Re: ExecCGI ignored within nfs share

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 29, 2020, 11:35 PM Michele Mase' <michele.mase@xxxxxxxxx> wrote:
I'm trying to execute some gci scripts under a certain directory stored under an nfs share without any success; the same configuration is working outside nfs share (i.e. under local filesystem).
What am I missing?
Regards
Michele Masè

Local Working: curl https://www.example.com/cgi2/

Alias /cgi2/ /var/www/html.default/cgi2/
<Directory "/var/www/html.default/cgi2">
AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI
</Directory>


NFS Not Working:
Alias /cgi2/ /shared/www_root/cgi2/
<Directory "/shared/www_root/cgi2/">
AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI
</Directory>

Error_Log:
AH01262: Options ExecCGI is off in this directory: /shared/www_root/cgi2/index.cgi

index.cgi script

#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "<html>\n<body>\n";
print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
print "CGI Test Page";
print "\n</div>\n";
print "</body>\n</html>\n";

apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installed

aa-status --verbose
apparmor module is loaded.
8 profiles are loaded.
8 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
   man_filter
   man_groff
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

/proc/mounts
10.10.10.10:/vol/shared /shared nfs rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 0 0

su - www-data -s /bin/bash -c "/bin/cat /shared/www_root/cgi2/index.cgi" #working
--
Michele Masè

Usually NFS shares are being mounted without exec permissions for security, you need to make sure that is not the case.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux