At 02:14 PM 2/11/2008 -0500, Joshua Slive wrote:
On Feb 11, 2008 1:38 PM, Bennett Haselton <bennett@xxxxxxxxxxxxx> wrote:> I am trying to run a CGI script that can open /var/log/httpd/access_log for> reading and parse some data from it. (This is on a dedicated machine.) > > The file /var/log/httpd/access_log is owned by root, but that's not the> problem. I have other files owned by root that are in the /var/www/html > directory and CGI scripts can read those with no problem (because they are > world-*readable*, just like /var/log/httpd/access_log is). The problem is> that apparently CGI scripts cannot open any files for reading that are > located outside of /var/www . There is no setting in the default apache install that could impose that restriction. Are you running SELinux perhaps?
Well I'm running the CentOS 4.4 distro, but according to http://en.wikipedia.org/wiki/Selinux , SELinux is not actually a distro, so not mutually exclusive with CentOS. So could this machine be running SELinux? How do I tell? The hosting company set it up for me.
Have you tried "setenforce 0" to see if the issue goes away?
Well, damn. I do believe that fixed it. Thanks!
In general, the most secure way to deal with tasks that are beyond the permissions of your apache child processes is to use "sudo". But I bet your problem is an OS configuration issue. If the file is world-readable, your cgi scripts should be able to read it.
My CGI scripts can read world-readable files when those files are under /var/www, just not when the world-readable files are located anywhere else.
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|