# # Access Map for put.perl # # Sorry, but this configuration script is parsed by perl. I didn't # feel like writing my own parser. I can only reinvent so many wheels # in a day. Errors in this file will result in a "500 Internal Server # Error" returned to the PUTting client and an "error # parsing/executing Access Map" being logged to stderr (which usually # appears in the ErrorLog configured for Apache). # The access_map is an array of references to arrays (which is why it # has []s). Don't forget your commas (you'll get a 500 Internal # Server Error if you do). Each array reference should contain at # least 6 elements which are (in order) #@@@ #@@@ #@@@ # REMOTE_USER: the name of an HTTP authenticated entity. You would # add a entry like this to your access.conf for an Apache server. # # # AuthUserFile /etc/httpd/conf/passwd # AuthName put # AuthType Basic # require user thoth # # optionally instead: # # require valid-user # # PREFIX: This is the prefix of the filename part of the URL. # UID: This is a username from /etc/passwd or a numeric uid. The # document will be written as this user. # GID: This is a group name from /etc/group or a numeric gid. The # document will be written as a member of this group. # UMASK: This is a standard UNIX(tm) umask which specifies which file # access permissions to allow or deny. Since umasks are most # conveniently specified as octal numbers, this should usually be # prefixed with the numeral zero. Some common umasks would be: # # 0133: user read/write, group&other read # 0113: user+group read/write, other read # 0333: user+group+other read, noone write (you will be able to create # the document, but not overwrite it). # 0137: user read/write, group read, other none (depending on the # group, the HTTP daemon might not be able to read this document # once it has been uploaded. # HANDLER: this is the name of the perl subroutine that will be used # to handle the document. The handler will be run as the UID and GID # specified above. There is only one handler that comes with put.perl # and it's called "standard". It tries to write the document into the # UNIX filename passed in $_[0] and gives an HTTP error if it fails # (UNIX permissions were insufficient, or directory didn't exist are # common causes. A read error might be possible.). # @ARGS: the arguments are optional and are passed to the handler # after the filename. The "standard" handler does not use these extra # arguments, but I saw no reason to limit hackers. #@@@ #@@@ #@@@ # To determine if a person is authorized to upload this script scans # through the entries in @access_map and takes the first match it can # get. A match is when the REMOTE_USER (as passed in the CGI # environment variable) matches the REMOTE_USER in the @access_map # entry and the SCRIPT_NAME (as passed in the CGI environment # variable) begins with the PREFIX in the @access_map entry. # If this script finds a match, it runs the HANDLER with UID, GID, # and UMASK, passing in the name of the file (CGI's PATH_TRANSLATED) and # the @ARGS. # !!CONTRARIWISE!! (I glossed over some details above and explain here:) # Apache passes the path to this PUT handling script in the # SCRIPT_NAME CGI envariable. This is useless to me, but not # necessarily a misinterpretation of the standard, so I check for the # existence of the non-standard envariable REDIRECT_SCRIPT_URL which # seems to contain the filename part of the PUTted URL that I need. @access_map = ( # [ REMOTE_USER, PREFIX, UID, GID, umask, handler, @args ] # Allow HTTP auth entity thoth to upload documents beginning with # /upload/thoth/. The document will be written by user thoth, group # www and umask 0137 (user read/write, group read). It will use the # standard procedure (I haven't written anything other than the # standard procedure). [ "thoth", "/upload/thoth/", "thoth", "www", 0137, "standard" ], # Allow non-HTTP-authenticated entities to upload documents beginning # with /upload/incoming. Documents will be written by user wwwput (if # it's in /etc/passwd) and group www with umask 0337 (user read, group # read, no write). It will use the standard procedure. If you plan # to use this, I'd recommend putting a quota on user wwwput to prevent # someone from filling up your disk. [ "", "/upload/incoming/", "wwwput", "www", 0337, "standard" ], # !!!BAZOOKA-IN-THE-FOOT!!! The following entry is an example of what NOT # to do. Delete it now. # Allow non-HTTP-authenticated entities to upload documents into any # part of the document tree. Documents will be written by user httpd # and group www with umask 0111 (user+group+other read/write). Since # this is a REALLY BAD IDEA, it will use perl's die (abnormal abort # builtin) operator. If you plan to use this, do your boss a favor # and just kill yourself first. # [ "", "", "httpd", "www", 0111, "die" ], ) ; 1;