[mapserver-users] File paths for layer data

Ed McNierney ed at topozone.com
Mon Apr 8 10:16:46 EDT 2002 

Steve et a. -

That's not quite correct.  The Web server runs under a user security context, like everything in Windows 2000.  If you're running a Web server with a site that permits anonymous user access (as most do), your server will have a LOCAL user account named IUSR_<machinename>; for example, if the machine is named FOO, then there is a local user account named IUSR_FOO that is used by the server for anonymous access.

That means that the MapServer CGI runs as if it were run by the logged-in user IUSR_FOO, and it only has access to things that IUSR_FOO can access.  The default setup is for IUSR_FOO to be created as a local machine account, NOT a domain account - it's an account that only exists on the Web server machine.  As a result, since it's a local machine account, it has NO ACCESS to network resources.  You have to be a domain user to get those.  Therefore, you won't be able to see any network data files.

You can change the Web server's user account to be a domain user account, and then you can get access to domain resources.  Remember that this is a two-edged sword.  The reason the default account is a local machine account is to prevent security problems; the default setup only permits access to the local machine, so the risk from a Web attack is minimized.  If you change that account to a domain account you potentially expose your entire domain to an attack.  There's nothing wrong with that; it just means you are increasing the benefits and increasing the risk, and you need to manage the security situation appropriately.

	- Ed

Ed McNierney
Chief Mapmaker
TopoZone.com
ed at topozone.com
(978) 251-4242


-----Original Message-----
From: Stephen Woodbridge [mailto:woodbri at swoodbridge.com]
Sent: Friday, April 05, 2002 8:21 PM
To: Tyler Mitchell
Cc: Ryan, Adam; mapserver-users at lists.gis.umn.edu
Subject: Re: [mapserver-users] File paths for layer data


This could be because the web server process does not have access to the
network drives. This could be because of access rights, or it could be
because you are using a mapped drive which only exists for you as a user
after you log in. Since the web server does not log in it does not have
any mapped drives and can only access the local drives.

-Steve W.

Tyler Mitchell wrote:
> 
> I've had a similar problem Adam, again using MapServ 3.5 on Windows 2000.
> I couldn't access data on network/shared drives, only locally.   It's been
> a while since I tried, but I hope someone else can shed some light on it
> for us.  Any takers?
> 
> 
>                     "Ryan, Adam"
>                     <ARyan at co.linn.or.us>               To:     Tyler Mitchell <TMitchell at lignum.com>,
>                     Sent by:                             mapserver-users at lists.gis.umn.edu
>                     owner-mapserver-users at lists.g       cc:
>                     is.umn.edu                          Fax to:
>                                                         Subject:     RE: [mapserver-users] File paths for layer data
> 
>                     04/05/2002 01:55 PM
> 
> 
> 
> Thanks Tyler.
> 
> I'm running MapServer 3.5 on Windows 2000.  I'm networked to a handful of
> county servers including the web server that my mapserver files are on.
> 
> Adam
> 
> -----Original Message-----
> From: Tyler Mitchell [mailto:TMitchell at lignum.com]
> Sent: Friday, April 05, 2002 1:13 PM
> To: mapserver-users at lists.gis.umn.edu
> Cc: aryan at co.linn.or.us
> Subject: Re: [mapserver-users] File paths for layer data
> 
> Adam, I had come across similar problems but am not sure if it was only on
> the windows platform or not.  What is your "setup" - are you using windows,
> cygwin, unix and maybe you could tell us what version you are using.
> 
> Tyler
> 
>                     "Ryan, Adam"
> 
>                     <ARyan at co.linn.or.us>               To:
> mapserver-users at lists.gis.umn.edu
>                     Sent by:                            cc:
> 
>                     owner-mapserver-users at lists.g       Fax to:
> 
>                     is.umn.edu                          Subject:
> [mapserver-users] File paths for layer data
> 
>                     04/05/2002 11:29 AM
> 
> > Hi all,
> >
> > I'm new at this and on a steep learning curve but I think I'm in love
> with
> > MapServer.  It's so fast and, for the most part, easy to use.
> >
> > One problem:  I want to set 'data' for a layer object in my map file to a
> > file on another drive, url, server, etc.  I can't get mapserver to access
> > any layer files that are outside my server directory.  I have images on
> > the htm template file that reference other drives and servers so it
> > doesn't seem to be a rights or permissions problem.
> >
> > Any suggestions?
> >
> > Thanks,
> >
> > Adam Ryan
> > Linn County GIS
> > Oregon

More information about the mapserver-users mailing list