PUT configuration for the CERN server

Setting up a CERN server to support the PUT method involves three operations:

• Writing a PUT compliant cgi-script
• Changing the httpd configuration file
• Granting access-rights in the file system

Writing a PUT compliant CGI-script

CGI-scripts that are PUT compliant are basically the same kind of scripts used to handle POST requests, with the addition of extra code to save to a file the data feed to them by a server. As a PUT script actually writes, or overwrites, files on a remote information, the source code of this type of scripts must be carefully reviewed to avoid security and system mishaps.

For more information

• NCSA's home page about CGI-scripts
• CGI Security Tutorial
• A sample PUT script for the CERN server

Changing the httpd configuration file

In order to handle PUT requests, the httpd configuration file must include:

• An Enable PUT directive, which allows the processing of PUT requests by the server
• A PUT-Script directive, which tells the server where to find the PUT script
• One or a set of protection rules which includes a PUT-Mask. Like for a GET-mask, the PUT-mask states who can do a PUT. This is necessary even if you want to grant PUT rights to user anybody
• Associations between URLs and the above protection rules
• A mapping from the URL space to the file system space. The CERN server feeds the PUT client the filename that results from this mapping

For more information

• CERN Server reference manual
• A sample configuration file

Granting access-rights in the file system

If you're running the CERN server in a system which associates access-rights to files, such as Unix, you have to make sure that:

• The CERN server has execute rights over the PUT script
• The PUT script has write rights on the directories where it may write information.

You might we wondering where are user access-rights actually enforced. The answer is that this happens inside the CERN server. Once the server authorizes a request, it just commands the PUT script to write a data file. If you consider it appropriate, you may do some additional access control inside the PUT script. In all cases, make sure the PUT script does not have write access on directories and files which should not be written by it! If you're using Unix, you can easily set this up by having the PUT script run under a specific-assigned user id.