awstats and selinux

Paul Lemmons paul.lemmons at tmcaz.com
Fri Apr 28 20:43:28 UTC 2006


Eureka! I found it! 

I have been futzing with this problem all day. I installed "awstats" to
start getting better stats on my web server usage. It worked like a
charm on my test box but failed on my production box. After looking too
long in the wrong places I finally found the problem. It is selinux. 

Symptoms were, when I attempted to look at the awstats page, which is a
perl script, I got the following in my Apache error_log:

...(13)Permission denied: exec of
'/usr/local/awstats/wwwroot/cgi-bin/awstats.pl' failed
...Premature end of script headers: awstats.pl

I checked all of the permissions of everything and everything was right.
Finally I found a post that mentioned looking for errors
in /var/log/messages. I look there for other things I don't know I never
thought to look there for this. Anyway, when I looked there I saw:


...kernel: audit(1146243585.213:27): avc:  denied  { execute } for
pid=20973 comm="httpd" name="awstats.pl" dev=dm-0 ino=1082675
scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t
tclass=file


I turned off selinux with the "setenforce 0" command and it started
working. 

Now, the problem here is that I really do not want to run my production
server without selinux turned on and was not able to figure out how to
correct the conflict. Anybody that could offer a pointer in the right
direction will be my new best friend :)




More information about the fedora-list mailing list