gdwfkd@xxxxxxxxx wrote:
> This is weird. New server. cgi's don't execute outside the normal cgi-bin
> directory. The problem was showing up as problems with a nagios install.
> The nagios front page works, but the status pages, which are all cgi's,
> don't work.
>
> I increased logging to debug in apache and I get:
>
> [Tue Jan 09 14:53:21 2007] [error] [client 10.3.41.164] (13)Permission
> denied: exec of '/usr/lib/nagios/cgi/tac.cgi' f
> ailed, referer: http://some.server.com/nagios/side.html
> [Tue Jan 09 14:53:21 2007] [error] [client 10.3.41.164] Premature end of
> script headers: tac.cgi, referer: http://some.server.com/nagios/side.html
>
> I tried some nagios config things, but then I took a simple hello world CGI,
> verified that it worked in the standard cgi-bin directory, and copied it
> into the script alias directory for nagios and it doesn't work.
>
> Tried script alias directories in a few different partitions just to be
> sure. None of them worked.
>
> Compiled a different version of apache, non-rpm, and installed in another
> directory, and that works,.but don't want to go that route.
>
> Any ideas?
It may be that you have SELinux turned on on your system. This security
'blanket' restricts the location of web-related activities. See whether
it's enabled (/usr/sbin/sestatus -v) , and if your problem vanishes when
it's off, then you either get to work with it's configuration to permit
the alternate location(s) or keep it off.
You can read lots of good starting information at
http://fedora.redhat.com/docs/selinux-faq-fc3/
http://fedora.redhat.com/docs/selinux-faq-fc5/
depending on which core your server is on.
hugh
>
> Some details below:
>
> apache on rhel:
> httpd-2.0.52-25.ent
> Linux some.server.com 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006
> i686 i686 i386 GNU/Linux
>
> Nagios install wasn't working. conf.d/nagios.conf is:
>
> ##########
>
> ScriptAlias /nagios/cgi-bin/ "/usr/lib/nagios/cgi/"
> <Directory "/usr/lib/nagios/cgi/">
> Options ExecCGI
> AllowOverride None
> Order allow,deny
> Allow from all
> AuthName "Nagios Access"
> AuthType Basic
> AuthUserFile /etc/nagios/htpasswd.users
> Require valid-user
> </Directory>
>
> ##########
>
> Relevant cgi entry from the httpd.conf:
>
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>
> #
> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> # CGI directory exists, if you have that configured.
> #
> <Directory "/var/www/cgi-bin">
> AllowOverride None
> Options None
> Order allow,deny
> Allow from all
> </Directory>
>
> ##########
--
Hugh Williams "There are two things to aim for in life;
hugh_williams@xxxxxxxxxxx first, to get what you want; and after that,
Agilent Technologies to enjoy it. Only the wisest of mankind
Santa Rosa 2US-C achieve the second."
707.577.4941 - Logan Pearsall Smith, 1931
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|