At 02:14 PM 2/11/2008 -0500, Joshua Slive wrote:
On Feb 11, 2008 1:38 PM, Bennett Haselton <bennett@xxxxxxxxxxxxx> wrote:> I am trying to run a CGI script that can open /var/log/httpd/access_log for> reading and parse some data from it. (This is on a dedicated machine.) > > The file /var/log/httpd/access_log is owned by root, but that's not the> problem. I have other files owned by root that are in the /var/www/html > directory and CGI scripts can read those with no problem (because they are > world-*readable*, just like /var/log/httpd/access_log is). The problem is> that apparently CGI scripts cannot open any files for reading that are > located outside of /var/www . There is no setting in the default apache install that could impose that restriction. Are you running SELinux perhaps? Have you tried "setenforce 0" to see if the issue goes away?
It does, but unfortunately after the server is rebooted, the effect of doing "setenforce 0" is lost (i.e. setuid scripts no longer run as setuid), and I have to do it again if I want setuid to work again.
Is there any way I can make the effect of "setenforce 0" permanent? I could put it into a startup script or something, but that seems like a hacky solution compared to actually changing the system setting.
-Bennett
bennett@xxxxxxxxxxxxx http://www.peacefire.org
(425) 497 9002
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|