apache selinx problem
Jay Berryman
jay.berryman at sitel.com
Mon Nov 6 19:08:01 UTC 2006
I would recommend running system-config-securitylevel to see what
SELinux booleans are in place for httpd. Depending on what your script
is actually doing, you may have to make more then one modification.
Jay Berryman, RHCT, RHCE
Systems Engineer
Phone: (402)-963-6347
E-Mail: Jay.Berryman at sitel.com
This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and
confidential. If the reader of the message is not the intended
recipient, or the authorized agent of the intended recipient, you are
hereby notified that any dissemination of this communication is strictly
prohibited. If you have received this communication in error, please
notify SITEL immediately by telephone at 402.963.6001 and delete the
message and any attachments from your system. Thank you for your
cooperation.
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
Sent: Monday, November 06, 2006 12:39 PM
To: General Red Hat Linux discussion list
Subject: Re: apache selinx problem
Jay Berryman wrote:
> What avc error messages do you see in /var/log/messages?
>
Nov 6 13:35:41 doggett kernel: audit(1162838141.073:45): avc: denied
{
execute_no_trans } for pid=17313 comm="httpd" name="aa_geocentric.pl"
dev=hda2
ino=1839292 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file
> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone: (402)-963-6347
> E-Mail: Jay.Berryman at sitel.com
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and
> confidential. If the reader of the message is not the intended
> recipient, or the authorized agent of the intended recipient, you are
> hereby notified that any dissemination of this communication is
strictly
> prohibited. If you have received this communication in error, please
> notify SITEL immediately by telephone at 402.963.6001 and delete the
> message and any attachments from your system. Thank you for your
> cooperation.
>
>
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
> Sent: Monday, November 06, 2006 12:11 PM
> To: General Red Hat Linux discussion list
> Subject: apache selinx problem
>
> I am having a perplexing apache problem, probably caused by incorrect
> permissions on files and/or directories.
>
> I three web servers. One does not run on a server that uses SELinux.
The
> other
> two do. One of them executes scripts just fine. The other does not.
This
> is the
> error I get:
>
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] (13)Permission
> denied:
> exec of '/home/httpd/cgi-bin/aa_geocentric.pl' failed
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] Premature end of
> script
> headers: aa_geocentric.pl
>
>
> The script is located in /home/httpd/cgi-bin. [The same script is
> located on the
> other two servers, and works just fine.] This is what I get when
looking
> at
> permissions.
>
> # ll -Z /home
> drwxr-xr-x apache AA system_u:object_r:httpd_sys_content_t
> httpd
>
> # ll -Z /home/httpd
> drwxrwxr-x apache AA
system_u:object_r:httpd_sys_script_exec_t
> cgi-bin
>
> # ll -Z /home/httpd/aa_geocentric.pl
> -rwxrwxr-x apache AA
system_u:object_r:httpd_sys_script_exec_t
> aa_geocentric.pl
>
> "AA" is my department's user's group.
>
> I can log into the server and run the script from the command line
just
> fine.
>
> Html seems to render just fine. The problem is with cgi scripts. I've
> tried UNIX
> shell scripts, and I get the same problem.
>
> Any ideas what the problem might be?
>
> TIA,
> Bill Tangren
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list