apache
Jonathan Berry
berryja at gmail.com
Tue Mar 1 04:27:13 UTC 2005
On Mon, 28 Feb 2005 14:02:05 -0600, Edwards, Thomas W.
<TWEdwards at cimplify.net> wrote:
>
> Sorry bout the html.
>
> And yes that did the trick, when I added selinux=0 to the grub.conf
> file.
>
> Any clue why that would happen? How would it affect cgi from diff
> directories and not the normal dir?
>
> And I don't recall seeing messages pertaining to selinux in the logs
>
> Just denied access, thought it was permissions.
That's exactly what SELinux does, it keeps scripts that aren't where
they are supposed to be from executing. This is so a hacker can't
stick a script in /tmp/ and run it and do whatever he wants with your
box. If there are certain directories that you want to also put
scripts in, notice the (SELinux) permissions on /var/www/cgi-bin and
change the permissions on the other directories to be the same.
$ ls -Z /var/www/
drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t cgi-bin
I highly recommend looking over at least the SELinux FAQ:
http://fedora.redhat.com/docs/selinux-faq-fc3/ and take a look at "man
chcon"
This should be very familiar to the setting up public_html
directories. Of course, the easiest thing to do is to just put all of
your scripts in /var/www/cgi-bin/ if there is no reason not to.
Jonathan
More information about the fedora-list
mailing list