[http] Document root for mapserver

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[http] Document root for mapserver

Vincent Letocart

Good afternoon

After installing Mapserver, the challenge is to get it working.
The following question is related to the usage of mapserver
through the webbrowser. I wonder why MapServer is trying
to find a file at the root of the file system...

When I copy an example file from the tutorial:

     http://biometry.gis.umn.edu/tutorial/example1-1.html

I first want to see if the file is correctly accessed. For instance,
I put the example with name 'tutorial_1.map', and I call mapserver
from the browser:

     http://mysite:8081/cgi-bin/mapserv?map=/tutorial_1.map&layer=states&mode=map

as suggested in the tutorial. In the meantime, I 'strace' the httpd
processes listening on port 8081, and I see in the browser:

          msLoadMap(): Unable to access file. (/tutorial_1.map)

and in my trace:

    [pid 10870] open("/tutorial_1.map", O_RDONLY) = -1 ENOENT (No such file or directory)

So, the mapserver works and accept the filename I give to him (tutorial_1.map),
but despite the definitions from the configuration files like
httpd.conf

        <Directory "$FGS_HOME/www/htdocs">
            Options Indexes FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
        </Directory>

or mapserver.conf

        Alias /ms_tmp/ "/XXXX/mapserver/tmp/ms_tmp/"
        <Directory  "/XXXX/mapserver/tmp/ms_tmp/">
            Options None
            AllowOverride None
            Order allow,deny
            Allow from all
        </Directory>

I do not see why the mapserver process is looking at that place
for the mapfile. Moreover, I consider this as dangerous.
And, at the end, I cannot get result of the map file processing.

Did I miss something in the documentation ??

Thanks for your time

Vincent.

--
Youth doesn't excuse everything.
                -- Dr. Janice Lester (in Kirk's body), "Turnabout Intruder",
                   stardate 5928.5.
_______________________________________________
Foss-gis-suite mailing list
[hidden email]
http://lists.maptools.org/mailman/listinfo/foss-gis-suite
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [http] Document root for mapserver

Jeff McKenna
Hello,

I have a few comments inline below:

Vincent Letocart wrote:

> Good afternoon
>
> After installing Mapserver, the challenge is to get it working.
> The following question is related to the usage of mapserver
> through the webbrowser. I wonder why MapServer is trying
> to find a file at the root of the file system...
>
> When I copy an example file from the tutorial:
>
>      http://biometry.gis.umn.edu/tutorial/example1-1.html

The official MapServer 5.6 tutorial is found at:
http://www.mapserver.org/tutorial/index.html

The tutorial files can be downloaded from:
http://download.osgeo.org/mapserver/docs/mapserver-tutorial.zip

>
> I first want to see if the file is correctly accessed. For instance,
> I put the example with name 'tutorial_1.map', and I call mapserver
> from the browser:
>
>      http://mysite:8081/cgi-bin/mapserv?map=/tutorial_1.map&layer=states&mode=map
>

When you say "put the example", where did you place that mapfile?  With
your answer (such as "/home/jeff/map/"), then in your MapServer URL the
"map=" parameter should point to your mapfile location (such as
"map=/home/jeff/map/tutorial.map&...").

Also, you might find that more people are available on the main
MapServer email list to help you with tutorial questions.

-jeff


--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/


_______________________________________________
Foss-gis-suite mailing list
[hidden email]
http://lists.maptools.org/mailman/listinfo/foss-gis-suite
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [http] Document root for mapserver

Vincent Letocart
In reply to this post by Vincent Letocart

No idea ?

Vincent.

On 16 June 2010, at 13:52:32 (Epoch+1276692752 sec), Vincent Letocart wrote :

>
> Good afternoon
>
> After installing Mapserver, the challenge is to get it working.
> The following question is related to the usage of mapserver
> through the webbrowser. I wonder why MapServer is trying
> to find a file at the root of the file system...
>
> When I copy an example file from the tutorial:
>
>      http://biometry.gis.umn.edu/tutorial/example1-1.html
>
> I first want to see if the file is correctly accessed. For instance,
> I put the example with name 'tutorial_1.map', and I call mapserver
> from the browser:
>
>      http://mysite:8081/cgi-bin/mapserv?map=/tutorial_1.map&layer=states&mode=map
>
> as suggested in the tutorial. In the meantime, I 'strace' the httpd
> processes listening on port 8081, and I see in the browser:
>
>  msLoadMap(): Unable to access file. (/tutorial_1.map)
>
> and in my trace:
>
>     [pid 10870] open("/tutorial_1.map", O_RDONLY) = -1 ENOENT (No such file or directory)
>
> So, the mapserver works and accept the filename I give to him (tutorial_1.map),
> but despite the definitions from the configuration files like
> httpd.conf
>
> <Directory "$FGS_HOME/www/htdocs">
>    Options Indexes FollowSymLinks
>    AllowOverride None
>    Order allow,deny
>    Allow from all
> </Directory>
>
> or mapserver.conf
>
> Alias /ms_tmp/ "/XXXX/mapserver/tmp/ms_tmp/"
> <Directory  "/XXXX/mapserver/tmp/ms_tmp/">
>    Options None
>    AllowOverride None
>    Order allow,deny
>    Allow from all
> </Directory>
>
> I do not see why the mapserver process is looking at that place
> for the mapfile. Moreover, I consider this as dangerous.
> And, at the end, I cannot get result of the map file processing.
>
> Did I miss something in the documentation ??
>
> Thanks for your time
>
> Vincent.
>
> --
> Youth doesn't excuse everything.
> -- Dr. Janice Lester (in Kirk's body), "Turnabout Intruder",
>   stardate 5928.5.

--
There's another way to survive.  Mutual trust -- and help.
                -- Kirk, "Day of the Dove", stardate unknown
_______________________________________________
Foss-gis-suite mailing list
[hidden email]
http://lists.maptools.org/mailman/listinfo/foss-gis-suite
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [http] Document root for mapserver

Frank Warmerdam-2
Vincent Letocart wrote:

>> I first want to see if the file is correctly accessed. For instance,
>> I put the example with name 'tutorial_1.map', and I call mapserver
>> from the browser:
>>
>>      http://mysite:8081/cgi-bin/mapserv?map=/tutorial_1.map&layer=states&mode=map
>>
>> as suggested in the tutorial. In the meantime, I 'strace' the httpd
>> processes listening on port 8081, and I see in the browser:
>>
>>  msLoadMap(): Unable to access file. (/tutorial_1.map)
>>
>> and in my trace:
>>
>>     [pid 10870] open("/tutorial_1.map", O_RDONLY) = -1 ENOENT (No such file or directory)
...
>> I do not see why the mapserver process is looking at that place
>> for the mapfile. Moreover, I consider this as dangerous.
>> And, at the end, I cannot get result of the map file processing.
>>
>> Did I miss something in the documentation ??

Vincent,

The MapServer cgi does not know anything about your apache setup, or it's
document root, so it does not evaluate any paths relative to the document
root.

Furthermore there are good security reasons in many cases to keep your map
file outside the publically accessable document tree.

There are mechanisms to restrict the paths that can be used for map= paths
by mapserver.  I believe by default there is a regex in place that ensures
only filenames ending in .map are acceepted.  This at least makes it difficult
to try and trick mapserver into trying to read and then report errors with
potentially sensitive text from files like /etc/passwd.

Note, this is not particularly an FGS question and you might have gotten
an answer sooner asking it on the mapserver users mailing list.

Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, [hidden email]
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent

_______________________________________________
Foss-gis-suite mailing list
[hidden email]
http://lists.maptools.org/mailman/listinfo/foss-gis-suite
Loading...