem, files can have data forks and resource forks. Folders can’t. When a user sets viewing options for a folder, like icon size, OS X writes a hidden file in the folder named .DS_Store to keep track of those customizations. The file really only means anything to the Finder, which reads the file when the folder is opened and hides it when the folder is displayed.

On the other side of the coin is the Apache web server. Apache uses files named .htaccess to store folder- or site-specific information that relates to the web server. For instance, if you want to enable certain PHP or Apache features for a single folder on your web site, you specify those features in .htaccess in that folder. Sometimes that can include security-related data, and making such an .htaccess file viewable on a public server is a bad idea. So Apache’s configuration file, /etc/httpd/httpd.conf, prevents clients from reading and writing .htaccess files.

It also prevents the reading and writing of .DS_Store files. Theoretically, a WebDAV user could upload a malicious .DS_Store file to the server, and when the admin opens the folder containing that malicious .DS_Store file at the server console, Finder could read it and be instructed to do bad things. As far as I know, ther are no .DS_Store exploits out there. However, Apple decided to configure Apache on OS X to reject their creation in the interest of security.

Hence, the cause of our problem. When dragging a local folder to a WebDAV volume, Finder attempts to copy the local .DS_Store files, and Apache immediately says no. The local computer displays a vague error message related to a file the user can’t see, and both users and admins bang their heads on the table trying to figure out what’s wrong.

There are a couple of solutions. The first is to use a freeware or shareware utility to find and delete the .DS_Store files from the folder you’re attempting to copy. Similarly, you can use the Terminal as such:

find . -name .DS_Store -exec rm "{}" ';'

The second option is to change the Apache configuration on the server. Please understand this may have security consequences. As I said, I don’t know of any .DS_Store exploits, and securing a WebDAV volume with a realm seems like it would prevent unknown malicious users from causing trouble by uploading .DS_Store files. Making these changes to Apache is at your own risk. I make no claims of safety and take no responsibility for damages.

Issue the command sudo nano /etc/httpd/httpd.conf to edit your Apache configuration, and find this line:

<Files ~ "^\.([Hh][Tt]|[Dd][Ss]_[Ss])”>

Change it to this;

<Files ~ "^\.([Hh][Tt])”>
## |[Dd][Ss]_[Ss]

We’ve moved one chunk of code out of the fist line and placed it underneath as a comment in case we want to re-add it later. Apache still prohibits the uploading and viewing of .htaccess files, but permits the uploading and viewing of .DS_Store files. Press control-x to exit nano, and say yes to save the changes.

For the change to take effect, you have to restart Apache:

sudo apachectl restart

Please be careful if you use this option.