[mapserver-users] File paths for layer data
Ryan, Adam
ARyan at co.linn.or.us
Thu Apr 11 09:43:41 PDT 2002
Ed McNierney, Stephen Woodbridge, Tyler Mitchell, etc..
Thank you very much for the responses below. Our IT director and I went
'round and 'round with this thing. We're using IIS and apparently there are
a few ways around this problem. We made some changes that allowed me to use
a UNC format and map directly to other servers. We lost a little speed but
avoided duplicating 55 GBs of ortho photos. Folks may want to refer to
Microsoft knowledge base article Q207671 - Accessing Network Files from IIS
Applications.
Thanks again,
Adam Ryan
Linn County GIS
-----Original Message-----
From: Ed McNierney [mailto:ed at topozone.com]
Sent: Monday, April 08, 2002 7:17 AM
To: Stephen Woodbridge; Tyler Mitchell
Cc: Ryan, Adam; mapserver-users at lists.gis.umn.edu
Subject: RE: [mapserver-users] File paths for layer data
Steve et a. -
That's not quite correct. The Web server runs under a user security
context, like everything in Windows 2000. If you're running a Web server
with a site that permits anonymous user access (as most do), your server
will have a LOCAL user account named IUSR_<machinename>; for example, if the
machine is named FOO, then there is a local user account named IUSR_FOO that
is used by the server for anonymous access.
That means that the MapServer CGI runs as if it were run by the logged-in
user IUSR_FOO, and it only has access to things that IUSR_FOO can access.
The default setup is for IUSR_FOO to be created as a local machine account,
NOT a domain account - it's an account that only exists on the Web server
machine. As a result, since it's a local machine account, it has NO ACCESS
to network resources. You have to be a domain user to get those.
Therefore, you won't be able to see any network data files.
You can change the Web server's user account to be a domain user account,
and then you can get access to domain resources. Remember that this is a
two-edged sword. The reason the default account is a local machine account
is to prevent security problems; the default setup only permits access to
the local machine, so the risk from a Web attack is minimized. If you
change that account to a domain account you potentially expose your entire
domain to an attack. There's nothing wrong with that; it just means you are
increasing the benefits and increasing the risk, and you need to manage the
security situation appropriately.
- Ed
Ed McNierney
Chief Mapmaker
TopoZone.com
ed at topozone.com
(978) 251-4242
-----Original Message-----
From: Stephen Woodbridge [mailto:woodbri at swoodbridge.com]
Sent: Friday, April 05, 2002 8:21 PM
To: Tyler Mitchell
Cc: Ryan, Adam; mapserver-users at lists.gis.umn.edu
Subject: Re: [mapserver-users] File paths for layer data
This could be because the web server process does not have access to the
network drives. This could be because of access rights, or it could be
because you are using a mapped drive which only exists for you as a user
after you log in. Since the web server does not log in it does not have
any mapped drives and can only access the local drives.
-Steve W.
Tyler Mitchell wrote:
>
> I've had a similar problem Adam, again using MapServ 3.5 on Windows 2000.
> I couldn't access data on network/shared drives, only locally. It's been
> a while since I tried, but I hope someone else can shed some light on it
> for us. Any takers?
>
>
> "Ryan, Adam"
> <ARyan at co.linn.or.us> To: Tyler
Mitchell <TMitchell at lignum.com>,
> Sent by:
mapserver-users at lists.gis.umn.edu
> owner-mapserver-users at lists.g cc:
> is.umn.edu Fax to:
> Subject: RE:
[mapserver-users] File paths for layer data
>
> 04/05/2002 01:55 PM
>
>
>
> Thanks Tyler.
>
> I'm running MapServer 3.5 on Windows 2000. I'm networked to a handful of
> county servers including the web server that my mapserver files are on.
>
> Adam
>
> -----Original Message-----
> From: Tyler Mitchell [mailto:TMitchell at lignum.com]
> Sent: Friday, April 05, 2002 1:13 PM
> To: mapserver-users at lists.gis.umn.edu
> Cc: aryan at co.linn.or.us
> Subject: Re: [mapserver-users] File paths for layer data
>
> Adam, I had come across similar problems but am not sure if it was only on
> the windows platform or not. What is your "setup" - are you using
windows,
> cygwin, unix and maybe you could tell us what version you are using.
>
> Tyler
>
> "Ryan, Adam"
>
> <ARyan at co.linn.or.us> To:
> mapserver-users at lists.gis.umn.edu
> Sent by: cc:
>
> owner-mapserver-users at lists.g Fax to:
>
> is.umn.edu Subject:
> [mapserver-users] File paths for layer data
>
> 04/05/2002 11:29 AM
>
> > Hi all,
> >
> > I'm new at this and on a steep learning curve but I think I'm in love
> with
> > MapServer. It's so fast and, for the most part, easy to use.
> >
> > One problem: I want to set 'data' for a layer object in my map file to
a
> > file on another drive, url, server, etc. I can't get mapserver to
access
> > any layer files that are outside my server directory. I have images on
> > the htm template file that reference other drives and servers so it
> > doesn't seem to be a rights or permissions problem.
> >
> > Any suggestions?
> >
> > Thanks,
> >
> > Adam Ryan
> > Linn County GIS
> > Oregon
More information about the MapServer-users
mailing list