apache selinx problem
Bill Tangren
bjt at aa.usno.navy.mil
Mon Nov 6 18:38:47 UTC 2006
Jay Berryman wrote:
> What avc error messages do you see in /var/log/messages?
>
Nov 6 13:35:41 doggett kernel: audit(1162838141.073:45): avc: denied {
execute_no_trans } for pid=17313 comm="httpd" name="aa_geocentric.pl" dev=hda2
ino=1839292 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file
> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone: (402)-963-6347
> E-Mail: Jay.Berryman at sitel.com
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and
> confidential. If the reader of the message is not the intended
> recipient, or the authorized agent of the intended recipient, you are
> hereby notified that any dissemination of this communication is strictly
> prohibited. If you have received this communication in error, please
> notify SITEL immediately by telephone at 402.963.6001 and delete the
> message and any attachments from your system. Thank you for your
> cooperation.
>
>
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
> Sent: Monday, November 06, 2006 12:11 PM
> To: General Red Hat Linux discussion list
> Subject: apache selinx problem
>
> I am having a perplexing apache problem, probably caused by incorrect
> permissions on files and/or directories.
>
> I three web servers. One does not run on a server that uses SELinux. The
> other
> two do. One of them executes scripts just fine. The other does not. This
> is the
> error I get:
>
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] (13)Permission
> denied:
> exec of '/home/httpd/cgi-bin/aa_geocentric.pl' failed
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] Premature end of
> script
> headers: aa_geocentric.pl
>
>
> The script is located in /home/httpd/cgi-bin. [The same script is
> located on the
> other two servers, and works just fine.] This is what I get when looking
> at
> permissions.
>
> # ll -Z /home
> drwxr-xr-x apache AA system_u:object_r:httpd_sys_content_t
> httpd
>
> # ll -Z /home/httpd
> drwxrwxr-x apache AA system_u:object_r:httpd_sys_script_exec_t
> cgi-bin
>
> # ll -Z /home/httpd/aa_geocentric.pl
> -rwxrwxr-x apache AA system_u:object_r:httpd_sys_script_exec_t
> aa_geocentric.pl
>
> "AA" is my department's user's group.
>
> I can log into the server and run the script from the command line just
> fine.
>
> Html seems to render just fine. The problem is with cgi scripts. I've
> tried UNIX
> shell scripts, and I get the same problem.
>
> Any ideas what the problem might be?
>
> TIA,
> Bill Tangren
>
More information about the redhat-list
mailing list