apache selinx problem

Bill Tangren bjt at aa.usno.navy.mil
Mon Nov 6 18:38:47 UTC 2006 

Jay Berryman wrote:
> What avc error messages do you see in /var/log/messages?
> 

Nov  6 13:35:41 doggett kernel: audit(1162838141.073:45): avc:  denied  { 
execute_no_trans } for  pid=17313 comm="httpd" name="aa_geocentric.pl" dev=hda2 
ino=1839292 scontext=root:system_r:httpd_t 
tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file


> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone:  (402)-963-6347
> E-Mail:  Jay.Berryman at sitel.com
>  
> 
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and
> confidential. If the reader of the message is not the intended
> recipient, or the authorized agent of the intended recipient, you are
> hereby notified that any dissemination of this communication is strictly
> prohibited. If you have received this communication in error, please
> notify SITEL immediately by telephone at 402.963.6001 and delete the
> message and any attachments from your system. Thank you for your
> cooperation.
> 
>  
>  
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
> Sent: Monday, November 06, 2006 12:11 PM
> To: General Red Hat Linux discussion list
> Subject: apache selinx problem
> 
> I am having a perplexing apache problem, probably caused by incorrect 
> permissions on files and/or directories.
> 
> I three web servers. One does not run on a server that uses SELinux. The
> other 
> two do. One of them executes scripts just fine. The other does not. This
> is the 
> error I get:
> 
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] (13)Permission
> denied: 
> exec of '/home/httpd/cgi-bin/aa_geocentric.pl' failed
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] Premature end of
> script 
> headers: aa_geocentric.pl
> 
> 
> The script is located in /home/httpd/cgi-bin. [The same script is
> located on the 
> other two servers, and works just fine.] This is what I get when looking
> at 
> permissions.
> 
> # ll -Z /home
> drwxr-xr-x  apache   AA       system_u:object_r:httpd_sys_content_t
> httpd
> 
> # ll -Z /home/httpd
> drwxrwxr-x  apache   AA       system_u:object_r:httpd_sys_script_exec_t
> cgi-bin
> 
> # ll -Z /home/httpd/aa_geocentric.pl
> -rwxrwxr-x  apache   AA       system_u:object_r:httpd_sys_script_exec_t 
> aa_geocentric.pl
> 
> "AA" is my department's user's group.
> 
> I can log into the server and run the script from the command line just
> fine.
> 
> Html seems to render just fine. The problem is with cgi scripts. I've
> tried UNIX 
> shell scripts, and I get the same problem.
> 
> Any ideas what the problem might be?
> 
> TIA,
> Bill Tangren
>

More information about the redhat-list mailing list