[Mapserver-users] Linux/Apache security wrt shapefiles data

Joe Bussell joe at otsys.com
Wed Aug 27 14:53:51 PDT 2003


RedHat's Apache configuration file is correctly set up so the default is 
to not allow cgi's to exist in user space.  Take a look at:
http://httpd.apache.org/docs/misc/FAQ.html#CGIoutsideScriptAlias

Specific bits:
#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
     AllowOverride FileInfo AuthConfig Limit
     Options MultiViews Indexes FollowSymLinks IncludesNoExec
     <Limit GET POST OPTIONS PROPFIND>
         Order allow,deny
         Allow from all
     </Limit>
     <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
         Order deny,allow
         Deny from all
     </Limit>
</Directory>

# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.
#
<IfModule mod_dir.c>
     DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>

The above snippet is from my dev box which lives inside a firewall.  I 
would not recomend that you do this on ANY machine as security is never 
really perfect.  There are a number of exploits which derived from 
user's cgi access priveleges.  I do not know of any recent unpatched 
problems, but the party line is to not do this.  If you wish to live on 
the edge however...

Cordially,

Joe Bussell
www.trafficdodger.com


Daniel Morissette wrote:
> Did you also make sure that /home/pkishor is at least "r-x" for the 
> apache user?  Every directory in the path that leads to the gisdata 
> directory has to be at least "r-x" for the apache user.
> 
> Daniel
> 
> 
> pkishor_98 wrote:
> 
>> yes. this is related to MapServer ;-).
>>
>> OS: RH9
>> MapServer 4.0 config-ed and setup correctly.
>>
>> I have my shapefiles under "/home/pkishor/gisdata"
>>
>> and the darn Mapserver refuses to open the shapefiles. Error log shows
>> msSHPOpenFile(): Unable to access file. (/home/pkishor/gisdata/bio)
>> ..
>>
>> I move the shapefiles to "/var/www/html/gisdata" and everything works
>> fine.
>>
>> Apache runs as apache:apache, and in both cases I have chown-ed and
>> chgrp-ed the gisdata directory to apache:apache, and also chmod-ed it
>> to 777 for good measure. Why is Mapserver unable to read gisdata
>> stored in my home directory? I am new to Linux/RH9, so be gentle in
>> your pedagoguery ;-).
>>
>> Many thanks,
>>
>> Puneet.
>>
> 
> _______________________________________________
> Mapserver-users mailing list
> Mapserver-users at lists.gis.umn.edu
> http://lists.gis.umn.edu/mailman/listinfo/mapserver-users
> 





More information about the MapServer-users mailing list