Should have said "exported" with noexec instead of mounted to make it more clear. Then it doesn't matter what you do on the client side you will still not be able to run exe files.Since this is not the case maybe the perms of the directories on that path have no exe permissions them self?ICOn Fri, Jan 31, 2020, 10:46 PM Michele Mase' <michele.mase@xxxxxxxxx> wrote:From fstab:
10.10.10.10:/vol/shared /shared nfs defaults,exec,tcp,vers=3,intr,_netdev 0 0
From /proc/mounts
10.10.10.10:/vol/shared /shared nfs rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 0 0
The apache process user can execute scripts under nfs share:
su - www-data -s /bin/bash -c "/shared/www_root/cgi2/test.sh" #workingOn Thu, Jan 30, 2020 at 8:57 PM Igor Cicimov <icicimov@xxxxxxxxx> wrote:On Wed, Jan 29, 2020, 11:35 PM Michele Mase' <michele.mase@xxxxxxxxx> wrote:I'm trying to execute some gci scripts under a certain directory stored under an nfs share without any success; the same configuration is working outside nfs share (i.e. under local filesystem).
What am I missing?
Regards
Michele Masè
Local Working: curl https://www.example.com/cgi2/
Alias /cgi2/ /var/www/html.default/cgi2/
<Directory "/var/www/html.default/cgi2">
AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI
</Directory>
NFS Not Working:
Alias /cgi2/ /shared/www_root/cgi2/
<Directory "/shared/www_root/cgi2/">
AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI
</Directory>
Error_Log:
AH01262: Options ExecCGI is off in this directory: /shared/www_root/cgi2/index.cgi
index.cgi script
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<html>\n<body>\n";
print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
print "CGI Test Page";
print "\n</div>\n";
print "</body>\n</html>\n";apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installedaa-status --verbose
apparmor module is loaded.
8 profiles are loaded.
8 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
man_filter
man_groff
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined./proc/mounts10.10.10.10:/vol/shared /shared nfs rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 0 0su - www-data -s /bin/bash -c "/bin/cat /shared/www_root/cgi2/index.cgi" #working--Michele MasèUsually NFS shares are being mounted without exec permissions for security, you need to make sure that is not the case.
--Michele Masè